Starter Offer: WordPress Malware Cleanup From $89 Claim on WhatsApp →

Independent WordPress Security Specialist · Dhaka, Bangladesh

About MD Pabel WordPress Malware Removal Expert

Hi, I'm MD Pabel — the person behind every cleanup, every case study, and every email reply on this site. Since July 2018, I've manually cleaned 4,500+ hacked WordPress sites for freelance marketplace clients, agencies, referrals, and direct website owners. mdpabel.com is run entirely by me from Dhaka, Bangladesh — no agency, no team, no white-label reselling.

Quick Answer

Who is MD Pabel?

MD Pabel is a WordPress malware removal expert based in Dhaka, Bangladesh. He is an Information & Communication Technology (ICT) graduate of Comilla University and the sole person behind mdpabel.com — not an agency or reseller. Active in WordPress security since July 2018, he specializes in manual cleanup of Japanese SEO spam, fake CAPTCHA malware, .htaccess redirects, database injections, hidden backdoors, and blacklist recovery.

  • 4,500+ hacked WordPress sites manually cleaned
  • WordPress security specialist since 2018
  • ICT graduate · Comilla University, Bangladesh
  • Sole operator · no agency, no team, no resellers
  • Client work from freelance platforms, agencies, referrals, and direct site owners
  • 550+ LeetCode problems solved · published IoT project

Verifiable credentials at a glance

Some credentials are publicly verifiable through the profiles linked further down this page. Cleanup volume comes from years of client work across freelance platforms, agency referrals, and direct projects.

4,500+

Hacked WordPress sites cleaned

2018

Year I started · 8 years of full-time security work

Worldwide

Remote cleanup help for international WordPress site owners

Freelance + direct

Client work through marketplaces, agencies, referrals, and mdpabel.com

ICT

Graduate · Comilla University, Bangladesh

550+

LeetCode problems solved

The story

From one hacked site in 2018 to 4,500+ cleanups

I started freelancing in July 2018, while still studying ICT at Comilla University. My first paid jobs were small — fixing broken plugin conflicts, helping people install themes, troubleshooting forms. Then a client came with a fully hacked WordPress site. Mobile redirects, Google blacklist, hosting suspension warning, the whole stack. I had no playbook, no Sucuri subscription, and no senior engineer to ask. I opened the files in a code editor and started reading.

That single cleanup taught me something that has shaped every job since: automated scanners report what they recognize, but real malware hides specifically in the gaps they can't see. Once you can read PHP and follow what it does at runtime, the "mystery" of a hacked WordPress site disappears. It becomes pattern recognition.

By 2021 I was specializing almost entirely in compromised sites. Each cleanup made the next one faster. By early 2026, the count crossed 4,500 client cleanups — including selected public cases like one site with 3.45 million spam URLs in Google, another with 242,000 Japanese spam pages indexed, and a homepage defacement involving tens of thousands of infected files. I document selected cases publicly so other people facing similar attacks have a real reference, not only a marketing brochure.

mdpabel.com exists for a specific reason. After years of working through marketplace platforms, the friction of those platforms — the communication delays, the inability to send long forensic reports, the inability for past clients to find me again easily — became the biggest blocker to doing the work well. This site fixes that. It's the direct, no-middleman way to find me, verify the work, and continue working together.

Career timeline

The milestones that shaped this work, in order.

  1. Jul 2018

    First WordPress malware cleanup

    Took on my first hacked-site cleanup through freelance client work while still an ICT student at Comilla University. No security plugin subscription, no senior engineer to ask — just opened the files in a code editor and started reading. That cleanup defined the next eight years of my work.

  2. 2022

    Graduated from Comilla University

    Completed an Information & Communication Technology (ICT) degree from Comilla University, Bangladesh. Final-year research project: a real-time, full-stack IoT-based university bus tracking system, later published on ResearchGate. By this point, freelance malware cleanup had already become the primary work, with the academic foundation supporting it.

  3. Nov 2023

    Expanded to Upwork

    After five years of hacked-site work and thousands of cleanups, joined Upwork to reach a different client base. Started with one-off cleanup jobs and quickly grew to long-term security retainers.

  4. 2024

    Built verified Upwork client history

    Earned strong client trust on Upwork through consistent technical work, completed cleanup jobs, and long-term security support. Marketplace profiles helped many clients verify my work before contacting me directly.

  5. 2026

    4,500+ client cleanups

    Crossed the 4,500-cleanup milestone through years of freelance marketplace work, agency referrals, and direct client projects. Selected high-value cases are documented as forensic case studies or blog posts on mdpabel.com so future clients can review the work and other site owners can understand similar attacks.

How I think about this work

Read the code. Find the entry point. Patch the cause.

Many rushed WordPress malware cleanups rely too heavily on a scanner result and delete only the files that are already flagged. That may work for simple infections, but when a site has obfuscated PHP, fake plugins disguised as core, hidden admin users, or cron-job persistence, the real entry point can remain and the site may get re-infected within days.

My approach is the opposite. I read the code first, treat scanner output as one input among many (alongside server access logs, modified-file timestamps, Search Console signals, and database anomalies), and trace the infection back to the entry point. Only then do I clean — and the cleanup includes patching whatever allowed the attack so the same thing can't happen again next week.

That's slower than a one-click cleanup tool. It's also why re-infection is rare for sites I've worked on, and why most of my clients come from referrals rather than ad spend.

The supporting technical foundation — PHP, JavaScript, server internals, MySQL, hosting platforms — exists specifically to make this work possible. You can't read malware you can't read code in general; you can't trace a server-level redirect without understanding access logs; you can't clean a database injection without knowing what the original query was supposed to look like. Everything connects.

Content philosophy

Why I publish forensic write-ups for free

Selected cleanups become public case studies and blog posts when they reveal a useful malware pattern. Here's the reason.

Trust before purchase

Most people who land on a WordPress malware removal service are in the worst possible state — site down, money lost, panic-Googling from a phone. They have no time to vet a stranger. Public forensic write-ups let them verify the work before sending the first email.

Field references for site owners

Every cleanup I document is something I wish I'd had as a reference back in 2018. If a site owner reads my Japanese keyword hack guide and fixes their own site without hiring me, that's still a win.

Pattern recognition for me

Writing forces clarity. Documenting a malware family — its file paths, obfuscation patterns, persistence tricks — means the next site infected with the same family takes hours instead of days. Public posts also draw emails from other security researchers who extend my notes.

Anti-marketing, basically

I'd rather a potential client read three real case studies and decide on their own than read a sales page making promises I can't substantiate. Browse the case study archive →

My non-negotiables

Working principles that don't bend, regardless of project size, deadline, or budget.

I never use nulled plugins or themes

Free pirated plugins are how 30% of hacked sites I see got infected in the first place. I won't recommend them, install them, or work on a site that's running them without first removing them.

Important cleanup patterns get documented

When a cleanup reveals a useful malware pattern, I turn it into a public blog post or case study. Client-identifying details are anonymized, but the malware behavior, file paths, and forensic process are documented so other site owners can learn from it.

No black-box proprietary scripts

I don't run mystery scanners on client sites. Every command, every script, and every change is something I can explain line by line. If you ask what I did, you'll get a real answer with file paths and reasoning.

Backup restoration is a last resort

Most 'restored from backup' fixes I see were restored from an already-infected backup. I clean live, document the entry point, and only restore from backup when it's verified clean and necessary.

I work alone — and that is a feature

Every cleanup, every email, every Search Console submission is done by me personally. There's no support tier 1 to escalate from, no junior engineer touching production. That's slower than an agency, but accountability is unambiguous.

Honest scoping over upselling

If your problem is a 5-minute fix, I'll tell you it's a 5-minute fix. I'd rather quote a fair price for actual work than win short-term margin and lose the next ten referrals.

Education

Comilla University, Bangladesh

Bachelor's degree in Information & Communication Technology (ICT) from Comilla University, a public university in Bangladesh. The academic foundation for my work in software systems, debugging, and security-oriented problem solving.

Outside formal education: 550+ LeetCode problems solved across data structures, algorithms, and systems design — kept active as ongoing practice rather than interview prep.

Published research

IoT Bus Tracking System

Final-year research project: a real-time, full-stack IoT-based university bus tracking system that solved the practical problem of students at Comilla University never knowing when their bus would arrive. End-to-end build covering hardware, firmware, server, and frontend.

Read on ResearchGate →
Identity verification

Verify me yourself

"MD Pabel" is a common name in Bangladesh. The links below are the only profiles I personally own and update. If a profile claims to be me but isn't listed here, it isn't me.

Past clients: if you worked with me on a freelance marketplace any time between 2018 and now and want to continue working directly, mdpabel.com is the right place. The public profiles, writing style, technical depth, and case studies on this site should help you verify identity.

The technical depth behind every cleanup

Malware removal is the specialty. The stack below is what makes the cleanup actually work — reading obfuscated PHP, de-obfuscating malicious JavaScript, querying infected databases, and tracing attacks through server logs all require this foundation.

WordPress core internals
PHP
JavaScript
TypeScript
Node.js
MySQL / SQL
cPanel / Plesk
Cloudflare
SiteGround
Bluehost
Linux server logs
.htaccess / Nginx
React
Next.js
Astro
Python

Frequently asked questions about MD Pabel

About the person — not the service. For service-related questions (pricing, turnaround, guarantees), see the malware removal service page.

Who is MD Pabel?
MD Pabel is a WordPress malware removal expert based in Dhaka, Bangladesh. He has been manually cleaning hacked WordPress sites since July 2018 and is the sole person behind mdpabel.com — not an agency or white-label reseller. He graduated in Information & Communication Technology (ICT) from Comilla University and specializes in Japanese SEO spam, fake CAPTCHA malware, .htaccess redirects, database injections, hidden backdoors, and blacklist recovery.
How can I verify MD Pabel is a real person?
Cross-reference the verifiable public profiles linked on this page: LinkedIn (linkedin.com/in/mdpabe1), GitHub (github.com/mdpabel), LeetCode (leetcode.com/u/mdpabel — 550+ problems solved), the ResearchGate publication on a university IoT project, and the Facebook business page mdpabelwpsecurity. These profiles help verify identity and technical background.
I worked with MD Pabel on a freelancer marketplace years ago. Is this the same person?
Yes. mdpabel.com is the direct way to continue working with him outside of marketplace platforms. Past clients can verify identity by matching the public profiles, writing style, technical depth in case studies, and any specific cleanup details they remember from previous work.
Where is MD Pabel based?
Dhaka, Bangladesh. Time zone is Bangladesh Standard Time (UTC+6). Most clients are in the US, UK, Europe, and Australia, so emergency cleanups are typically picked up within 1–2 hours of contact regardless of which time zone the client is in.
Is MD Pabel an agency, a team, or one person?
One person. There are no junior engineers, no support tiers, no white-label subcontracting. Every cleanup, every Google Search Console submission, every blog post, and every email reply is done by MD Pabel personally. This is slower than an agency in raw throughput but means responsibility is unambiguous on every job.
Why does MD Pabel publish so many forensic case studies and write-ups?
Two reasons. First, transparency — anyone considering hiring him can read documented cleanups before contacting, instead of relying on marketing pages. Second, education — most WordPress site owners discover their site is hacked at the worst possible moment and need to understand what's happening fast. Public forensic write-ups help them either fix it themselves or hire someone competent.
What is MD Pabel’s educational background?
Bachelor’s degree in Information & Communication Technology (ICT) from Comilla University, Bangladesh. Final-year research focused on a real-time, full-stack IoT-based university bus tracking system, published on ResearchGate. Outside formal education, has solved 550+ LeetCode problems for ongoing algorithmic and systems practice.
Does MD Pabel only work on WordPress?
WordPress malware removal is the primary specialty and the focus of mdpabel.com. The supporting technical foundation — PHP, JavaScript, TypeScript, Node.js, MySQL, server logs, and hosting platforms — exists specifically to make the malware work deeper. WordPress is roughly 95% of the work; the remaining 5% is typically forensic JavaScript analysis, server-level cleanup on non-WordPress hosts, and occasional full-stack development consulting.
How does MD Pabel describe his approach to malware removal?
Read the code, don't trust the scanner. Find the entry point, not just the symptom. Patch the vulnerability that allowed the attack, not just the visible payload. Document everything so the same attack pattern is easier to recognize next time. Treat each site as the client's livelihood, not a ticket number.
Work directly with one specialist

Site hacked, blacklisted, or broken?

Send me your URL and a short description of what you're seeing. I'll respond personally within 1–2 hours with a free diagnosis and a fixed price — no bait-and-switch, no surprise fees.

Manual cleanup only · 30-day reinfection guarantee · One person, direct contact