From Google blacklist to fully recovered in 52 hours

Client · Brightwater Dental GroupIndustry · Dental (3 locations)Location · Tampa, FLYear · 2025
52h
From first call to blacklist removal
9
Backdoors found and removed
0
Reinfections in 14 months since
3
Locations kept booking through recovery

The challenge

Patients started reporting 'Deceptive site ahead' warnings on a Monday morning. A previous cleanup by their host had lasted nine days before the pharma-spam redirects returned, the classic sign of unremoved backdoors.

What was built

  • 01

    Immediate containment: site isolated behind a maintenance page that kept phone numbers and booking links visible, so the practice never went dark.

  • 02

    Manual forensic pass found nine backdoors across fake plugin files, a poisoned cron job and two rogue admin users the scanners had missed.

  • 03

    Traced the entry point to an abandoned slider plugin with a known exploit; removed it and rebuilt the slider natively.

  • 04

    Hardened the stack, WAF, 2FA, file integrity monitoring, staged updates, and submitted Search Console review with full documentation.

The outcome

Google cleared the warning 52 hours after the first call. Fourteen months later the monitoring log shows zero reinfections, and the group moved all three locations onto a maintenance plan, the cheapest insurance they buy.

Our host 'cleaned' it twice and it kept coming back. Humza found nine backdoors, explained each one in English, and it has never come back. Worth every dollar.
Dr. Marisol Etheridge, Practice Owner, Brightwater Dental Group