How an engagement works in writing.
Last updated 2026-05-20
These terms govern any WordPress incident response engagement provided by Unhacked, a service of Korabay Ltd, a corporation incorporated in Ontario, Canada. By purchasing a Rapid Clean or Deep Response engagement, you agree to these terms. If anything here conflicts with what we said in email, what is written here applies.
The service
We provide WordPress incident response on a fixed-fee basis. That covers:
- Reviewing the symptoms and environment you describe
- Investigating WordPress core, plugins, themes, mu-plugins, uploads, the database, scheduled tasks, and user accounts for indicators of compromise
- Removing malicious code, rogue accounts, and persistence mechanisms we identify
- Verifying the site is functioning normally after cleanup
- Delivering a written remediation report
Service tiers
Rapid Clean ($1,997 USD) covers one WordPress site and one compromise event. Target turnaround is five business days from the start of the engagement. Paid in full at checkout.
Deep Response ($4,997 USD) covers persistent, reinfected, or multi-site compromises. Target turnaround is ten business days. Paid as a 50% deposit ($2,498.50) to begin, with the balance ($2,498.50) invoiced on report delivery. Failure to pay the balance within 14 days of report delivery may result in suspension of warranty obligations and referral to collection.
Payment processing
Payments for Unhacked engagements are processed through Stripe. The merchant of record for payment processing is FXPur OÜ, an Estonian entity under common ownership with Korabay Ltd. Receipts, refunds, and bank statement descriptors reflect the processing entity. The contracting party for the engagement, and the party responsible for delivery of the service under these terms, remains Korabay Ltd.
What is not included
The following are outside the scope of a standard engagement and, where applicable, will be scoped and quoted separately:
- Full site rebuilds or redesigns
- Theme or plugin modernization beyond what is required to close the compromise
- Hosting migration
- Ongoing security monitoring or managed WordPress services
- DDoS mitigation
- Legal advice, regulatory filings, or breach notification preparation
- Recovery of data the attacker destroyed or which was never backed up
30-day re-clean warranty
If the same compromise resurfaces on the same site within 30 days of the report delivery, we will clean it again at no additional cost. The warranty covers reinfection through the same vector. It does not cover:
- New, unrelated compromises
- Compromises introduced after the engagement by changes you or a third party made (new plugins, theme edits, credential sharing, FTP exposure)
- Sites where you declined to apply the security updates or hardening steps we documented as required
No-findings refund
If we complete the investigation within the agreed scope and find no indicators of compromise on the site, the engagement qualifies for a full refund of the fees paid.
A "finding" for the purposes of this clause means any of the following, identified by us during the engagement:
- Malicious code in any WordPress file, plugin, theme, mu-plugin, upload, or database table
- A rogue or unauthorized administrator-level account
- A persistence mechanism (modified .htaccess, hidden scheduled task, modified core file, injected database row, attacker-controlled file in the webroot or any other server location accessible to the site)
- Evidence of unauthorized access at the hosting, panel, or database layer
- An active or recent SEO spam injection, malicious redirect, or attacker-controlled content visible to visitors or search engines
- Indicators of compromise on a second WordPress installation, staging copy, or related site in the same hosting environment
If a finding under this definition exists, the engagement does not qualify for the no-findings refund regardless of the perceived severity of the finding.
Refund requests must be submitted in writing to [email protected] within 14 days of report delivery. Refunds are processed through the original payment method.
Your responsibilities
- Provide accurate information about the site, the symptoms, and any earlier remediation attempts.
- Provide working access (hosting panel, WordPress admin, SFTP, or equivalent) to allow remediation to proceed. If access cannot be established within five business days of engagement start, we may pause the engagement and reset the turnaround clock.
- Confirm you are the site owner, or that you have written authorization from the site owner to engage us on their behalf.
- Rotate any credentials we explicitly identify as needing rotation (your WordPress admin password, hosting panel password, temporary access accounts we used) after the engagement.
- Apply the security recommendations we document, to the extent they fall outside our scope. If you decline to apply them, the warranty is void with respect to the relevant vector.
Liability
To the maximum extent permitted by law, the total liability of Korabay Ltd to you for any claim arising out of an engagement is limited to the fees you paid for that engagement. We are not liable for indirect, incidental, consequential, special, or punitive damages, including lost revenue, lost data, reputational harm, or loss of business opportunity.
We do not warrant that a site will never be compromised again in the future. We warrant that the compromise we identified at the time of the engagement was removed and documented.
Confidentiality
We treat the details of your engagement as confidential. We will not disclose your identity, the URL of your site, or the technical specifics of your compromise to any third party without your written consent. Anonymized case studies may be published; they will not contain any information that could reasonably be used to identify you or your site.
Governing law
These terms are governed by the laws of the Province of Ontario and the federal laws of Canada applicable therein. Any dispute arising under these terms is subject to the exclusive jurisdiction of the courts of the Province of Ontario.
Changes
We may update these terms from time to time. The "Last updated" date at the top reflects the most recent version. Engagements that have already started are governed by the version of the terms in effect at the time of purchase.
Contact
For any question about these terms, contact [email protected].