Shiv — Principal Security Researcher, Malcure

Shiv is Principal Security Researcher at Malcure Web Security. He has worked in security and infrastructure since 2002, beginning with enterprise network security, Windows desktop and laptop provisioning, server provisioning, production support, and escalation workflows.

That operational background helps inform Malcure’s approach to website security: identify what changed, understand how the compromise happened, remove the infection thoroughly, close the reinfection path, and harden the website so the same incident does not repeat.

His current work is centered on real-world website compromise: PHP malware, injected JavaScript, malicious redirects, SEO spam, database payloads, fake pages, backdoors, vulnerable plugins, suspicious file changes, blacklist warnings, and recurring infections.

Security Focus at Malcure

At Malcure, Shiv’s work informs the company’s malware research, detection logic, cleanup workflows, technical documentation, support escalation, triage, and post-compromise hardening strategy.

• Website malware detection and removal
• Malicious redirect investigation and cleanup
• SEO spam, pharma spam, fake pages, and cloaking remediation
• Database malware analysis and cleanup
• Backdoor, web shell, and suspicious PHP analysis
• WP-CLI based scanning, search, cleanup, and verification workflows
• Website hardening after compromise
• ModSecurity, reverse proxies, WAF strategy, virtual patching, and performance-aware security architecture
• Vulnerability response and recurring infection prevention

Security Built From the Field

A compromised website is rarely fixed by deleting one suspicious file. In many cases, the visible symptom is only the final stage of a larger problem: an unpatched vulnerability, a missed database payload, a surviving backdoor, a compromised administrator account, unsafe file permissions, or a server-side weakness that allows reinfection.

Shiv’s work combines infrastructure experience, website internals, WordPress internals, malware analysis, technical SEO, and incident-response discipline. This is especially important for infections that affect search visibility, inject spam pages, trigger malicious redirects, damage business reputation, or return after a superficial cleanup.

Website, Infrastructure, and Security Experience

Shiv has worked across website development, plugin and theme workflows, WooCommerce, technical SEO, performance optimization, REST API implementations, custom business workflows, and large-scale website maintenance. His infrastructure work has included Linux server workflows, Nginx, ModSecurity, reverse proxies, web application firewall concepts, and on-the-fly asset optimization using Google’s PageSpeed Module.

Over time, that background evolved into a deeper focus on website security, malware cleanup, incident response, vulnerability response, and post-compromise hardening. This combination of website internals, WordPress internals, infrastructure, performance, and security operations is central to Malcure’s approach to compromised websites.

Research Notes and Field Guides

• Practical explanations of real website malware patterns
• Clear guidance on malicious redirects, SEO spam, backdoors, and database infections
• Operational cleanup thinking rather than generic security advice
• Attention to root cause, verification, hardening, and reinfection prevention
• Security guidance written for both technical teams and business owners