NEED your expert opinion on a dispute!

[hkalantari]

Hi all,
Sorry for the long story!! I wanted to give you the whole story!

We hired an SEO team to help improve our rankings, but unfortunately, they’ve proven to be unprofessional and have caused significant issues.

About three months ago, I noticed our shop wasn't functioning properly, and customers couldn’t make purchases. I immediately asked the SEO team if they had made any changes, to which they replied, "No, we haven’t performed any updates or installed or deactivated any plugins. The only plugin we installed at the start of the project was the Yoast SEO plugin."

However, I later discovered they had updated the PHP version, which caused compatibility issues with the site. After I confronted them, they admitted to doing it.

Then, one day, I realized several crucial plugins, including Elementor, Sucuri, and WP Rocket, had been deleted. When I asked if they were responsible, they again denied it. I showed them the Simple History log as proof, and they finally admitted, "The plugins were deactivated as part of our investigation into the meta title and description issue. This included the Sucuri Security plugin, which was temporarily disabled and meant to be reactivated."

The plugins remained deleted for five days.

This week, the same thing happened—several plugins, including WP Rocket and Sucuri, were deleted again. Many new plugins were added as well, all on Monday. I asked the team on Tuesday if they had done it, but they didn’t respond. That night,I received a malware alert from Sucuri website. The next day, they replied, "We had to take these actions due to a malware attack on your website. To address this urgently, we had to delete some plugins. While the immediate issue is resolved, we are still investigating the root cause."

I responded, “The malware alert was from last night, but the plugins were deleted two days ago.”

They then claimed their account had been hacked, stating, “The hack originated from a US IP address, and we took immediate steps to contain it, including removing our user for added security.”

Do you see the pattern? It feels like they’re lying. I checked the IP addresses from their activity, and while some were from the US and Germany, I found activity from a US IP three weeks ago, well before this supposed attack.

To make matters worse, they’ve deducted money for the next month’s service despite everything. When I requested a refund, they mentioned a 30-day notice period.

Simple History only shows two months of activity, so I can't check the IP addresses from the plugin deletions three months ago. Is there any way to recover that information?

What do you think? Are they playing us? Should we push for a refund or just cut our losses?

Also our raking didn't really improved! in some cases got worst after 9 month!