About

We’re looking for a WordPress security specialist to harden our website against vulnerabilities and suspicious traffic. Our site is hosted on WP Engine and runs a custom child theme built on Salient. We recently noticed recurring visits from suspicious IPs (Singapore/Germany) and want to make sure our platform is fully secured and updated. You’ll be responsible for updating the PHP environment, addressing plugin vulnerabilities, configuring WordFence or an equivalent firewall, and setting up Cloudflare to block bot or crawler traffic. Scope of Work: -Upgrade PHP from 7.4 → 8.2 (ensure theme/plugin compatibility) -Update or replace outdated/vulnerable plugins (Better Search Replace Pro, Gravity Forms, Yoast SEO) -Perform a full malware and vulnerability scan -Install/configure WordFence Premium (or similar firewall) -Set up Cloudflare Free Plan for CDN, SSL, caching, and IP blocking -Add 2-Factor Authentication (2FA) for admin users -Apply standard WordPress hardening (disable file editing, limit login attempts, enforce strong passwords) -Provide a short security summary outlining all updates and any remaining recommendations Deliverables: -Clean, updated, and secure WordPress site (PHP 8.2) -Configured WAF and Cloudflare integration -Documentation of changes, credentials, and recommendations Timeline: 7 – 10 days from project start (minimal downtime; testing should occur in staging first) Preferred Qualifications: -Proven experience with WordPress security, PHP upgrades, and plugin conflict resolution -Familiar with WP Engine environments -Ability to provide before/after security scan reports