phoenix
phoenixPhoenix - Your AI Assistant
Inactive session will be ended in 24 hours
End Session

Security Setup & Scanning and Security Hardening on Wordpress

  • Posted:
  • Proposals: 48
  • Remote
  • #4497346
  • OPPORTUNITY
  • Open for Proposals
Anshul ..Tosin O.Dhawal T.Elijah A.Md Ahsan Habib D. + 43 others have already sent a proposal.
  • 7

Description

Experience Level: Expert
All 4 Websites to conduc the following:

WordPress / WooCommerce Security Hardening & Anti-Bot Protection Specialist Needed

We are looking for an experienced WordPress security specialist to harden and secure several WooCommerce-based websites against attacks, malware, spam bots, fake account creation, brute-force login attempts, and malicious traffic.

IMPORTANT:
The websites are hosted on Kinsta, so server infrastructure and hosting-level security are already managed by Kinsta. This project is focused specifically on WordPress, WooCommerce, Cloudflare, and application-level security hardening.

Current Environment
WordPress + WooCommerce
Hosted on Kinsta
Cloudflare available
Kadence Theme
Rank Math SEO
SMTP/email integrations
Some sites allow customer registrations and WooCommerce accounts
Main Goals

We want to:

Harden the WordPress installation
Reduce attack surface
Prevent malware infections
Prevent fake registrations and spam bots
Protect WooCommerce customer accounts
Improve overall website security
Lock down admin access
Improve login and form security
Reduce malicious bot traffic
Scope of Work
1. WordPress Security Hardening
Secure wp-admin and login endpoints
Review XML-RPC and disable/restrict if appropriate
Harden WordPress configuration
Disable unnecessary WordPress attack vectors
Protect sensitive files
Prevent user enumeration
Configure login protection and rate limiting
Review plugin/theme vulnerabilities
Security best-practice implementation
2. Malware & Vulnerability Protection
Full WordPress malware scan
Security audit
Vulnerability assessment
Scan for malicious scripts/backdoors
Recommend ongoing monitoring solution
3. Bot & Spam Protection
Prevent fake WooCommerce registrations
Prevent spam/fake account creation
Protect forms and checkout pages from bots
Configure Cloudflare Turnstile or equivalent
Implement anti-bot and anti-spam protections
Configure rate limiting if necessary
4. WooCommerce Security
Secure customer account system
Improve login/session security
Protect checkout process
Reduce spam/fake orders
Review WooCommerce security practices
5. Cloudflare Security Configuration
Optimize Cloudflare security settings
WAF configuration
Bot protection review
Rate limiting recommendations
Security rules optimization
6. Backup & Recovery Review
Review backup strategy
Recovery recommendations
Basic disaster recovery planning
Deliverables
Hardened WordPress/WooCommerce setup
Security recommendations report
Documentation of changes implemented
List of vulnerabilities/issues found and resolved
Requirements
Strong WordPress security experience
WooCommerce experience REQUIRED
Cloudflare experience REQUIRED
Experience with malware cleanup and bot mitigation preferred
Please explain your approach briefly when applying
Please provide examples of previous WordPress security work completed

Potential for long-term collaboration if the work is good.

New Proposal

Create an account now and send a proposal now to get this project.

Sign up

Clarification Board Ask a Question

  • Satwinder S.

    Hi, thanks for the detailed brief, this is exactly the kind of project where the quality of the hardening strategy matters more than simply installing “security plugins”.

    A few important things I’d like to clarify first:

    1. have any of the 4 sites already experienced malware infections, spam attacks, fake WooCommerce registrations, or checkout abuse recently?
    2. are you currently using Cloudflare purely as DNS/CDN, or are WAF rules/rate limiting already partially configured?
    3. and do you want the final setup to prioritize maximum lock-down/security, or balance security carefully against customer UX/conversion flow (especially around WooCommerce registrations and checkout)?

  • Nimesh K.

    Hi Zahir,

    is it possible to share the website URL?

    Thanks

  • Sanjay I.

    Each website will be reviewed using the same core security baseline, but I will also check each site individually because plugins, forms, WooCommerce setup, checkout rules, traffic patterns, and vulnerabilities can differ from site to site. So the checklist remains consistent, but the findings and fixes may vary per website.

  • Mahmood U.

    Do you want all 4 sites hardened using the same security baseline setup, or does each site have slightly different access/checkout rules?