We are looking for an experienced Website Security Expert to conduct a comprehensive, one-time security audit and hardening of our website. This project is focused on identifying vulnerabilities, implementing critical fixes, and providing a clear roadmap for future maintenance. Our long-term maintenance is already handled; we need a specialist to perform a deep-dive assessment and fortify the site against current threats. Key Objectives & Scope of Work: The goal is to deliver a more secure and resilient website by the end of this project. The successful candidate will be responsible for the following deliverables: 1. Comprehensive Security Audit: o Perform a full scan of the website for malware, backdoors, and suspicious code. o Conduct a vulnerability assessment of the CMS core, all plugins, themes, and server configuration (where accessible). o Analyze the site for common OWASP Top 10 vulnerabilities (e.g., SQL Injection, XSS, CSRF). o Check for outdated software, misconfigurations, and weak passwords. 2. Immediate Hardening & Remediation: o Apply all critical security patches to the CMS, plugins, and themes. o Harden the website's security configuration (e.g., implement .htaccess protections, tighten file permissions, sanitize user inputs). o Clean and remove any identified malware or malicious code. o Implement (or configure existing) Web Application Firewall (WAF) rules to block common exploit patterns. 3. Final Deliverables & Report: o A Detailed Security Report: Document all findings, categorized by severity (Critical, High, Medium, Low), and provide evidence. o Remediation Summary: A clear list of all actions taken to fix the identified issues. o Hardening Certificate: A simple document stating the site has been audited and hardened on [date]. o Future Recommendations: A prioritized list of further actions, security plugins, or monitoring strategies for our long-term team to implement. Required Skills & Experience: • Proven experience in conducting one-off security audits and hardening for websites. • Expertise in securing WordPress websites is essential for this project. • Proficiency with security scanning and auditing tools (e.g., Sucuri SiteCheck, Wordfence CLI, Nikto, WPScan, Burp Suite). • In-depth knowledge of web vulnerabilities (OWASP Top 10) and practical mitigation techniques. • Experience with malware removal and cleaning compromised websites. • Ability to work within a defined scope and deliver clear, actionable reports. Preferred Qualifications (A Plus): • Relevant security certifications (e.g., CEH, CompTIA Security+). • Experience with server-level security (e.g., Linux command line, configuring firewalls like ConfigServer Security & Firewall - CSF). • Knowledge of GDPR/CCPA compliance as it relates to website security. Project Duration: This is a one-time project to be completed within [e.g., 1-2 weeks] of hiring. How to Apply: Please submit your proposal with the subject line "One-Time Security Audit - [Your Name]". To be considered, your proposal must include: 1. Relevant Experience: A brief description of your background in project-based security work. 2. Similar Project Example: Detail one past project where you performed a similar audit and hardening. What was the initial state and the outcome? 3. Proposed Plan: A high-level outline of your step-by-step approach to this audit. 4. Fixed Price Quote: Your total fixed price for completing the entire scope of work outlined above. Please confirm that this includes all scanning, remediation, and the final report. 5. Availability: Your estimated start date and timeframe to complete the project. We will prioritize applications that demonstrate a clear understanding of one-time audit projects. Generic applications will not be reviewed.
