WordPress Security Audit & Hardening Specialist (Project-Based → Ongoing)

The Language Doctors (TLD) is seeking a U.S.-based specialist to audit, secure, and harden three existing WordPress websites. This role begins as a focused project engagement, with the opportunity for ongoing maintenance and security support based on performance and fit. Objective Assess the current state of 3 live WordPress sites, eliminate security risks, and establish a clean, hardened, and well-documented baseline. Scope of Work Conduct full security audit (plugins, themes, users, APIs, hosting, Cloudflare) Identify vulnerabilities, misconfigurations, and access risks Remove malware, backdoors, or suspicious code (if present) Secure admin access (least privilege, MFA where applicable) Harden WordPress (core, database, file system, endpoints) Configure Cloudflare (WAF, SSL/TLS, DNS protections) Validate or implement secure Stripe integration (tokenized, no card storage) Establish: Backup and restore process Update/patching approach Basic monitoring/logging Deliverables Written Security Audit Report (findings + severity) Summary of issues remediated vs. remaining risks Hardened and secured live environment Clear documentation of setup and recommendations Ongoing Support (Post-Project) Opportunity to continue supporting TLD on an as-needed basis, including: Security monitoring and periodic audits Plugin/core updates and patching Incident response (if needed) Minor improvements and optimizations