WordPress + WooCommerce Security Upgrade & Front-End Refresh

We run a live WooCommerce site, selling payment terminals and accessories for charities. We need an experienced WordPress/WooCommerce developer to bring the site fully up to date, harden its security, and modernise the front end - without disrupting the live store or its checkout and payment flow. This is a careful job on a site that processes payments. We want someone who tests thoroughly and documents their work, not someone who rushes updates and hopes for the best. Scope of work: Safety first Full site backup and a staging clone. All work happens on staging. The live site stays untouched until everything is verified and signed off. Updates & compatibility: PHP upgrade to a current supported release (8.2 or 8.3), including a code audit for deprecated functions that will break under the newer version. WordPress core update to the latest stable release. WooCommerce update to current - with extra care, as this touches checkout and payments. Full regression testing of cart, checkout and the order process afterwards. Update all themes and plugins, resolving any compatibility conflicts that surface, and removing anything redundant or abandoned. Everything tested thoroughly. Security & hardening: File permissions, login protection, disabling unsafe defaults SSL and security-header check. Investigate whether the site has been compromised or has a vulnerable plugin (we've noticed some unrelated/spam content in places it shouldn't be), and clean it up. Database Optimisation and clean-up of orphaned data left behind by old plugin versions. Front-end refresh Modernise the look and feel — cleaner, smoother, more functional — while keeping the existing branding and content intact. We can discuss how far to take this once we're talking. Testing & handover Full testing across desktop and mobile, including page load times. A short written summary documenting what was updated, what changed, and where things landed. What we're looking for Demonstrated WooCommerce experience on live, payment-taking sites — please share examples. A clear approach to staging and rollback. Tell us how you'd protect the live site while you work. Someone who tests the checkout flow seriously and documents what they've done. Ongoing opportunity This is the first piece of work on a site we intend to keep investing in. If it goes well and the quality is there, we're looking for one reliable person to take on ongoing work — regular maintenance and updates, further front-end and feature improvements, and general WordPress/WooCommerce support as the site grows. We'd rather build a long-term working relationship than re-hire for every task. To be clear, we see this first job as the one that decides that, so we're happy to pay properly for it now - we're not asking anyone to discount their rate against future work. To apply, please answer: Briefly, how would you handle the PHP and WooCommerce upgrade so the live checkout is never at risk? Have you dealt with a hacked or spam-injected WordPress site before? What did you do? Roughly how many hours do you estimate this taking, and does the scope fit a single phase or would you suggest splitting it? We read every application. Please skip the generic copy-paste proposals - we'll only respond to ones that actually address the three questions above.