← Вакансии

WordPress Security Hardening & PCI Compliance (WooCommerce)

Бюджет: $500.0 FIXED / ⭐ 5.00 (25) United States

wordpress, pci-compliance, website-security, internet-security, security-analysis

We are looking for an experienced WordPress security specialist to help us remediate findings from a PCI vulnerability scan and prepare our WooCommerce website to pass a rescan. The website is a production WooCommerce site running on WordPress with Cloudflare and several third-party integrations (analytics, marketing scripts, WPML, Elementor, etc.). We are looking for someone with proven experience in WordPress security, PCI compliance, and server configuration who can implement the required changes without affecting site functionality. Scope of Work: 1. Review the PCI Vulnerability Report * Review the provided PCI scan report. * Separate genuine security issues from false positives or standard WordPress behavior. * Recommend compensating controls where appropriate. 2. Cookie Security Review * Audit all cookies flagged by the PCI scan. * Identify which plugin or component creates each cookie. * Configure Secure, HttpOnly, and SameSite attributes where appropriate. * Ensure WooCommerce cart functionality, checkout, AJAX features, analytics, and third-party integrations continue to work correctly. * Avoid blanket server-side cookie modifications that could break functionality. 3. Security Headers * Configure HTTP Strict Transport Security (HSTS). * Review and improve other relevant security headers where appropriate. 4. WordPress Hardening * Verify PHP errors and debug output are disabled. * Investigate the reported "Full Path Disclosure" findings and determine whether they are legitimate or scanner false positives. * If legitimate, remediate the issue. 5. Login & REST API Security * Improve WordPress login security (rate limiting, 2FA recommendations, Cloudflare protection, etc.). * Review REST API exposure and disable unnecessary endpoints or user enumeration without breaking WooCommerce or Elementor functionality. 6. PCI Scan Preparation * Implement changes required to maximize the chances of passing the PCI rescan. * Document any findings that are expected WordPress behavior and cannot reasonably be eliminated. * Provide notes that can be used as compensating controls if required by the PCI scanning vendor. Important Requirements: * Strong experience with WooCommerce. * Experience passing PCI compliance scans for WordPress websites. * Experience with Cloudflare. * Ability to troubleshoot without disrupting a live production website. * Please explain how you have previously resolved similar PCI scan findings. Deliverables: * All agreed security improvements implemented. * Website functionality fully tested after changes. * Summary of changes made. * Remaining findings (if any) with explanations and recommendations. * Assistance reviewing the PCI rescan results if minor follow-up adjustments are required. When applying, please include examples of previous WordPress PCI compliance or security hardening projects you've completed.
Открыть заказ