WordPress Security / Static Site Export Specialist Needed for Old WordPress Site
Budget: $20.0 - $40.0
HOURLY / PART_TIME
⭐ 5.00 (56)
United States
wordpress, web-programming, css, php, html, javascript, web-design, html5, wordpress-plugin
I have an old WordPress website that I want to bring back online, but I do not plan to modify or actively maintain the site. The goal is to preserve the old website as-is, while making it as secure as reasonably possible.
The site is an old WordPress installation with an old theme/plugins and a MySQL database backup. I understand that older WordPress installs can have inherent vulnerabilities, so I am looking for someone who can help me choose the safest deployment method.
The preferred option may be to restore the old WordPress site privately, crawl/export it to static HTML, and publish only the static files.
In plain English, I want the public website to be:
HTML / CSS / JavaScript / images only
No public WordPress admin
No wp-login.php
No wp-admin
No xmlrpc.php
No public database connection
No old PHP plugins running publicly
The idea is that visitors would still see the old site, map, images, text, and JavaScript behavior, but the public site would not be a live WordPress install.
Preferred Option: Static Site Export
I would like you to evaluate whether this site can be made static.
The workflow would likely be:
1. Restore the old WordPress site on a private staging VM or private staging URL.
2. Lock the staging site behind Basic Auth, VPN, or IP restriction.
3. Confirm the old site displays correctly.
4. Crawl/export the site into static HTML/CSS/JS/images.
5. Publish only the static files to the live website.
6. Keep the old WordPress version private/offline as the source copy.
7. If future changes are needed, edit privately and export again.
Possible tools could include:
Simply Static
WP2Static
HTTrack
wget
SiteSucker
Other equivalent static export/crawling tools
I need someone who can verify that the exported static version preserves the site correctly, including image maps, JavaScript slide behavior, old images, internal links, and page layout.
Secondary Option: Locked-Down Live WordPress
If a static export will not work properly, I need a second option where the old WordPress install is made live but locked down as much as possible.
Please propose and implement a hardened setup like this:
1. Put the site behind Cloudflare or another WAF.
2. Restrict /wp-admin/ and /wp-login.php to my IP or VPN only.
3. Disable or block /xmlrpc.php.
4. Remove unnecessary or dangerous old plugins, especially file manager / FTP-style plugins.
5. Make WordPress core, theme, and plugin files read-only where possible.
6. Block PHP execution inside /wp-content/uploads/ and other writable directories.
7. Disable WordPress file editing with DISALLOW_FILE_EDIT.
8. Consider DISALLOW_FILE_MODS if the site will not be updated through the dashboard.
I also want the site isolated so that if it is ever compromised, it cannot affect anything else.
Minimum Security Requirements
At minimum, I want the setup to include:
Separate VM or container
Separate database and database user
No shared hosting with other important sites
No unnecessary outbound mail
No access to internal/private systems
Cloudflare/WAF protection
/wp-admin and /wp-login.php restricted
/xmlrpc.php blocked
PHP execution blocked in uploads
Unused themes and plugins deleted
File permissions tightened
wp-config.php protected
WordPress file editor disabled
File change monitoring
Clean golden VM snapshot after setup
Since I do not plan to edit the site, I also want a golden clean VM backup/snapshot after the site is confirmed working. If the live VM is ever compromised, I want to be able to destroy it and redeploy from the clean image instead of trying to clean malware manually.
Important Notes
I am not looking for a redesign.
I am not looking to modernize the site right now.
The priority is:
Preserve the old site visually and functionally
Make it live safely
Prefer static HTML if possible
If not static, lock down WordPress aggressively
Create a clean restore plan
Deliverables
Please include the following deliverables in your proposal:
1. Review the old WordPress backup and determine if static export is feasible.
2. Restore the site in a private staging environment.
3. Export/test a static version if feasible.
4. Deploy the static version live, or explain why live WordPress is required.
5. If live WordPress is required, harden it according to the security checklist.
6. Configure admin restrictions, file permissions, and upload protections.
7. Set up Cloudflare/WAF rules or equivalent.
8. Create a golden clean VM snapshot/backup.
9. Provide a short written handoff explaining how the site is deployed and how to restore it.
Skills Needed
WordPress restoration
MySQL database import
Old WordPress/PHP troubleshooting
Static site export
HTML/CSS/JavaScript
Linux server administration
Nginx or Apache security
Cloudflare WAF/security rules
WordPress hardening
Malware/security review
VM snapshots/backups
Questions for Applicants
Please answer these in your reply:
1. Have you converted old WordPress sites to static HTML before?
2. What tool would you use for static export and why?
3. How would you handle JavaScript-driven content such as image maps or slide toggles?
4. If static export fails, how would you lock down the live WordPress install?
5. How would you block wp-admin, wp-login.php, and xmlrpc.php?
6. How would you prevent PHP execution in uploads?
7. How would you create a clean restore/snapshot plan?
8. Can you work from a SQL database backup and WordPress files if provided?
Ideal Candidate
The ideal person understands both WordPress and server security. I need someone practical who can preserve an old site without turning it into a large rebuild project. Static export is preferred, but I also want someone capable of hardening the old WordPress install if static export is not possible.
Openen op Upwork