← Joburi

WordPress Security / Static Site Export Specialist Needed for Old WordPress Site

Buget: $20.0 - $40.0 HOURLY / PART_TIME ⭐ 5.00 (56) United States

wordpress, web-programming, css, php, html, javascript, web-design, html5, wordpress-plugin

I have an old WordPress website that I want to bring back online, but I do not plan to modify or actively maintain the site. The goal is to preserve the old website as-is, while making it as secure as reasonably possible. The site is an old WordPress installation with an old theme/plugins and a MySQL database backup. I understand that older WordPress installs can have inherent vulnerabilities, so I am looking for someone who can help me choose the safest deployment method. The preferred option may be to restore the old WordPress site privately, crawl/export it to static HTML, and publish only the static files. In plain English, I want the public website to be: HTML / CSS / JavaScript / images only No public WordPress admin No wp-login.php No wp-admin No xmlrpc.php No public database connection No old PHP plugins running publicly The idea is that visitors would still see the old site, map, images, text, and JavaScript behavior, but the public site would not be a live WordPress install. Preferred Option: Static Site Export I would like you to evaluate whether this site can be made static. The workflow would likely be: 1. Restore the old WordPress site on a private staging VM or private staging URL. 2. Lock the staging site behind Basic Auth, VPN, or IP restriction. 3. Confirm the old site displays correctly. 4. Crawl/export the site into static HTML/CSS/JS/images. 5. Publish only the static files to the live website. 6. Keep the old WordPress version private/offline as the source copy. 7. If future changes are needed, edit privately and export again. Possible tools could include: Simply Static WP2Static HTTrack wget SiteSucker Other equivalent static export/crawling tools I need someone who can verify that the exported static version preserves the site correctly, including image maps, JavaScript slide behavior, old images, internal links, and page layout. Secondary Option: Locked-Down Live WordPress If a static export will not work properly, I need a second option where the old WordPress install is made live but locked down as much as possible. Please propose and implement a hardened setup like this: 1. Put the site behind Cloudflare or another WAF. 2. Restrict /wp-admin/ and /wp-login.php to my IP or VPN only. 3. Disable or block /xmlrpc.php. 4. Remove unnecessary or dangerous old plugins, especially file manager / FTP-style plugins. 5. Make WordPress core, theme, and plugin files read-only where possible. 6. Block PHP execution inside /wp-content/uploads/ and other writable directories. 7. Disable WordPress file editing with DISALLOW_FILE_EDIT. 8. Consider DISALLOW_FILE_MODS if the site will not be updated through the dashboard. I also want the site isolated so that if it is ever compromised, it cannot affect anything else. Minimum Security Requirements At minimum, I want the setup to include: Separate VM or container Separate database and database user No shared hosting with other important sites No unnecessary outbound mail No access to internal/private systems Cloudflare/WAF protection /wp-admin and /wp-login.php restricted /xmlrpc.php blocked PHP execution blocked in uploads Unused themes and plugins deleted File permissions tightened wp-config.php protected WordPress file editor disabled File change monitoring Clean golden VM snapshot after setup Since I do not plan to edit the site, I also want a golden clean VM backup/snapshot after the site is confirmed working. If the live VM is ever compromised, I want to be able to destroy it and redeploy from the clean image instead of trying to clean malware manually. Important Notes I am not looking for a redesign. I am not looking to modernize the site right now. The priority is: Preserve the old site visually and functionally Make it live safely Prefer static HTML if possible If not static, lock down WordPress aggressively Create a clean restore plan Deliverables Please include the following deliverables in your proposal: 1. Review the old WordPress backup and determine if static export is feasible. 2. Restore the site in a private staging environment. 3. Export/test a static version if feasible. 4. Deploy the static version live, or explain why live WordPress is required. 5. If live WordPress is required, harden it according to the security checklist. 6. Configure admin restrictions, file permissions, and upload protections. 7. Set up Cloudflare/WAF rules or equivalent. 8. Create a golden clean VM snapshot/backup. 9. Provide a short written handoff explaining how the site is deployed and how to restore it. Skills Needed WordPress restoration MySQL database import Old WordPress/PHP troubleshooting Static site export HTML/CSS/JavaScript Linux server administration Nginx or Apache security Cloudflare WAF/security rules WordPress hardening Malware/security review VM snapshots/backups Questions for Applicants Please answer these in your reply: 1. Have you converted old WordPress sites to static HTML before? 2. What tool would you use for static export and why? 3. How would you handle JavaScript-driven content such as image maps or slide toggles? 4. If static export fails, how would you lock down the live WordPress install? 5. How would you block wp-admin, wp-login.php, and xmlrpc.php? 6. How would you prevent PHP execution in uploads? 7. How would you create a clean restore/snapshot plan? 8. Can you work from a SQL database backup and WordPress files if provided? Ideal Candidate The ideal person understands both WordPress and server security. I need someone practical who can preserve an old site without turning it into a large rebuild project. Static export is preferred, but I also want someone capable of hardening the old WordPress install if static export is not possible.
Deschide pe Upwork