Sfoglia categorie
Esplora
Fiverr Pro
Italiano
$
USD
I will audit your wordpress site for vulnerabilities and harden it
Nasur U
Informazioni su questo servizio
WordPress powers 43% of the web and is the #1 target for automated attacks. I am an OSCP & CPTS certified penetration tester who will manually audit your WordPress site, identify real vulnerabilities, and provide actionable hardening steps.
WHAT I TEST:
- Core, Plugin & Theme versions (CVE lookup)
- - Authentication: weak passwords, 2FA, XML-RPC abuse
- - User enumeration via REST API and author pages
- - File exposure: wp-config.php, debug.log, backups
- - Privilege escalation: subscriber to admin paths
- - SQL Injection in plugins, themes, custom code
- - XSS: stored and reflected in forms and comments
- - Security headers: CSP, HSTS, X-Frame-Options
- - WooCommerce: order manipulation, coupon abuse
HARDENING INCLUDED:
- Disable XML-RPC, restrict file editor
- - .htaccess and wp-config.php hardening rules
- - Recommended security plugin stack
- - File permission and server-level suggestions
DELIVERABLES:
- Full audit report (PDF)
- - Vulnerability list with severity ratings
- - Hardening checklist with remediation steps
Testing is non-destructive. Staging environment recommended for high-traffic sites. NDA available on request.
Rispettare i diritti di terzi
Ricorda che è contrario alle politiche di Fiverr per i freelance includere temi, modelli o qualsiasi altro elemento che violi i diritti di terzi o le leggi applicabili nell'opera consegnata. Per saperne di più, consulta Guida alla creazione digitale responsabile.
Scopri di più su Nasur U
Nasur U
Penetration Tester OSCP CPTS Certified
- DaPakistan
- Membro daago 2025
- Tempo di risposta medio1 ora
Lingue
Inglese, Hindi, Urdu
OSCP & CPTS certified penetration tester at Privacy Ninja (professional VAPT firm). I perform manual web app, API & WordPress security assessments — not scanner output.
WHAT YOU GET:
- OWASP Top 10 & API Security Top 10 coverage
- Manual testing: XSS, IDOR, SQLi, CSRF, Auth Bypass, Business Logic
- Every finding PoC-verified before it goes in the report
- Professional PDF report with CVSS scores and remediation steps
I work with startups, SMBs, and dev teams who need credible security testing. NDA available. Full confidentiality on every engagement.
Let's secure your application.
FAQ
Will you need admin access to my WordPress site?
For a thorough audit, a temporary admin account or read-only admin access is preferred. I will never ask for hosting/FTP credentials unless absolutely necessary (and with NDA in place).
My site was already hacked — can you help?
The Standard and Premium packages include post-compromise review. Message me first to discuss the situation.
Do you remove malware?
Malware removal is a separate service. The audit will identify infection vectors and malicious files so you or your host can remediate. Add-on malware removal available — contact me.
How is this different from a plugin like Wordfence?
Plugins run automated scans. I perform manual testing that catches business logic flaws, privilege escalation, and custom code vulnerabilities that no plugin can detect.
Will this affect my live site?
Testing is non-destructive. For high-traffic or e-commerce sites, I recommend providing a staging environment — though live testing is also safe with my methodology.
