TL;DR - I’d be keen to chat with those of you who are doing this for clients, interested in the topics or have a wordpress site that you want to optimize & secure.
So a year ago all I did with regards to websites was click. At the time a regular long standing business client asked if I do websites, to which I said no. They went on their own accord & found a company via someone they knew, who worked for this company , with no ask for input from me.
Few months later - Day 1 live site: site was “hacked” with the “web design” company owner saying that security was not part of the brief… Slimy ways of doing business if you ask me. They went on to tell us that their “dev team” have been coding for ±13 years… Site would redirect to porn sites when CTA buttons were clicked.
Being rather protective over my clients, I dived into the deep-end of Google with “Wordpress security basics” & ended up about 4 hours later having stumbled upon a tool which pointed out the bad code. I also found out that the site was not optimized , had no login page sec, no WAF, no cache, no CDN , no sec headers etc. Literally amateur hour 101. All build on a theme that has terrible performance , with a page builder thrown on top because well, " 13years of coding "…
Notified the client & we agreed to keep this & see if this “dev team” could find the issue by Fri. Fri came & they did not find it… We showed it to them and they removed it.
In those 4 hours, I was able to see that this “dev team” were failing to do the absolute minimum ion terms of security or optimization.
Fast forward 1 year I’m about to launch a Wordpress security + optimization bundle & ongoing maint within my business. I’ve got a list of almost 300 companies, that I’ve done some checks on, over the last year. I’m hoping that the website sec & opt side of things , will serve as a great cold calling tool , aswell as a step into their actual I.T needs.
I’d be keen with those of you who are doing this for clients, interested in thew topic or have a wordpress site.