I will audit your PHP, laravel or wordpress code for security bugs


About this gig
I audit PHP, Laravel, CodeIgniter, and WordPress codebases for security and code-health issues using Observer, my own scanner, plus manual review on the higher tiers. You get a branded PDF report: each finding with severity, exact file:line, a CWE/OWASP tag, and a recommended fix, plus Security and Code-Health scores. This is an audit + advisory service: I show you exactly what to fix and how. I do NOT modify your code. Basic: built-in PHP security rules + dependency CVE checks (Composer/npm/PyPI/Go). Standard: adds deeper engine analysis (Semgrep + PHPStan), curated Laravel/CodeIgniter security-pattern checks, manual review, a prioritized fix plan, and a call. Premium: adds a full manual deep-dive, a fix guide with code examples, OWASP mapping, one re-scan, and follow-up Q&A. WordPress: I review your custom theme/plugin code plus targeted checks, but do NOT scan installed plugins/themes against a vulnerability database. Analysis runs locally, so your code stays private. Best for legacy apps, pre-launch checks, and agency handovers. Message me your stack before ordering.
Respect third-party rights
Please be aware that it is against Fiverr's policies for sellers to include themes, templates, or any other elements that infringe third-party rights or applicable laws in the delivered work. Read more about in our Guide to Responsible Digital Creation.
Get to know Shanky
Backend Engineer, Laravel and CodeIgniter Specialist, REST APIs and AWS
- FromIndia
- Member sinceApr 2017
- Avg. response time1 hour
Languages
English
FAQ
Will you fix the issues you find?
No, this is audit + advisory. Standard gives a prioritized fix plan; Premium gives a step-by-step fix guide with code examples. You or your dev implement the changes, and Premium includes one re-scan afterward to verify the fixes.
What frameworks and CMS do you cover?
Plain PHP and Laravel/CodeIgniter get curated framework-specific security checks (Standard/Premium) plus general PHP analysis. WordPress gets general PHP-level analysis of your custom code plus two targeted WordPress checks, but not a plugin/theme vulnerability database scan.
Do dependency checks cover WordPress plugins?
No. Dependency scanning covers known CVEs in Composer, npm, PyPI, and Go packages. It does not check WordPress plugin, theme, or core versions against a vulnerability database.
Can you review my error logs too?
Static code is the default scope. If you also want your error logs reviewed, send them along with your code and I can include log-based findings in the report as an add-on (this may adjust price and timeline slightly).
Is my code kept confidential?
Yes. Analysis runs locally, so your code is not sent to any third-party service by default. It is not shared, reused, or retained beyond delivering your audit. Happy to sign an NDA if your company requires one, just send it over.
What do you need from me to start?
Read access to your codebase (a zip file or a read-only repo link) plus your PHP version and framework. No production database access or live server credentials are needed for a code-level audit.

