Browse categories
Explore
Fiverr Pro
English
$
USD
Looks Like This Service Is On Hold
I will audit your wordpress site for vulnerabilities and harden it
Nasur U
About this gig
WordPress powers 43% of the web and is the #1 target for automated attacks. I am an OSCP & CPTS certified penetration tester who will manually audit your WordPress site, identify real vulnerabilities, and provide actionable hardening steps.
WHAT I TEST:
- Core, Plugin & Theme versions (CVE lookup)
- - Authentication: weak passwords, 2FA, XML-RPC abuse
- - User enumeration via REST API and author pages
- - File exposure: wp-config.php, debug.log, backups
- - Privilege escalation: subscriber to admin paths
- - SQL Injection in plugins, themes, custom code
- - XSS: stored and reflected in forms and comments
- - Security headers: CSP, HSTS, X-Frame-Options
- - WooCommerce: order manipulation, coupon abuse
HARDENING INCLUDED:
- Disable XML-RPC, restrict file editor
- - .htaccess and wp-config.php hardening rules
- - Recommended security plugin stack
- - File permission and server-level suggestions
DELIVERABLES:
- Full audit report (PDF)
- - Vulnerability list with severity ratings
- - Hardening checklist with remediation steps
Testing is non-destructive. Staging environment recommended for high-traffic sites. NDA available on request.
Respect third-party rights
Please be aware that it is against Fiverr's policies for sellers to include themes, templates, or any other elements that infringe third-party rights or applicable laws in the delivered work. Read more about in our Guide to Responsible Digital Creation.
Get to know Nasur U
Nasur U
Penetration Tester OSCP CPTS Certified
- FromPakistan
- Member sinceAug 2025
- Avg. response time1 hour
Languages
English, Hindi, Urdu
OSCP & CPTS certified penetration tester at Privacy Ninja (professional VAPT firm). I perform manual web app, API & WordPress security assessments — not scanner output.
WHAT YOU GET:
- OWASP Top 10 & API Security Top 10 coverage
- Manual testing: XSS, IDOR, SQLi, CSRF, Auth Bypass, Business Logic
- Every finding PoC-verified before it goes in the report
- Professional PDF report with CVSS scores and remediation steps
I work with startups, SMBs, and dev teams who need credible security testing. NDA available. Full confidentiality on every engagement.
Let's secure your application.
FAQ
Will you need admin access to my WordPress site?
For a thorough audit, a temporary admin account or read-only admin access is preferred. I will never ask for hosting/FTP credentials unless absolutely necessary (and with NDA in place).
My site was already hacked — can you help?
The Standard and Premium packages include post-compromise review. Message me first to discuss the situation.
Do you remove malware?
Malware removal is a separate service. The audit will identify infection vectors and malicious files so you or your host can remediate. Add-on malware removal available — contact me.
How is this different from a plugin like Wordfence?
Plugins run automated scans. I perform manual testing that catches business logic flaws, privilege escalation, and custom code vulnerabilities that no plugin can detect.
Will this affect my live site?
Testing is non-destructive. For high-traffic or e-commerce sites, I recommend providing a staging environment — though live testing is also safe with my methodology.
