Key skills
JavaScriptPHPWordPressREST APIWooCommerceCDNCloudflareCommunicationCollaborationRemote Work
About this role
Role Overview
- Audit the current WordPress registration and login flows, including all security plugins and custom code.
- Identify how bots are circumventing existing protections (e.g., API abuse, headless browsers, plugin vulnerabilities).
- Develop and implement advanced anti spam measures tailored to the site's architecture (e.g., custom challenges, behavior analysis, honeypots, rate limiting, or integration with third party services like Cloudflare Turnstile).
- Ensure the solution is lightweight, user friendly for genuine customers, and maintainable.
- Provide documentation and a brief hand off to the client.
Requirements
- Proven experience with WordPress security, specifically combating spam registrations and bot attacks.
- Strong PHP and WordPress development skills (themes, plugins, hooks, REST API).
- Familiarity with modern anti spam techniques (CAPTCHA variants, JavaScript challenges, IP analysis, browser fingerprinting, etc.).
- Ability to reverse engineer how bots work and test your own solutions.
- Portfolio of similar projects please include links or descriptions of past work where you successfully reduced spam or secured a WordPress site.
- Excellent communication in English (written and spoken).
- Nice to Have(s): Experience with e commerce platforms (WooCommerce) and membership sites.
- Knowledge of server level security (e.g., fail2ban, ModSecurity) and CDN configurations.
- Contributions to WordPress core or security plugins.
Tech Stack
- JavaScript
- PHP
- WordPress
Benefits
- 100% remote work from anywhere in your timezone.
- Flexible hours focus on delivery, not clock watching.
- Direct collaboration with the client
- no middlemen, no bureaucracy.
- Impactful work solve a decade old problem that actually matters to the business.
- Potential for ongoing work if results are strong, there may be additional security projects.