WordPress Website Security and Maintenance Specialist

Please complete Google Form – do not apply on here.

Apply here: Click to view/forms/d/e/1FAIpQLSdoA-yOTvhVJ5JOOqoLomQfpc3r_M5qO-jIZCcVwDP58mORDg/viewform?usp=sf_link

Reports to Head of Development

We are seeking a skilled and experienced WordPress Website Security Specialist to ensure the security, stability, and performance of our WordPress websites.

As a vital member of our team, you will be responsible for implementing security updates, performing regular maintenance, and reinforcing our client websites against potential threats. Your expertise will be critical in safeguarding our clients’ online presence, credibility and ensuring a seamless user experience.

Responsibilities:

Security Updates: Regularly update WordPress core, themes, plugins, and other related components to ensure the websites are protected against known vulnerabilities and exploits.
Vulnerability Assessment: Conduct thorough security audits and vulnerability assessments to identify potential weaknesses in the websites and implement appropriate remediation measures.
Malware Detection and Removal: Implement tools and processes to monitor and detect malware or malicious code, promptly addressing any security breaches or compromises.
Security Headers Deployment: Implement and configure essential security headers, such as Content Security Policy (CSP), X-XSS-Protection, X-Content-Type-Options, X-Frame-Options, and HTTP Strict Transport Security (HSTS), to protect against cross-site scripting (XSS), content-type sniffing, clickjacking, and man-in-the-middle attacks.
Firewall and Intrusion Detection: Configure and manage firewall systems and intrusion detection mechanisms to prevent unauthorized access and attacks.
Backup and Disaster Recovery: Establish robust backup and disaster recovery procedures to protect website data and enable rapid restoration in case of emergencies.
Performance Optimization: Optimize website performance by monitoring and fine-tuning server configurations, database queries, and caching mechanisms.
SSL/TLS Implementation: Ensure the proper implementation of SSL/TLS certificates to secure data transmission and protect user privacy.
User Authentication and Access Control: Implement strong user authentication mechanisms and access controls to prevent unauthorized access to sensitive areas of the websites.
Security Monitoring and Reporting: Set up monitoring tools and generate reports on website security, performance, and incidents for proactive risk management.

Technical Skills:

WordPress Expertise: In-depth knowledge and experience with WordPress CMS, including theme and plugin development, customization, and administration.
WPEngine & ManageWP: Familiarity with WPEngine & ManageWP to handle DNS integration, daily backups, SSL, web rules, cache and other tools on helping secure and manage websites.
Website Security: Proficiency in identifying and mitigating common web security vulnerabilities, such as XSS, SQLi, CSRF, and others.
Security Tools: Familiarity with security tools like Defender Security Pro, Wordfence, Sucuri, iThemes Security, and other plugins to enhance website security.
Security Headers Configuration: In-depth knowledge of security header directives and their syntax for proper implementation in web servers, like Apache, Nginx, or IIS.
Server Administration: Competence in server management and configuration, including Nginx, Apache, MySQL, and Linux-based systems.
Firewall and Intrusion Detection Systems: Experience in configuring and managing web application firewalls (WAF) and intrusion detection systems (IDS/IPS).
SSL/TLS Implementation: Knowledge of SSL/TLS certificate management and deployment to ensure secure data transmission.
Monitoring and Reporting: Ability to suggest and implement website monitoring tools and generate regular security and performance reports.
Coding Skills: Familiarity with web development languages like HTML, CSS, JavaScript, PHP, and understanding of secure coding practices.
DNS Configuration and Management: Proficiency in setting up and managing Domain Name System (DNS) records, including A, CNAME, MX, TXT, and SPF records, to ensure proper resolution and routing of domain-related services.
SMTP Protocol Expertise: In-depth knowledge of SMTP (Simple Mail Transfer Protocol) and understanding of how email communication works.
Continuous Learning: Demonstrated passion for staying up-to-date with the latest web security trends, technologies, and best practices.

Qualifications:

Bachelor’s degree in Computer Science, Information Technology, or a related field (or equivalent work experience).
Proven experience in WordPress website security and maintenance with a portfolio of successfully secured websites.
Industry certifications like Certified Ethical Hacker (CEH) or WordPress Security Certifications are a plus.

Note: This job description is intended to convey the general nature and level of work to be performed by the WordPress Website Security and Maintenance Specialist. It is not exhaustive and may be subject to change to meet the organization’s needs.