WordPress and Cloudflare Security Specialist

Posted General

Job Responsibilities

Cloudflare Implementation & Management

  • Implement and manage Cloudflare for client websites, including initial setup and configuration
  • Handle DNS management and domain name migrations to Cloudflare
  • Configure and optimize Cloudflare security features (WAF, Rate Limiting, Bot Management)
  • Monitor and implement SSL/TLS certificates and ensure proper configuration
  • Configure Cloudflare Page Rules and other features
  • Troubleshoot Cloudflare-related issues and provide timely resolution

WordPress Security

  • Conduct WordPress security audits using comprehensive checklists covering core, plugins, themes, and server configurations
  • Implement and maintain WordPress security roadmaps tailored to each client’s risk profile and business needs
  • Perform security assessments covering authentication, authorization, API endpoints, headers, and vulnerability detection
  • Remediate security findings including malware removal, plugin/theme updates, and security hardening
  • Configure and manage security plugins and WAF implementations
  • Implement security headers (CSP, HSTS, X-Frame-Options, Referrer-Policy, Permissions-Policy)
  • Manage plugin and theme security including vetting, updates, and replacing insecure components
  • Configure secure file permissions, disable unnecessary services, and restrict access to sensitive endpoints

Website Administration & Support

  • Perform website migrations and ensure seamless transitions
  • Troubleshoot and resolve website security issues
  • Provide ongoing support for client websites
  • Deliver responsive support for urgent security issues and emergencies
  • Create and maintain security documentation and standard operating procedures

Required Skills

  • 3+ years hands-on experience with WordPress security, hardening, and vulnerability remediation
  • Proven expertise implementing and managing Cloudflare services, including DNS management and security features
  • Experience with domain migrations and DNS configuration
  • Strong knowledge of WordPress core architecture and common vulnerabilities (OWASP Top 10)
  • Proficiency with security plugins and WAF configuration
  • Experience implementing security headers
  • Knowledge of malware detection, removal, and backup/disaster recovery solutions
  • Understanding of privacy compliance requirements for websites
  • Ability to explain security concepts clearly to non-technical business owners
  • Strong documentation skills and attention to detail
  • Excellent communication skills and ability to provide timely support

Preferred Skills

  • Advanced experience with Cloudflare Enterprise security features and Workers
  • Experience with Cloudflare for Teams or Zero Trust implementation
  • Basic PHP knowledge for security code reviews
  • Certifications: CEH, GWAPT, or WordPress security certifications
  • Experience with penetration testing tools and methodologies
  • Experience providing ongoing maintenance and support for multiple clients

Additional Information

  • Candidate must be available to work between the hours of 6am-5pm pacific, ideally 6am-9am pacific and/or 12pm-5pm pacific
  • Candidates who are aligned with advocacies for women’s empowerment and rights are highly preferred
  • Role includes a mix of project-based work and ongoing support work
  • Ability to respond to urgent security issues outside of regular hours may be needed occasionally
  • Rate: $15-$45 per hour depending on location
  • Hours: Project-based with ongoing support as needed (~20 hrs/month)

Requirements

Hours needed per week (approximate): less than 10 hours

Company
Nexxo
Job Type
Project
Location
Remote
How to Apply
Via web form