Location: Remote (Open to applicants in EU, Eastern Europe, and Australia)
Engagement Type: Contract (Hourly or Fixed-price – negotiable)
Start Date: Immediate
About the Project
We manage a UK based prescription drug e commerce site built on WordPress. For over a decade, the site has been flooded with spam user registrations despite using multiple plugins (mobile verification, math challenges, CAPTCHA, etc.). Spam accounts continue to bypass these measures, as shown in the attached screenshot. We need a developer who can think like an attacker, identify the loopholes, and implement a robust, long term solution.
Your Role
- Audit the current WordPress registration and login flows, including all security plugins and custom code.
- Identify how bots are circumventing existing protections (e.g., API abuse, headless browsers, plugin vulnerabilities).
- Develop and implement advanced anti spam measures tailored to the site’s architecture (e.g., custom challenges, behavior analysis, honeypots, rate limiting, or integration with third party services like Cloudflare Turnstile).
- Ensure the solution is lightweight, user friendly for genuine customers, and maintainable.
- Provide documentation and a brief hand off to the client.
Must Have Requirements
- Proven experience with WordPress security, specifically combating spam registrations and bot attacks.
- Strong PHP and WordPress development skills (themes, plugins, hooks, REST API).
- Familiarity with modern anti spam techniques (CAPTCHA variants, JavaScript challenges, IP analysis, browser fingerprinting, etc.).
- Ability to reverse engineer how bots work and test your own solutions.
- Portfolio of similar projects – please include links or descriptions of past work where you successfully reduced spam or secured a WordPress site.
- Excellent communication in English (written and spoken).
Nice to Have
- Experience with e commerce platforms (WooCommerce) and membership sites.
- Knowledge of server level security (e.g., fail2ban, ModSecurity) and CDN configurations.
- Contributions to WordPress core or security plugins.
Benefits
- 100% remote – work from anywhere in your timezone.
- Flexible hours – focus on delivery, not clock watching.
- Direct collaboration with the client – no middlemen, no bureaucracy.
- Impactful work – solve a decade old problem that actually matters to the business.
- Potential for ongoing work – if results are strong, there may be additional security projects.
How to Apply
Submit application with the following:
- Resume / CV highlighting relevant experience.
- Portfolio of similar anti spam or WordPress security projects (links or PDF).
- Cover letter (optional but encouraged) – briefly describe your approach to diagnosing and solving spam issues like the one described.
Deadline: Applications reviewed on a rolling basis. We’re looking for someone who can start within a week.
Key Skills:
WordPress Security, Anti Spam, Bot Mitigation, PHP Development, WordPress Plugin Development, Custom WordPress Development, CAPTCHA Integration, Cloudflare Turnstile, Honeypot Techniques, Rate Limiting, JavaScript Challenges, Browser Fingerprinting, IP Analysis, REST API Security, WooCommerce Security, Membership Site Security, fail2ban, ModSecurity, CDN Configuration, Vulnerability Assessment, Reverse Engineering Bots, User Registration Flow, Login Security, Code Audit, Performance Optimization