We're addressing a long-standing spam issue on a WordPress-based prescription drug e-commerce platform. The core problem—fraudulent user registrations driven by bots—has resisted previous fixes. We need a developer who can dive deep into the system, understand the attack vectors, and implement a reliable, maintainable defense.
What You'll Do
You'll begin by auditing the current registration and login workflows, including all active plugins and custom code. Your goal is to pinpoint exactly how automated scripts are bypassing existing protections—whether through API manipulation, headless browsers, or overlooked vulnerabilities. Once the weak points are clear, you’ll design and deploy a tailored anti-spam strategy. This could include behavioral checks, custom JavaScript challenges, honeypot traps, rate-limiting rules, or integration with services like Cloudflare Turnstile.
The solution must be effective without burdening legitimate users. You’ll ensure it’s lightweight, easy to maintain, and clearly documented. After implementation, you’ll walk the client through the changes and confirm everything works as intended.
Requirements
- Proven background in securing WordPress sites, especially against spam registrations and bot traffic
- Strong PHP skills with deep knowledge of WordPress hooks, themes, plugins, and the REST API
- Hands-on experience with anti-spam methods such as CAPTCHA alternatives, browser fingerprinting, IP analysis, and JavaScript-based challenges
- Ability to reverse-engineer bot behavior and test countermeasures effectively
- Portfolio demonstrating past success in reducing spam or hardening WordPress systems—please include links or detailed examples
- Fluent English communication, both written and spoken
Preferred Qualifications
- Experience with WooCommerce or membership-based WordPress sites
- Familiarity with server-level tools like fail2ban, ModSecurity, or CDN security settings
- Contributions to WordPress core or open-source security plugins
Benefits
- Fully remote role—work from anywhere
- Flexible schedule focused on results, not hours logged
- Direct access to the client with no intermediaries
- Opportunity to solve a critical, long-ignored issue with measurable impact
- Potential for follow-up projects if performance is strong
