Fix it for me

We apply the fixes directly to your WordPress site and confirm with a follow-up scan.

Simple

Server configuration fixes via .htaccess — no WordPress admin access needed.

  • PHP version header removed
  • Server software header suppressed
  • Default WordPress files blocked (readme.html, license.txt)
  • XML-RPC disabled
  • Directory listing on uploads disabled
  • HTTP to HTTPS redirect enforced
  • Security headers added (HSTS, CSP, X-Frame-Options, Referrer-Policy)
$49
Pro: $29

Medium

Everything in Simple, plus WordPress theme and plugin changes requiring wp-admin or SSH.

  • All Simple fixes
  • WordPress version removed from HTML source
  • REST API user enumeration blocked
  • Login page hardened (brute-force protection)
  • Secure / HttpOnly / SameSite cookie flags set
$89
Pro: $53

Full Hardening

Recommended

Complete security hardening — all fixes applied, vulnerable plugins updated, full audit.

  • All Medium fixes
  • Vulnerable plugin updates
  • Full security audit
  • Post-fix scan to confirm all issues resolved
$149
Pro: $89

After payment we'll contact you within 2 business days to request site access. Fixes typically complete within 72 hours of receiving access. No credentials are collected before payment.

Other ways to handle this

Want ongoing monitoring?

Pro from $9/month — weekly automated scans, email alerts, 40% off this fix service.

See plans →

Want to investigate first?

Forensic Toolkit — $25 one-time SSH-based deep scan you run yourself before deciding what to fix.

See the Toolkit →