Fix it for me

We apply the fixes directly to your WordPress site and confirm with a follow-up scan.

Simple

72h turnaround

Server configuration fixes via .htaccess — no WordPress admin access needed.

✓PHP version header removed
✓Server software header suppressed
✓Default WordPress files blocked (readme.html, license.txt)
✓XML-RPC disabled
✓Directory listing on uploads disabled
✓HTTP to HTTPS redirect enforced
✓Security headers added (HSTS, CSP, X-Frame-Options, Referrer-Policy)

$49

Pro: $29

Medium

72h turnaround

Everything in Simple, plus WordPress theme and plugin changes requiring wp-admin or SSH.

✓All Simple fixes
✓WordPress version removed from HTML source
✓REST API user enumeration blocked
✓Login page hardened (brute-force protection)
✓Secure / HttpOnly / SameSite cookie flags set

$89

Pro: $53

Full Hardening

Recommended72h turnaround

Complete security hardening — all fixes applied, vulnerable plugins updated, full audit.

✓All Medium fixes
✓Vulnerable plugin updates
✓Full security audit
✓Post-fix scan to confirm all issues resolved

$149

Pro: $89

Plugin Migration

5 business days

When a vulnerable plugin has no patch available, we migrate your site to a safe alternative — install, configure, verify, remove the old plugin.

✓Identify a safe, actively-maintained alternative
✓Install + configure the replacement
✓Migrate data/settings where applicable
✓Verify the site still works end-to-end
✓Remove the vulnerable plugin
✓Post-fix scan to confirm the vulnerability is gone

Scope: simple plugin replacements only. Plugins with custom configuration (membership, custom fields, etc.) get a free 15-min review for a custom quote.

$149

Flat price

After payment we'll contact you within 2 business days to request site access. Turnaround varies by tier (see each card). No credentials are collected before payment.

Refund policy:if a post-fix re-scan doesn't show the issue resolved, we refund in full.

Other ways to handle this

Want ongoing monitoring?

Pro from $9/month — weekly automated scans, email alerts, 40% off this fix service.

See plans →

Want to investigate first?

Forensic Toolkit — $25 one-time SSH-based deep scan you run yourself before deciding what to fix.

See the Toolkit →

Fix it for me

We apply the fixes directly to your WordPress site and confirm with a follow-up scan.

Simple

72h turnaround

Server configuration fixes via .htaccess — no WordPress admin access needed.

✓PHP version header removed
✓Server software header suppressed
✓Default WordPress files blocked (readme.html, license.txt)
✓XML-RPC disabled
✓Directory listing on uploads disabled
✓HTTP to HTTPS redirect enforced
✓Security headers added (HSTS, CSP, X-Frame-Options, Referrer-Policy)

$49

Pro: $29

Medium

72h turnaround

Everything in Simple, plus WordPress theme and plugin changes requiring wp-admin or SSH.

✓All Simple fixes
✓WordPress version removed from HTML source
✓REST API user enumeration blocked
✓Login page hardened (brute-force protection)
✓Secure / HttpOnly / SameSite cookie flags set

$89

Pro: $53

Full Hardening

Recommended72h turnaround

Complete security hardening — all fixes applied, vulnerable plugins updated, full audit.

✓All Medium fixes
✓Vulnerable plugin updates
✓Full security audit
✓Post-fix scan to confirm all issues resolved

$149

Pro: $89

Plugin Migration

5 business days

When a vulnerable plugin has no patch available, we migrate your site to a safe alternative — install, configure, verify, remove the old plugin.

✓Identify a safe, actively-maintained alternative
✓Install + configure the replacement
✓Migrate data/settings where applicable
✓Verify the site still works end-to-end
✓Remove the vulnerable plugin
✓Post-fix scan to confirm the vulnerability is gone

Scope: simple plugin replacements only. Plugins with custom configuration (membership, custom fields, etc.) get a free 15-min review for a custom quote.

$149

Flat price

After payment we'll contact you within 2 business days to request site access. Turnaround varies by tier (see each card). No credentials are collected before payment.

Refund policy:if a post-fix re-scan doesn't show the issue resolved, we refund in full.

Other ways to handle this

Want ongoing monitoring?

Pro from $9/month — weekly automated scans, email alerts, 40% off this fix service.

See plans →

Want to investigate first?

Forensic Toolkit — $25 one-time SSH-based deep scan you run yourself before deciding what to fix.

See the Toolkit →