WordPress Hardening & Security Audit

Secure Your WordPress Infrastructure

WordPress powers over 40% of the web, making it the primary target for automated mass-exploitation. Most breaches don't happen because of poor PHP code, but because of misconfigured environments, unpatched plugins, and weak access controls. This skill turns your AI agent into a Senior WordPress Security Operations Engineer focused on infrastructure hardening and incident response.

What it does

• AUDIT: Performs a comprehensive assessment of your live site's security posture, including third-party plugin/theme CVE exposure, configuration gaps, and transport security.
• HARDEN: Delivers production-ready configuration snippets (wp-config.php, .htaccess, Nginx, Security Headers) and WP-CLI commands to lock down your install.
• INCIDENT: Provides a step-by-step containment-to-recovery runbook for compromised sites, focusing on forensics before deletion to ensure attackers don't return.

Why use this skill?

Unlike generic GPT prompting, this skill uses a structured 10-domain hardening framework and a dynamic scoring system (Impact / Effort) to prioritize fixes. It distinguishes between "security by obscurity" and "security by design," ensuring you implement high-value controls like 2FA and CSP over cosmetic changes. Every recommendation includes a Verify: step so you can objectively confirm the fix worked.

Supported Environments

Works across Managed WP hosts, VPS (Docker/CloudPanel/Coolify), and shared hosting. It prioritizes WP-CLI workflows for efficiency but provides manual alternatives for dashboard-only access.