Project Description
I run a professional training institute. My current WordPress site has accumulated technical issues over the years — broken pages, white-screen errors after login, thousands of spam user accounts, and outdated plugins. Rather than cleaning up the existing installation, I want to:
Move the current site to a subdomain (e.g., old.[domain]) as an archive
Build a clean fresh installation on the primary domain with WordPress + WPLMS, professionally secured and optimized
The site uses WPLMS theme + plugin, Vimeo for video, WooCommerce + PayPal for payments, Zoom for live training, and Mailchimp for email. I will provide all licenses.
I will handle design customization, course building, and content myself after handoff. Your job is to deliver a clean, secure, optimized foundation. I am open to your professional recommendations.
To Filter Spam Bids
Begin your proposal with the word "GRID". Generic copy-paste proposals will be ignored.
In your bid include:
The word "GRID" as the first word
2–3 sentences explaining your fit
URLs of LMS sites you've worked on — WPLMS preferred; LearnDash, LifterLMS, or Tutor LMS also acceptable. LMS experience is required.
URLs of other WordPress sites
Your fixed bid and timeline
Any clarifying questions
Bids missing point 1 or point 3 will be ignored.
Scope of Work
Phase 1 — Backup & Migration to Subdomain
Take a full backup (files + database) and provide me a downloadable copy before any changes
Move the existing site to a subdomain with working SSL
Verify subdomain loads correctly, existing logins work, content accessible
Update database URLs as needed for subdomain to function
Phase 2 — Fresh Install on Primary Domain
Fresh WordPress install (clean database, no carryover)
Install WPLMS theme + plugin (license provided)
Apply functional default WPLMS configuration
Install Zoom integration plugin (your recommendation)
Configure WooCommerce + PayPal in test mode (production keys added by me later)
Phase 3 — Security (Highest Priority)
The previous site was overrun by spam registrations. The new site must have airtight registration + login flows.
Core security stack:
Wordfence (free) with firewall rules, IP rate-limiting, brute-force protection, admin email alerts
WPS Hide Login — change /wp-admin to a custom path (I will specify)
2FA enforced on admin and instructor accounts
Registration form protection:
Google reCAPTCHA v3 on registration, login, password reset, comment forms (keys provided)
Email verification / double opt-in (branded confirmation email)
Disposable email blocking (Mailinator, TempMail, Guerrilla Mail, 10minutemail, etc.)
Honeypot field on registration form
Strong password requirement (8+ chars, mixed case, number)
IP rate-limiting on registration (max 3 per IP per hour)
Login protection:
IP locked 15 min after 5 failed attempts
Failed login logging with email alerts on attack patterns
WordPress hardening:
File editing disabled (DISALLOW_FILE_EDIT)
WordPress version hidden from page source
XML-RPC disabled (unless needed — confirm with me)
Strong admin password + non-default username
SSL active and forcing HTTPS site-wide
Secure cookies enabled
Database table prefix changed from default wp_
Required tests (document with screenshots in handoff report):
New test account registration via real email — full flow works
Disposable email registration blocked
Rate-limiting blocks 5 quick registrations from same IP
6 failed logins triggers 15-min lockout
Default /wp-admin no longer shows login page
Admin login triggers 2FA
Basic SQL injection / form fuzzing on registration — input sanitized
reCAPTCHA v3 score logging visible in admin
Phase 4 — Performance Optimization
WP Rocket installed and configured (caching, minification, lazy loading) — license provided
Cloudflare (free tier) configured — DNS routed, basic security and caching rules
WP-Optimize for scheduled database cleanup
UpdraftPlus for automated weekly backups (Google Drive or Dropbox — free tier)
Confirm hosting runs PHP 8.1+ with 256MB+ memory
Verify GZIP compression and browser caching headers active
Phase 5 — Page Stubs & System Assignments
No branding or design work. Just create empty pages and assign them to the correct WordPress/WPLMS/WooCommerce system roles so the site is wired up correctly.
Create empty page stubs (default templates, no content):
Home, Blog, About, Contact, All Courses, Live Training, Resources
Privacy Policy, Terms of Service (using standard generators)
System page assignments:
WordPress: set Home page as static homepage; set Blog page as posts page
WPLMS: assign correct pages for course archive, student dashboard, instructor dashboard, registration, login, my-account
WooCommerce: run setup wizard to assign cart, checkout, my-account, shop pages
Confirm primary navigation menu exists with placeholder items linking to the above pages (I will edit labels and structure later)
Set permalinks to "Post name" structure
Confirm working:
Homepage opens and shows the static Home page (not blog by default)
All course / course archive page opens and shows WPLMS catalog
Registration and login pages open with reCAPTCHA active
Student dashboard opens for logged-in test user
Contact page opens with default contact form (Contact Form 7 or WPForms — your recommendation)
Blog page opens and shows posts
Phase 6 — Verification and Handoff
No PHP errors in error log
Admin and WPLMS dashboards functional
Test student registration and login works end-to-end
Vimeo embed test passes
Homepage loads under 2 seconds (GTmetrix or PageSpeed Insights screenshot)
Written summary report (1–2 pages): what was done, plugins installed, settings, recommendations
Admin credentials, third-party service credentials (Wordfence, Cloudflare)
Before/after speed test screenshots
Screenshots of all 8 security tests with results
What's NOT in Scope
All branding, design, theme customization (logo, favicon, colors, typography, menus, footer styling — I will do all of this)
Course creation or content migration from old site
Photography, slider, homepage layout, hero sections
Page content (About, Contact, Programs, Blog posts — I will write)
SEO beyond technical baseline
Mailchimp setup (I will do)
Migration of users from old site to new (new site starts with zero users)
Any work on the archived subdomain beyond making it accessible
Required Skills
Strong LMS experience (WPLMS preferred; LearnDash, LifterLMS, Tutor LMS acceptable)
Strong WordPress security expertise — registration/login hardening, anti-spam, brute-force defense
WordPress administration (3+ years)
Migration experience (subdomain moves, database URL updates)
Configuring Wordfence, reCAPTCHA v3, 2FA, email verification
Performance optimization (WP Rocket, Cloudflare)
Comfortable with cPanel, hosting, DNS, SSL
Clear English communication
What Must Be Preserved (Do Not Change)
WPLMS theme/plugin (no platform migration)
Vimeo, WooCommerce + PayPal flows (must remain functional)
Existing branding and visual identity on archive subdomain
Existing courses and content on archive subdomain (untouched)
If you think any of these should change, raise it in chat — do not change unilaterally.
Hosting & Access
Site is on a managed WordPress host
Hosting/domain details disclosed only after shortlisting and NDA signed
I will create your admin account; revoked after handoff
A simple NDA must be signed before access — you'll have access to user data on the old site and must agree not to retain or share it after the project
Timeline
I am flexible on timeline but value efficient delivery. Please indicate your realistic timeline based on your current availability. The work should be done in less than one week.
Long-Term Engagement
Strong performance may lead to additional work — design customization, content migration, advanced SEO, UI/UX, new features. No commitment is made beyond this initial scope.
Open to Recommendations
If you see ways to improve the scope, plugin choices, sequence, or approach based on your experience, please mention them in your bid. I value experienced perspectives and am happy to refine before awarding.
Looking forward to your proposal.