A real estate agent hired me to fix email spoofing. What I found was an actively compromised WordPress site with four hidden backdoors, concurrent attacker sessions, and wire fraud attempts targeting his closings — all running silently for over two years.
Read Details
A marketing agency’s WordPress sites had a strange trick: adding ?1 to the URL would fix the broken CSS. Underneath was a stack of caching plugins and a premium CDN all fighting each other — and the fix wasn’t to add another layer, but to take layers away.
Read Details
A flooring company’s outbound email started bouncing because a neighbor on their shared hosting IP had poisoned the well. Quotes were missing customers and the team had run out of patience — the only real fix was to leave.
Read Details
A nonprofit organization was sending nearly two million emails a year — and Gmail was punishing them for it. The fix wasn’t technical. It was figuring out which ’engaged’ contacts were ghosts.
Read Details
A WordPress migration enters the unglamorous middle phase — hardening every layer of the stack, building a three-layer backup architecture, transferring 19GB of media, and discovering that the production database has drifted too far for a simple reimport.
Read Details
A page cache that wasn’t caching, a plugin silently adding 30 seconds to every admin operation, a PHP feature that crashed the server with a 4-gigabyte ghost allocation — and the methodical profiling work that found each one.
Read Details
A nonprofit’s WordPress site moves from a shared server with 34 other sites to a dedicated VPS. Along the way: a server stack built from scratch, a two-major-version PHP jump with zero fatal errors, and the painstaking work of proving a staging environment is actually safe before trusting it with production.
Read Details