About

We are an ethical and values based web hosting company, the oldest carbon-neutral web host in the world. We are re-launching with a new concept in hosting that must be built and tested before roll-out. We’re on a tight budget, but we welcome the chance to give new freelancers a chance to make a name for themselves by adding a successful job to encourage more job offers in the future. If you accept a project from us, you can rest assured that your work is contributing in some small way to a better world! We’re relaunching a carbon-neutral WordPress hosting platform on Hetzner (EU). 100% self-hosted, no SaaS dependencies. Dockerized LEMP via Coolify, Caddy at the edge, per-site S3 backups (Hetzner now, MinIO-ready), and a small self-hosted plugin (“WP Steward”) that lets our internal agent safely perform reversible WP edits. We track work in OpenProject and keep code in a single Git monorepo on self-hosted Gitea. Fully async; any timezone. Budget-conscious; newer freelancers welcome. Role Harden our WP Steward plugin and add a minimal Admin → Tools → Steward Log screen to view audit logs for its REST actions. Current routes to secure POST /stewardwp/v1/css/append (append small, reversible CSS to “Additional CSS”) POST /stewardwp/v1/post/(id)/comments (toggle comments open/closed) POST /stewardwp/v1/block/update (update a specific Gutenberg block by path) Deliverables Capability model: custom role with least-privilege caps; Application Passwords only (no cookies). Security pass on all 3 routes (nonce/app-password validation, input validation, size limits, clear error messages). Audit log (CPT or custom table) that records: timestamp, route, actor (user ID), post IDs touched, inputs hash (no secrets), result, and a revert link when a WP revision exists. Admin UI: paginated list, filters (route/user/post), search. Unit/Integration tests (PHPUnit) + a few curl/WP-CLI snippets for manual testing. Short README (install, caps, examples). Acceptance tests (must pass) Users without caps → 403; users with custom role → 200. Mutations create WP revisions where applicable and log entries with revert link. Admin screen renders in 300 ms with 1,000 log rows on typical hosting. Invalid block path/update returns a precise error; no post_content corruption. Stack WP 6.6.x, PHP-FPM 8.2, MariaDB 11, Nginx, Debian 12. Local dev OK. Estimated effort: 10–16 hours (fixed price; propose your amount). Milestones Main: security + audit log + admin UI + tests Handover: README + small code walkthrough (text or Loom) How to apply (short) Link to a custom WP REST route you secured (or gist). One sentence on how you’d store audit logs (CPT vs table, why). Briefly: how do you safely update a nested Gutenberg block by path?