Project Title Secure Website Development for a civic Initiative --- Project Description We are looking for an experienced web developer or development team to design and build a secure, multilingual website (Arabic / English / French) for a civic initiative — a platform dedicated to documenting corruption cases, publishing verified reports, and providing a safe communication channel for whistleblowers. The website must prioritize security, data privacy, and usability, and comply with international standards for data protection (GDPR-level). It should be simple, fast, and resilient to potential cyberattacks or censorship attempts. --- Key Objectives 1. Create a secure, encrypted platform (HTTPS, HSTS, CSP) with strong backend protection. 2. Enable anonymous submissions and encrypted file uploads for whistleblowers. 3. Provide a content management system (CMS) with role-based access control and audit logs. 4. Build a responsive RTL/LTR design (Arabic right-to-left compatibility). 5. Include archive pages for reports, documents, and public content. 6. Implement data backup, monitoring, and privacy policies for long-term reliability. --- Core Features and Requirements 1. Security HTTPS, HSTS, CSP policies, and XSS/CSRF prevention. Encrypted storage for sensitive submissions (if stored at all). Server-side encryption (AES / RSA). Secure admin panel with 2FA and login attempt limits. DDoS protection (via Cloudflare / reverse proxy / hosting solution). Logging and monitoring system for suspicious access. 2. Frontend Modern, minimalist UI — inspired by investigative media / civic initiatives. Fully responsive design for mobile and desktop. RTL support for Arabic + LTR for English/French. Accessibility compliance (WCAG 2.1 level AA). Multilingual navigation and pages. 3. Backend (CMS) Secure and customizable CMS (WordPress hardened / Laravel / Django / Node). User roles: Admin, Editor, Reviewer, Guest. Content approval workflow. Audit trail (who did what, and when). Option to disable comments or moderate them manually. 4. Anonymous Whistleblower Portal Form submission system with file upload (text, images, PDFs). Files encrypted and never stored longer than defined retention time. Optional one-time download links for editors. No IP logging or third-party analytics on sensitive pages. 5. Legal / Policy Pages Terms of Use, Privacy Policy, Cookie Policy. Transparency page describing funding and independence. --- Tech Stack (preferred) Frontend: Next.js / React / Vue or secure WordPress (with custom theme). Backend: Laravel / Node.js / Django / Hardened WordPress. Database: MySQL / PostgreSQL with encrypted fields. Hosting: DigitalOcean / Hetzner / AWS / Secure VPS (DDoS-protected). Security Tools: Cloudflare / Fail2ban / ModSecurity / UptimeRobot. --- Deliverables 1. Complete source code (frontend + backend). 2. Hosting and deployment setup. 3. UI/UX design mockups (Figma or Adobe XD). 4. Documentation (installation + admin manual). 5. Basic security audit report (or checklist). 6. Training session for administrators (1–2 hours). 7. Backup & restore procedure documentation. --- Estimated Timeline Phase Duration Deliverables Discovery & Planning 1 week Technical architecture, design brief UI/UX Design 1 week Figma/Adobe XD prototypes Development (Core + CMS) 2–3 weeks Website build & integration Security & Testing 1 week Vulnerability check, QA Deployment & Training 1 week Live version + admin onboarding Estimated Total Duration: 5–6 weeks. Required Skills Full-stack web development (PHP/Laravel, Django, or Node.js). Web application security (OWASP Top 10, HTTPS, CSP, TLS). UI/UX design (responsive, multilingual, RTL design). Cloud hosting setup and server hardening. Experience with journalistic or civic-tech platforms (a big plus). --- Notes on Data Protection No personal data or tracking systems should be stored without consent. Submissions should be end-to-end encrypted if technically feasible. The site must comply with GDPR and local data laws. Logs should be anonymized and auto-deleted after a defined period. --- Additional Context The initiative "Hold the Regime" (امسك نظام) is a civic watchdog movement focused on investigation, documentation, and accountability. The website will serve as a digital hub for verified reporting — not political propaganda — and aims to build citizen trust through transparency and digital ethics. --- When Applying Please include: Links to previous security-oriented websites or investigative projects. Description of your security approach (encryption, DDoS, data handling). A timeline estimate and cost breakdown per phase.