I need an experienced security-minded developer to tighten my website’s defenses. The priority is routine maintenance geared specifically toward security updates rather than content tweaks or cosmetic fixes. Scope of work • SSL/TLS implementation – I am not sure whether an active certificate is already installed, so the first step will be to audit the current setup. If none exists, please handle procurement (Let’s Encrypt is fine) and full configuration, making sure all pages load over HTTPS without mixed-content warnings. • Vulnerability scanning – Run a thorough scan with a reputable tool (e.g., Nessus, Qualys, OpenVAS) and provide a clear report of findings. Remediate any critical or high-severity issues that surface. • Firewall setup – Configure an application-level firewall or WAF such as ModSecurity or Cloudflare to block common attack vectors and rate-limit suspicious traffic. Acceptance criteria 1. SSL Labs test must score A or better. 2. Post-remediation vulnerability scan shows no critical or high findings. 3. Firewall/WAF rules are active, documented, and demonstrably blocking test exploits. 4. A short hand-over document summarises all changes, credentials (if any), and next-step recommendations. Please outline your proposed approach, preferred tools, and an estimated timeline when you bid.