Critical WordPress Plugin Flaws Enable Admin Takeover
Attackers run automated scans continuously, and when a flaw is disclosed, exploitation attempts begin within hours. In June 2026, several critical
Services / Consultancy
As a WordPress specialist and independent consultant with over 20 years' experience, I provide expert technical judgement when you need it most: a second set of eyes on a plan, a codebase, or a proposal before you commit to a significant decision. No commercial relationships with vendors, no agency's interest in upselling a rebuild, and none of the conflict that comes from a developer reviewing their own work.
£75/hour
Or £600/day
Written output
Every engagement
No vendor ties
Independent assessment
Specialist, not generalist
Most WordPress work is done by generalists: capable developers who build sites across whatever stack a client arrives with. That is the right fit for a straightforward build. It is the wrong fit when the problem is architectural, the stakes are commercial, or the existing work needs judging rather than continuing.
A WordPress specialist has gone deep rather than wide. I do not take on design-led brochure builds or chase every new framework. I work on a focused set of hard problems — performance, security, forensic troubleshooting, and the architectural decisions underneath them — and I have done so for over twenty years. That depth is what a consultancy engagement buys: not a pair of hands, but judgement that has seen the failure modes before.
It is also why specialism and independent consultancy belong together. To tell you whether a proposed architecture is sound, whether a plugin choice will cost you later, or whether a quoted rebuild is actually necessary, the person assessing it has to understand the subject more deeply than the people who proposed it. A generalist second opinion is just another opinion. A specialist second opinion is a verdict you can act on.
The value
A developer recommending a technical approach has a conflict of interest: they benefit from the work being complex and from the solution requiring their specific skills. An agency proposing a rebuild is not a neutral party. A plugin vendor's support team is not going to tell you their plugin is wrong for your situation.
Independent consultancy removes that conflict. When I assess a proposed architecture, a plugin choice, or a quoted project, my only obligation is to give you an accurate assessment. I have no financial relationship with WordPress plugin companies, no referral agreements with agencies, and no interest in recommending work I will then be paid to deliver.
The most common outcome of a consultancy engagement is not that the proposed work is wrong — it is that it is right, and the client proceeds with confidence rather than uncertainty. Occasionally the proposed scope is substantially wrong, and catching that before commitment is worth several times the cost of the review.
What is included
All consultancy engagements produce a written output: a findings report, a specification, or a written assessment. I do not deliver verbal advice that disappears after the call.
A structured assessment of your current WordPress setup against what you are trying to achieve technically and commercially. I identify mismatches between your architecture and your requirements, flag technical debt that is costing you in maintenance overhead or performance, and produce a prioritised recommendations report. This is frequently the first engagement before a larger body of work.
Independent assessment of specific plugins, themes, or technical approaches you are considering. Not a generic review — a targeted evaluation against your exact requirements, your existing stack, and the maintenance implications of each option. I have no commercial relationships with plugin vendors and no interest in recommending what I sell.
Inheriting a WordPress project from another developer and not confident in the quality of what you are receiving? I review the codebase, the database structure, the plugin choices, and the hosting configuration — and give you an honest assessment of what you are taking on and what it will cost to bring it to a maintainable standard.
If you are procuring development work and want a precise specification to take to a developer or agency, I can write it. A well-written specification reduces scope creep, eliminates ambiguity, and gives you a basis for comparing quotes. It also ensures the developer builds what you actually need rather than their interpretation of an imprecise brief.
A developer or agency has quoted for work and you are not sure whether the scope is right, the price is fair, or the proposed approach is technically sound. I provide an independent technical assessment: whether the proposed solution addresses the actual problem, whether the scope is appropriate, and whether the approach is the right one.
Before a new or redesigned WordPress site goes live, a structured technical review covering security configuration, performance baseline, accessibility compliance, structured data implementation, and canonicalisation. Finding problems before launch is significantly less disruptive than finding them after.
Who this is for
You have received a quote from a developer or agency for significant work and want an independent assessment of the scope, approach, and price before committing.
You are inheriting a WordPress project from another developer and need an honest account of the quality and condition of what you are taking on.
You are choosing between platforms, plugins, or technical approaches and need expert input from someone with no commercial interest in the outcome.
You need a precise technical specification written before taking a project to market — something developers can quote against accurately rather than interpreting a vague brief.
Your current developer's technical decisions concern you and you want a second opinion from someone with no stake in the existing work.
You are a non-technical decision-maker responsible for WordPress investment and need independent technical guidance to inform a significant commitment.
Your consultant
Consultancy is only as good as the person giving it. I am Jason Boyd, a specialist WordPress engineer with over 20 years' experience and a former W3C Invited Expert in web accessibility. I have delivered WordPress work for organisations including NHS Scotland, Fujitsu, GE Capital, and Openreach.
You work with me directly throughout. There is no account manager, no junior handover, and no team whose work I am quietly defending. The independence that makes the advice worth having extends to who delivers it: one specialist, accountable for the assessment you receive. I am a WordPress specialist based in Scotland, working with clients there and across the UK.
FAQs
The other services — performance engineering, security hardening, troubleshooting, development — are hands-on technical work on your site. Consultancy is assessment, advice, and specification: situations where you need expert judgement rather than direct implementation. These often combine: a consultancy engagement frequently leads to a project.
Consultancy is charged at my standard day rate of £600 (or £75/hour for shorter engagements). I agree the scope and time commitment before starting. There is no open-ended billing — you know the maximum cost before I begin.
This is within scope for an ongoing consultancy arrangement. A regular engagement where I review your technical roadmap, assess proposed work, review vendor proposals, and provide strategic technical guidance is something I can structure as a monthly retained relationship with a defined number of hours.
Yes, and I do so regularly. The most common request is a code review of a plugin or theme built by a previous developer, or an assessment of a quoted project scope. I review these against WordPress Coding Standards, current security best practice, and the specific requirements I am given. The output is always a written findings report.
From the blog
Attackers run automated scans continuously, and when a flaw is disclosed, exploitation attempts begin within hours. In June 2026, several critical
Up to £3.2 billion of UK online retail sales each year involve sellers who avoid VAT collection by falsely claiming to be UK-established. That figure
When a brand with a global following needs to open a physical store in days rather than weeks, platform choice stops being a technical question and
Describe what you are assessing — a proposed project, a codebase, a technology choice. I will tell you what I can tell you about it and what it will cost to do so properly.