External Technical Audit for HarmonyMC: Joomla 5 + Gridbox + ChronoForms8 (Nginx + Apache, security, performance, conversion integrity) Describe what you need I need an experienced freelancer to audit and harden a live production stack running on cPanel/WHM with Nginx as an edge reverse proxy in front of Apache, serving a Joomla 5 site using Gridbox, ChronoForms8 (CF8), CleanTalk, and JCH Optimize Pro. The priority is not “just uptime.” The priority is conversion integrity and lead quality, plus stability under real traffic and bot pressure. We’ve seen intermittent issues like WAF false positives (406), form endpoint pressure leading to 502/504, and occasional front-end breakage after optimization changes. I want a proof-based audit and a clear remediation plan. Scope and expectations .htaccess and rewrite audit: canonical redirects, no loops, safe handling of Arabic URLs and long tracking parameters (gclid/gbraid/wbraid/UTMs), and correct cache exclusions for /administrator, Gridbox editor routes, and CF8 submit endpoints. Server audit: Nginx/Apache alignment, PHP-FPM tuning, SSL/TLS, rate limiting/bot mitigation that does not block real UAE users, and structured log-based root cause analysis. Joomla audit: plugin order/conflict isolation, template override awareness, and route-based caching safety. Performance audit: JCH Optimize Pro configuration that improves CWV (LCP/CLS/INP/TBT) without breaking CTAs, overlays, forms, or the Gridbox editor. Tracking integrity audit: GTM + GA4 + Google Ads. I need a clean conversion architecture where the Primary bidding conversion is backend-confirmed lead creation only, with dedup using a stable lead_id/transaction_id, and a reconciliation method across CF8 logs → CRM lead → GA4 event → Google Ads conversion. How you should work Evidence-first. No generic advice. Provide proof for each finding (curl headers, redirect chain mapping, logs, screenshots, GTM preview traces). One change at a time with before/after validation and a rollback plan. Deliverables: findings report, risk matrix, prioritized remediation plan with acceptance criteria. Required skills cPanel/WHM, Linux admin, Nginx reverse proxy, Apache/.htaccess, PHP-FPM, SSL/TLS WAF/ModSecurity tuning and tracking-parameter false positive control Joomla 5 + Gridbox + ChronoForms8 + CleanTalk + JCH Optimize Pro GTM/GA4/Google Ads conversion design and dedup Languages: Bash, regex, PHP, MySQL, JavaScript, HTML/CSS, Nginx/Apache configs (JSON baseline; Python/Node optional) If this matches your background, please review the job post and apply with: 3 similar audits you’ve done (short bullet summaries) Your approach for proving “backend-confirmed lead only” conversions Your availability window Thanks, Mohanad