Security Hardening & Performance Optimization

Architecture firm · Argentina

Optimized by Maia Del Basso · PeakCore · 2026

The result in numbers

SSL Labs A · Security Headers D → A · Desktop PageSpeed 86 · GTmetrix B · LCP 2.2s

Context

A professional services firm — architecture and construction — running a WordPress site that was functional but technically exposed. The site was being used as a credential and lead generation tool, meaning its security and credibility directly affected the business.

Problem

SSL Labs grade was not at A. Security headers were completely absent — grade D. For a firm selling professional credibility, a security audit that exposed these gaps would undermine client trust. Beyond perception, the missing headers left the site exposed to clickjacking, MIME sniffing, and cross-site scripting vectors.

Diagnosis

Security audit covering SSL configuration, HTTP response headers, Wordfence status, and WordPress hardening checklist. Performance audit via PageSpeed Insights, GTmetrix, and Chrome DevTools.

Key findings:

• SSL configuration not at A — cipher suite issues
• 5 critical HTTP security headers missing: Strict-Transport-Security, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy
• PageSpeed mobile at 66 — render-blocking resources, unoptimized images
• No caching layer active