Secure WordPress, Symfony, FastAPI: Freelancing Journey

Introduction: A Grad's Guide to Freelancing and Security

I’m a freshly minted security engineer with a dream: to level up as a DevSecOps professional. While I’m working on landing that perfect full-time role, I’ve been flexing my skills by building websites and web applications as a freelancer. Well, sort of — I’ve worked on personal projects and helped out non-profits, so let’s call it freelancer-in-training.

These experiences have taught me not just how to pick the right tools—WordPress for simplicity, Symfony for backend reliability, and FastAPI for blazing-fast performance—but also how to bake security into everything I build. This article isn’t just about the tech I use; it’s a guide to building web solutions that don’t make security an afterthought.

Oh, and stick around to the end—I’ve got some shiny new services I’m excited to share.

WordPress: The Speedy Solution for Simple and Secure Sites

WordPress is the first tool I grab for projects like quick landing pages, association websites, or concept demos. It’s user-friendly, versatile, and doesn’t make me lose my mind when a deadline is looming. But it’s also the internet’s most popular CMS (43.2% of websites use WordPress as of 2023), which makes it a juicy target for attackers.

How I Use It:

Landing Pages and Prototypes: When a non-profit wanted a donation page, I whipped one up using WordPress with Elementor. It looked sleek, worked on mobile, and even had a secure payment form—all set up in under a day.
Association Sites: Small organizations often need a place to showcase events, share updates, and take registrations. WordPress’s Gutenberg block editor lets me create these layouts easily.

Security Tips for WordPress:

Pick Plugins Like You Pick Friends—Carefully: Not every flashy plugin is trustworthy. Stick to those with high ratings, active updates, and good reviews. One poorly-coded plugin can turn your site into a hacker’s playground.
Always Harden Your Installations: Changing default admin URLs, using strong passwords, and setting file permissions are basic steps, but they go a long way.
Update or Die (Metaphorically): 95% of hacked WordPress sites in 2021 were running outdated plugins or themes (source: Sucuri). Keeping everything up-to-date is non-negotiable.

Real Talk: Sometime I prefer to look for free themes when working with non-profit or when people do not want to invest money on their website. Early on, I learned the hard way that not all free themes are created equal. Let’s just say a cheap-looking site is better than a compromised one. Lesson learned: always vet your sources. Or use free-for-non-profit alternatives if it is possible.

Symfony: The Backbone of Secure, Complex Web Apps

For projects that need a solid backend—think user authentication, data-heavy dashboards, or APIs that won’t crumble under pressure—I turn to Symfony. It’s like the Swiss Army knife of PHP frameworks: it can handle almost anything you throw at it while keeping things organized and secure.

Where Symfony Shines:

Complex Applications: Whether it’s a custom CMS or an analytics platform, Symfony's robust architecture makes scaling and maintaining projects easier.
Secure APIs: Symfony’s built-in CSRF protection, input validation, and authentication tools help me create APIs that don’t scream “hack me!”

Security in Symfony:

Stick to the Principles of Least Privilege: Only give users access to what they need. Symfony makes role-based access control (RBAC) simple to implement.
Automate Your Testing: I run unit and functional tests religiously using PHPUnit. Security flaws hate the light of day.
Scan Dependencies Like Your Bank Account : Symfony’s security:check command finds vulnerabilities in your project’s libraries faster than you can say it.

Case Study: I built a demo analytics app for a local non-profit to help them track campaign performance. Using Symfony’s Doctrine ORM, I could secure sensitive data and enforce permissions for different user roles. Plus, it taught me just how many ways SQL injection can creep in if you’re not careful (spoiler: way too many). Indeed one hour expose to the web is enough to have a flooded database.

FastAPI: Fast, Flexible, and Secure for Real-Time Needs

Python has always been my programming comfort food, and FastAPI is like the perfectly seasoned dish you didn’t know you needed. It’s ideal for projects that need real-time capabilities or asynchronous operations—like chat apps, live dashboards, or microservices.

Why I Love FastAPI:

Blazing Speed: FastAPI lives up to its name. It’s lightweight and async, which means fewer bottlenecks and better performance.
Built-In Swagger UI: FastAPI generates interactive documentation automatically. Clients in the real world love it, and so do I.
Data Validation Like a Pro: Using Python’s Pydantic library, you can validate incoming data without breaking a sweat.

Security Must-Dos for FastAPI:

OAuth2 and JWT for Authentication: These aren’t just buzzwords. Token-based authentication ensures users only access what they’re allowed to.
Use HTTPS, Always: Exposing APIs over plain HTTP is like leaving your front door wide open. A valid SSL certificate is your first line of defense.
Limit User Input: Validate, sanitize, and restrict inputs. Never trust the user to send safe data—they probably won’t.

Fun Fact: On a personal project, I forgot to await an async database call. The app locked up tighter than a drum, and I had to rewrite the whole function. Async can be your best friend—or your worst enemy—if you’re not paying attention.

The Bigger Picture: Security in Freelance Projects

No matter what tool I use, my approach stays the same: start secure, stay secure. Security isn’t just a checkbox at the end of development—it’s something you need to weave into every step of the process.

Here’s My Security Game Plan:

Regular Penetration Testing: I use tools like OWASP ZAP to simulate attacks and identify vulnerabilities. SAST tools integrated to GitLab like Semgrep to scan for vulnerabilities in static code.
Educating “Clients”: I always leave projects with clear instructions on maintaining their site securely (e.g., keep software updated, monitor logins, etc.).
Disaster Recovery Plans: Every project I deliver includes backups and recovery instructions. It’s not paranoia—it’s preparation.

The goal of DevSecOps is to improve customer outcomes and mission value through the automation, monitoring, and application of security at every phase of the software lifecycle.

— DevSecOps Fundamentals Guidebook by US Department Of Defense

That’s also why this article is for.

Remember: Learning, Growing, and Staying Secure

Freelancing-in-training as stated is, I think, more than just a way to gain experience—it’s been a crash course in balancing speed, functionality, and security. Each project has taught me something new, from patching WordPress vulnerabilities to mastering FastAPI’s async quirks.

If you’re starting out as a freelance developer (or juggling it alongside a security career), my advice at my level of experience is simple: Pick your tools wisely, stay curious, and never skimp on security. It’s like that old saying goes, “With great power comes great responsibility.” And by power, I mean root access.

Conclusion: Ready to Build (and Secure) Your Next Big Thing

Whether you need a sleek landing page, a robust backend, or a high-performance API, I’m here to make it happen—securely. My background in security engineering, combined with my experience building projects with WordPress, Symfony, and FastAPI, means you’ll get more than just functionality. You’ll get peace of mind.

If you’re ready to take your website or web application to the next level, let’s talk. I’ll bring the tech skills, the security expertise, and maybe even a few bad jokes along the way.

🚀 Let’s build something amazing together. Check my root site at germain.tech and let’s get in touch today!

Building Websites and Web Apps with WordPress, Symfony, and FastAPI: A Grad’s Journey into Security and Freelancing

Table of contents