A look at the kind of work GMTek does and the methodology behind it. Client names and
identifying details are withheld; outcomes and technical approach are shown as-is.
Incident Response · Reinfection Eviction
“We deleted the hacked file and it came back.”
A small dental practice's WordPress brochure site had been cleaned once — the owner's helper
deleted a webshell and a mystery admin user — and the infection reappeared within a week. The
host kept flagging a malicious file no one could find.
Outcome
Identified 7 persistence footholds and 3 independent self-healing
re-creators all feeding off one payload stored in the database — then evicted them in an
order that prevented respawn, closed the entry vector, and verified 0 reinfections
across a full cycle.
The prior "cleanup" removed only the two visible pieces and left every mechanism that rebuilt
them — a plugin object-injection entry point, a cron dropper, a hidden dot-file webshell, a
look-alike core file, and a theme hook that recreated the admin on every page load. The fix
was the order: source and re-creators before the artifacts they rebuild.
Stack: WordPress · nginx · PHP-FPM
Role: Forensics, eviction, proof-of-eradication
6 Critical
1 High
Pre-Launch Security Audit
A booking site about to spend on ads — with the keys to the business exposed
A small tour-booking company was ready to drive paid traffic to a new website. A source-level
security review before launch found the site was publicly serving its own production secrets.
Outcome
7 issues found (1 Critical, 3 High, 3 Medium) before a dollar was spent
on ads — including live payment & email API keys downloadable by anyone, and a staff
portal with no login exposing real customer bookings. Each pinned to an exact file, with the
specific fix and a priority order.
Delivered as a plain-English report an owner can act on and a developer can execute: rotate the
burned credentials today, put the portal behind real authentication, fix a reflected XSS, set
security headers, and clean recon-leaking source comments. Scope boundaries and confidence
stated honestly — no scanner spray, no crying wolf.
Stack: Static site · staff portal · Stripe/SendGrid keys · CSP/headers
Role: White-box security review & report
1 Critical
3 High
3 Medium
Full Incident Engagement
Compromised store: contain, notify, harden — end to end
A small e-commerce WordPress site was compromised. GMTek ran the whole engagement: find what
happened, contain it safely, advise the owner on obligations, and harden against a repeat.
Outcome
7 indicators of compromise traced to exact files and log lines,
contained in a safe order (persistence before the account it respawns), plus honest
breach-notification guidance scoped to the actually-affected records and a verify-by-observation
hardening runbook with rollbacks.
Just as important: what was not an incident. Legitimate owner logins and a routine
plugin auto-update were correctly cleared instead of inflated into alarms — the difference
between a report a client can trust and one that cries wolf.
Stack: WordPress · WooCommerce
Role: IR lead · containment · client comms · hardening
Contained, notified, hardened
Website Build · Lead Capture
Local service business with no working site → a mobile-first one that books
Local businesses that live on a dead link, a platform listing, or a decade-old page lose
customers who search on their phones. GMTek builds tailored single-page sites that load fast
and turn visitors into inquiries.
Outcome
A fast, mobile-first site with the business's real photos, an
estimate/booking request form, and valid LocalBusiness structured data so it shows up
correctly in search — deployed on a modern, secure host with SSL from day one.
Built as a real preview the owner can see before committing, then grown into the full site and
an ongoing care plan on the first yes.
Stack: HTML · Tailwind · Cloudflare Pages · JSON-LD
Role: Design · build · deploy · care
Live & lead-ready