What can I do for you?

There is a reasonable chance you are here because something has gone wrong, I really hope that’s not the case and if it’s not then let us talk about how to prevent things going wrong. 

However for many you are on this page looking for help, so let’s start with the simple things:

Something has gone wrong!

Don’t Panic.

So many of my conversations begin that way, it’s almost never as bad as it seems and we can put it right, be it a very slow loading site that keeps falling over or a site hack. Together we can get it fixed.

So, deep breath, here is how I can help: 

Power Hour Consultancy


If you are looking for advice for your security and site health or for a discussion on strategy for your DevOps setup and pipeline, through to performance issues, then a Power Hour might be perfect for you.

The Power Hour is you, me and potentially your team on a video call going through whatever you want. It’s a fixed length of time and a single one off fixed fee of £150. 

All you have to do is fill in the form, and pick a date. On the form I ask some details about what you are hoping to get out of our meeting this will allow me to prepare a little bit and als to be honest if you are after things outside of my expertise.

You’ll leave the call with actionable takeaways and resources that you can apply immediately to your organisation.

A summary, call notes, and recommendations will be sent 24-48 hours after the call.

This style of consultation works best if you are looking to pick my brains about broader subjects or a “how would you look to implement this” style question. On the form it asks for details of where you want the conversation to go, the more I can prepare the more use I will be. 

To give you some idea of some of the sort of work I do here are some example problems I have helped organisation like yours with:

Hunting hacks

Many organisations get hacked, I was approached by one such company where they were repeatedly hacked even after having the site “professionally” cleaned by a reputable company.  I was asked both to clean the site and more importantly identify how reinfection was occurring.

After a lot of log file combining, I was able to present a plausible timeline for infections and identify why the clean-ups had failed to fully disinfect the site. With a more confident understanding of how they were infected we were able to clean the site fully and get them going again. 

Tracking down impossible bugs

I was approached by a company that was suffering a bug where their subscription data was periodically being reset, causing the clients to have subscription dates set incorrectly. Their developers had been through the code and had reached the stage where they were convinced it was server related. 

I was brought in to help look over their infrastructure which included a multiple machine setup. After some debugging we isolated the issue to a single cron job, and with some further work, found the WordPress object cache had an empty user object which it was then applying to the users. With that knowledge the developers were able to locate and identify the bug.

I want to prevent something going wrong!

Power Hour consultancy


If you are looking for advice for your security and site health or for a discussion on strategy for your DevOps setup and pipeline, through to performance issues, then a Power Hour might be perfect for you.

The Power Hour is you, me and potentially your team on a video call going through whatever you want. It’s a fixed length of time and a single one off fixed fee of £150. 

All you have to do is fill in the form, and pick a date. On the form I ask some details about what you are hoping to get out of our meeting this will allow me to prepare a little bit and als to be honest if you are after things outside of my expertise.

You’ll leave the call with actionable takeaways and resources that you can apply immediately to your organisation.

A summary, call notes, and recommendations will be sent 24-48 hours after the call.

This style of consultation works best if you are looking to pick my brains about broader subjects or a “how would you look to implement this” style question. On the form it asks for details of where you want the conversation to go, the more I can prepare the more use I will be. 

Working with you on projects


I am a Dev/Sec/Ops person who can probably get involved in many parts of your organisation. Every relationship is different but areas I think I might be particularly suited in coming and working with your organisation are:

  • Security audits of sites, plugins, themes and implementing audits into your workflows
  • Providing security training for staff and clients
  • Helping with specific security issues, for example hacked sites
  • Help building out strategic overview of security within your organisation
  • Helping your development team level up in terms of system administration, server admin and things like continuous integration.
  • Auditing and improving site performance both in terms of load speeds but also in terms of increasing the amount of concurrent visitors.

To give you some idea of some of the sort of work I do here are some example problems I have helped organisation like yours with:

Security Auditing

“I hired Tim to do an audit on one of our most popular plugins, not only was this one of the best business decisions I have made. It was an invaluable experience and one I would highly recommend to any other plugin/theme developers. The takeaways from this have been super beneficial to my business (both in coding and business) and I now have the confidence to grow and take it to the next level!”

avatar

Aaron Bowie

We are AG

Working with We Are AG I performed a security audit of the plugin. While the audit was specifically looking at security any items that seemed odd were picked up. I then went through the audit, the methodology sharing the tools and how things were done with the We Are AG team and then, over a couple of sessions, went through proposed changes and reauditing. 

Tracking down impossible bugs

I was approached by a company that was suffering a bug where their subscription data was periodically being reset, causing the clients to have subscription dates set incorrectly. Their developers had been through the code and had reached the stage where they were convinced it was server related. 

I was brought in to help look over their infrastructure which included a multiple machine setup. After some debugging we isolated the issue to a single cron job, and with some further work, found the WordPress object cache had an empty user object which it was then applying to the users. With that knowledge the developers were able to locate and identify the bug.

Hunting hacks

Many organisations get hacked, I was approached by one such company where they were repeatedly hacked even after having the site “professionally” cleaned by a reputable company.  I was asked both to clean the site and more importantly identify how reinfection was occurring.

After a lot of log file combining, I was able to present a plausible timeline for infections and identify why the clean-ups had failed to fully disinfect the site. With a more confident understanding of how they were infected we were able to clean the site fully and get them going again. 

Longer term retainers


Most of my engagements are for a single or couple of days of my time, to help solve a specific problem. However, retainer based engagements allow me to work deeply with your organisation.

Retainer based engagements are really suited to longer security, maintenance and performance projects or mini projects to assist your team over a period of time. What might that look like? Well, for example, a 3 day a month retainer over a couple of months might look like this.

In month 1 the first 3 days are spent looking at longer term strategies and performing security and performance audits. Before identifying a specific first project, for example helping to scope and showing the benefits for continual integration tooling processes and mapping how that should look. In month 2 helping directly with the build phase provides plenty of opportunities to advise on problems and bottlenecks. At the same time we can start scoping the next project, of introducing Multi-Factor Authentication and SSO across the organisation, which is to be built in the subsequent months.

For other organisations, the emphasis might be on auditing client sites and preparing training for clients and the organisation itself.

Retainer based consultancy provides you with a cost effective way to gain access to me for a few days a month to help me work with you to level up your organisation.

Getting started

So let’s talk, if you wish to sign up for a “power hour” then you can do so via Calendly link, select a time that’s right for you. For all other enquiries site@timnash.co.uk

About Tim Nash


My name is Tim Nash I am a WordPress security expert with a background in development and system administration. In addition to building one of the very first commercial WordPress plugins, I have ran a development agency specialising in payments and security, worked with big named organisations like PayPal and the World Food Programme and spent 5 years as the WordPress Platform Lead at 34SP.com building a Managed WordPress Platform used by thousands of site. 

My ethos and approach

Over the years, I have mellowed and aged, definitely aged, like a fine wine, I hope. And that’s better than the alternative, which is to become sour and vinegary. I don’t believe I have lost any passion but it has been tempered with realism. 

Past Tim was dogmatic – “this is the correct approach and there should be no compromise” – and there are times where I will be honest and tell you this is not an area to compromise. However, I also understand that your organisation has to flex and bend and no solution meets deployment and is not slightly changed. I will always encourage best practices but I won’t chastise you for not following them.

I have a beautiful daughter and we need to leave the world in a better state than how we inherited it, as such I believe strongly in sustainability, not only does this site use a green hosting provider but my business is carbon negative, combining making choices based, in part, on green credentials but offsetting the entirety of our energy consumption, green energy and all.

Above all, I want to make sure any marks I leave are positive and that I leave things safer and better. I want to work with nice people who share my values and beliefs that we should be mindful and make sure everything we do is an improvement that we are helping.