Press "Enter" to skip to content

Security Isn’t a Feature, It’s Necessary – The Reasonable Adjustment

By Kieron JH on July 31, 2025 6:11 am

By Kieron JH
Founder – The Reasonable Adjustment

Radar chart comparing website security hardening between the average WordPress site and The Reasonable AdjustmentHow our Cloudflare security profile compares to the average WordPress site.

A lot of people talk about digital security like it’s an expensive afterthought, a paid plugin, or a checkbox for compliance. But for us, it’s something else entirely – it’s a core value.

If you’re running a purpose-led platform – especially one supporting disabled, neurodivergent, or marginalised users – you don’t just “need” security, you owe it to your community. Your users aren’t just web traffic. They’re often people whose data has already been misused or mishandled by institutions that promised to protect them.

Why We Locked It Down

Our platform is built on WordPress. That makes it flexible and accessible – but it also makes it a magnet for automated attacks, brute-force login attempts, bot scans, API sniffing, and bad actors looking to probe common misconfigurations.

Rather than wait for something to go wrong, we built proactive protection into the structure of our website. Our Cloudflare firewall now blocks or challenges traffic that looks suspicious before it even reaches WordPress. That includes:

  • 🛑 Blocking common bot patterns and brute-force login attempts
  • 🌍 Filtering traffic by ASN (cloud hosts often used for abuse) and geography
  • 🔐 Locking down WP endpoints like /xmlrpc.php, /wp-login, and /wp-json
  • 📜 Denying access to exposed plugin, theme, and config paths unless required
  • 🧠 Using conditional logic to allow legitimate admin access while stopping credential stuffing tools

These changes aren’t flashy. But they work – and they reflect the kind of space we want to create here: one where safety isn’t something you buy, it’s something you build.

So… Who Cares?

You might think this level of hardening is overkill for a small advocacy platform. We disagree.

Our users often rely on digital spaces because real-world systems have failed them. That means we have a duty – not just to publish content, but to protect the people reading it. If we claim to stand for justice and safety, our backend had better live up to it.

And the best part? We did it with zero budget. No premium firewalls. No developers. Just logic, lived experience, and free tools like Cloudflare.

What This Shows

That radar chart above? It isn’t there to flex. It’s there to demonstrate what’s possible when you build with intention. We’ve gone well beyond the industry average for security – not because we’re paranoid, but because we respect our users.

Most WordPress sites don’t lock this stuff down – and many site owners assume they can’t afford to. But with a bit of time, the right mindset, and some ethical paranoia, you can do more than keep the lights on. You can build something that’s actually safe.

This isn’t just about cyber hygiene – it’s about digital justice.


Published in Articles and Food For Thought

More from ArticlesMore posts in Articles »
More from Food For ThoughtMore posts in Food For Thought »

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *