Web Technical Hygiene · Tooltician

Web technical maintenance for companies that don't need to hire in-house

I review, fix, document, and monitor the basic technical points that are usually left unattended after a site goes live: security headers, HTTPS, DNS, forms, Search Console, visible errors, and small operational improvements.

All deliverables are in English. You get the technical depth of a seasoned developer at a fraction of the cost of a local consultant.

Review my site — from $69 See what's included

No scaremongering. No promises of total security. Just clear technical review, verifiable fixes, and a before/after report.

Problem

Your site can be online and still be technically abandoned

Many companies have a website, corporate email, forms, hosting, DNS, Analytics, Search Console, plugins, and landing pages. Once the site is published, no one is usually left checking whether any of that still works properly.

What typically happens

The certificate expires, a form stops sending emails, indexing errors appear, security headers go unconfigured, and the site starts showing signs of technical neglect. It doesn't always justify hiring someone internally to watch it — but leaving it completely unattended isn't a good option either.

The real asymmetry

Ignoring technical maintenance costs little until something fails. Reviewing it periodically costs far less than improvising under pressure, losing form submissions for weeks, or discovering late that a critical configuration was broken all along.

Approach

External technical judgment, without the cost of an internal hire

Tooltician offers a lightweight layer of review, hardening, documentation, and monitoring for companies that need to keep their site technically sound — but don't have enough volume to justify hiring a developer, web administrator, or internal specialist.

No scaremongering. No promises of total security.

Many automated tools generate low scores for reasonable configurations or deliberate trade-offs. Tooltician doesn't sell manufactured urgency: I review the basics, separate urgent issues from noise, fix what's reasonable, and document what was done with verifiable evidence.

SecurityHeaders.com and Mozilla Observatory serve as a visible starting point, not a final verdict. The reading considers context, available access, site criticality, and the real cost of correction.

Tools as evidence, not as a complete diagnosis

I use SecurityHeaders.com, Mozilla Observatory, Search Console, DNS review, form testing, and hosting signals as starting points. The final reading accounts for context, available access, site criticality, and reasonable correction cost.

Want a quick first signal?

Enter your domain at SecurityHeaders.com and Mozilla Observatory. A score of C or below generally indicates pending basic configurations. The technical diagnostic uses those results as a starting point, contextualizes them with the rest of the site, and separates what's urgent from automated noise.

Browser and transport security

  • Security headers — help browsers apply reasonable restrictions on external loads, iframes, permissions, and unnecessary information exposure.
  • HTTPS and redirects — avoid duplicate paths, domain inconsistencies, and technical signals that erode trust.
  • HSTS where applicable — enforces consistent HTTPS when the site configuration allows it without operational friction.
  • Header exposure and basic performance — identify server responses that add noise, expose more than needed, or make the site less predictable.

Email, DNS, and infrastructure

  • SPF, DKIM, and basic DMARC — reduces technical noise and avoidable misconfiguration signals, without replacing a full email strategy.
  • Basic DNS — delegation, critical records, and points where a small error can leave email or the site in a gray zone.
  • Backups and recovery points — verify whether a minimum reversibility baseline exists before touching anything important.

Content, forms, and ongoing operations

  • Critical forms — a site can look perfect while losing opportunities if the contact form fails quietly.
  • Search Console, sitemap, and robots.txt — detect indexing errors, coverage issues, and signals no one checks after launch.
  • Relevant 404 errors — fix or prioritize broken links that affect experience, trust, and capture of existing demand.
  • WordPress plugins and maintenance — review visible dependencies, update points, and signs of technical neglect.
  • Minimal operational documentation — leave it clear what was done, what remains pending, and where to look next time.
Process

How the technical diagnostic works

The first step is designed to be lightweight and concrete: look at what's visible, separate useful signals from automated noise, and leave an understandable path to correction.

01

Initial external review

I surface visible signals without requesting access: headers, HTTPS, redirects, DNS, sitemap, robots.txt, visible forms, and public tools.

02

Prioritized findings

I sort findings by operational impact, correction difficulty, and reasonable urgency — avoiding dramatizing automated scores.

03

Correction with controlled access

When permissions are available, I apply agreed fixes in hosting, CMS, CDN, DNS, repository, or the relevant provider.

04

Before/after evidence

I leave screenshots, review date, checklist, and technical notes so the change is verifiable and transferable.

05

Close or monthly support

I recommend closing, implementing a second phase, or moving to monthly review based on what the site actually needs.

Plans & pricing

A simple entry point and a clear path to monthly support

The natural entry point is the Diagnostic ($69, credited toward implementation). Most simple sites scale to Basic Hardening. When the site drives leads, reputation, or sales, the Full Review closes better at just $100 more than the operational plan — and delivers the executive report and roadmap that open the path to monthly support.

$69 Web Technical Diagnostic From $499 Basic Web Hardening From $899 Operational Review & Hardening From $999 Full Review with Executive Report Recommended From $279/mo Monthly Technical Web Support
External diagnostic
Header hardening + canonical HTTPS
Form, DNS & email auth review
Technical report / notes for the admin
Before/after evidence with screenshots
Executive report in business language
Monthly monitoring roadmap
Monthly monitoring + periodic fixes

$69

one-time

Web Technical Diagnostic

To know exactly what is technically neglected before paying for fixes.

Applied as a credit toward any implementation plan.

  • External review with SecurityHeaders.com and Mozilla Observatory.
  • HTTPS, redirects, basic DNS, and email authentication check.
  • Sitemap, robots.txt, and visible form review.
  • Mini report with prioritized findings and a clear next step.

From $499

one-time

Basic Web Hardening

To fix the obvious and leave the site technically cleaner, with a verifiable record for the administrator.

For simple or corporate sites with no executive deliverable requirement.

  • Security header corrections and a reasonable browser policy.
  • Canonical HTTPS, clean redirects, and HSTS where applicable.
  • Review and cleanup of unnecessary response headers.
  • Technical before/after report for the site administrator.

From $899

one-time

Operational Review & Hardening

For sites that need full hardening and operational review, with no deliverable required for management.

Covers the technical. No executive report or follow-up roadmap.

  • Full web hardening: headers, canonical HTTPS, and HSTS.
  • Forms, Search Console, DNS, email auth, and visible error review.
  • Operational checklist for the next maintenance cycle.
  • Technical notes with prioritized pending items for the administrator.
Recommended

From $999

one-time

Full Review with Executive Report

When the result needs to be presentable to non-technical stakeholders without translation, with full evidence and a roadmap for the next month.

Recommended for sites that drive leads, reputation, or sales.

  • Executive report in business language, presentable to management without a technical intermediary.
  • Full operational review and hardening: headers, HTTPS, DNS, forms, Search Console.
  • Before/after evidence with screenshots, dates, and verifiable notes.
  • Monthly monitoring roadmap: defines exactly what would be covered in recurring support.

From $279/mo

per month

Monthly Technical Web Support

To maintain what was fixed and have external technical judgment reviewing the basics regularly.

Natural continuation of the Full Review. No in-house hiring needed.

  • Monthly review based on the roadmap delivered in the initial review.
  • Light monitoring and reasonable alerts.
  • Review of plugins and dependencies with documented security alerts — flagging outdated versions with known vulnerabilities against public advisories.
  • Small fixes within an agreed block of hours.
  • Monthly brief report with status, applied changes, and next steps.

Prices in USD for clients in the United States, Canada, the United Kingdom, Europe, and other international markets. All deliverables — reports, checklists, and documentation — are produced in English and structured for direct handoff to non-technical stakeholders. For clients in Chile and Latin America, this service is available in Spanish at local rates (UF/CLP) — see the Spanish version.

Why Tooltician

Not the same as hiring someone on Upwork or Fiverr

A platform freelancer can fix what you ask for. Tooltician reviews what you didn't know to ask about.

Generic freelancer

  • Executes the task you describe. If you don't describe it well, the result is incomplete.
  • Delivers what was promised. The broader technical context stays out of scope.
  • No operational documentation by default. No report of what was done or why.
  • No continuity. Each intervention is a new project with no history of the site.

Tooltician

  • Reviews the full site, not just the symptom you reported.
  • Prioritizes findings by operational impact, not by what's easiest to fix.
  • Delivers verifiable before/after evidence and an executive report for management.
  • Builds a technical history of the site — each cycle starts where the previous one left off.

The real difference

Tooltician already builds automations, internal APIs, ETL pipelines, and production sites with handoff-ready documentation. This service applies the same logic to the day-to-day technical operation of published sites: judgment, evidence, and continuity — not just task execution.

Own technical proof

Tooltician applies these same practices to its own site: canonical HTTPS, fully configured email authentication (SPF, DKIM, DMARC), active security headers, and no uncontrolled external dependencies. The code is public and auditable.

Verify on SecurityHeaders.com Public code
Use cases

Where this service fits best

Built for production sites that matter commercially but were left without a technical owner after the initial launch.

WordPress SMB site

The site works, but no one is regularly checking plugins, forms, headers, backups, or Search Console.

Web agency

The agency designs and publishes sites but does not want to burden its team with low-margin recurring technical maintenance.

B2B company

The site receives leads. If the form fails or the technical signal degrades, the loss arrives before anyone notices.

Consultant, professional, or small e-commerce

The web presence is part of the reputation or sales channel — a visible technical lapse reduces trust without needing a major incident. Needs HTTPS, forms, errors, DNS, and basic signals checked without adding a full hire.

Related projects

DNSpect Monedario El Rincón de Ébano Portfolio
FAQ

Questions worth answering precisely

Is this cybersecurity?

It's a layer of web hygiene and basic hardening. It does not replace pentesting, compliance, or a deep security audit.

What does a bad SecurityHeaders.com score mean?

It means some security headers expected by modern browsers are missing. It does not automatically mean the site is compromised.

Can you guarantee the site will be secure?

No. Anyone serious should not promise total security. I can fix visible configurations, document improvements, and reduce reasonable oversights.

Do you work with WordPress?

Yes, but the scope depends on hosting, plugins, available permissions, and the general state of the site.

Do you work with static sites, Astro, Next, or similar?

Yes. In many cases hardening is resolved in hosting, CDN, server rules, or framework headers.

Do you need access to the site?

For external diagnostic, not necessarily. For corrections, controlled access to hosting, CMS, repository, DNS, or the relevant provider is required.

What if you find something serious?

I report it with priority, propose a course of action, and if it exceeds the scope, I recommend escalating to a specialist or a deeper audit.

What if the diagnostic finds nothing relevant?

It can happen, especially with well-maintained sites. In that case the report confirms it with evidence — knowing the basics are solid is also valuable before changing hosting, launching a campaign, or delegating the site to a third party. The diagnostic fee applies regardless, but there are no surprises or additional charges.

Can the scope grow during the review?

No. The scope is defined by the contracted plan. If something beyond that scope appears during the review, it is documented in the report with a recommended next step — but not executed without prior agreement.

Why are you less expensive than a local consultant?

A US or EU technical consultant typically bills $100–150/hour. The Full Review at $999 is the equivalent of 7–10 hours — with an executive-ready report delivered, not just a call. All deliverables are in English.

Why are the prices different from the Spanish version?

The Spanish-language version is calibrated for the Chilean and Latin American market: different currency, different purchasing power, and documentation delivered in Spanish. The international service is priced in USD, delivered entirely in English, and structured to meet the expectations of clients in the US, UK, and European markets — including executive-ready deliverables and formal documentation standards. The technical scope is equivalent; the context of delivery is not.

Can I hire you if I prefer to work in Spanish?

Yes. If your site is in English and you need deliverables in English, the international rates apply regardless of your language preference. If you prefer Spanish documentation and local pricing, the Spanish version of this service is the right entry point — same technical scope, calibrated for that market.

Next step

Start with a reasonable diagnostic, not an inflated promise

If your site is already live and you want to know what's technically neglected, the right entry point is a brief, verifiable diagnostic.

Web technical diagnostic — $69

Initial external review with a prioritized findings report and a clear next step. The cost is credited toward any implementation plan. No-commitment entry point.

If the diagnostic finds nothing actionable, the report confirms it with evidence — knowing the basics are solid is also valuable before changing hosting, launching a campaign, or delegating the site to a third party. The fee applies regardless, but there are no surprises or additional charges.

Schedule a call instead

Request your diagnostic

Tell me about the live site you want reviewed. No email client needed — fill this in and I reply by email within 24–48 business hours.

Prefer to talk first? Book a 15-min call →

Sent. I’ll reply by email within two business days.

Delivered via Formspree. See Privacy and Cookies.

I want to review a live site Diagnostic from $69, with a brief report and clear priorities. I run an agency and need external support Recurring technical review without burdening the design or dev team with low-margin tasks. I want monthly support Light monitoring, small fixes, and operational documentation without an in-house hire.

If you arrived here from an observation about headers, forms, DNS, Search Console, or visible signs of incomplete maintenance — the scope is this: review, fix what's reasonable, and leave clear evidence. This is not a deep security audit or a promise of total security.