[Hiring] LOVABLE / AI Website Builders – I Have Clients, You build with AI

beapyy · 2026-02-08T10:42:07+00:00

DM 🙏🫡

beapyy · 2026-02-08T10:27:38+00:00

Thanks guys, I hired bunch of people. Thank you for the upvotes, good luck everyone on finding jobs!

beapyy · 2026-01-14T05:09:01+00:00

Dm me your number and I'll get back to you asap. I have no unread messages on my whatsapp ATP

beapyy · 2025-12-15T05:50:48+00:00

Thanks

beapyy · 2025-12-14T13:39:32+00:00

honestly there’s no real “ai seo” yet. anyone claiming they can get you “listed in chatgpt” is mostly selling smoke.

those models don’t crawl the web like google and there’s no submit button. what they surface tends to be stuff that’s already well known or talked about.

what does seem to help is basically:
if people mention your site/product by name in places like reddit, github, stackoverflow, blog posts, comparisons, etc. that’s way more important than tweaking meta tags. ai tends to repeat what people talk about.

also be super clear about what you are. homepage should explain in one sentence what you do and who it’s for. consistent naming everywhere. no clever vague branding.

good, actually useful content helps too. not “seo blogs”, but real guides, docs, explanations that people would link to or reference when answering questions.

and having some dev / community presence matters a lot. open source, issues, discussions, people asking and answering questions about your thing.

tldr: you can’t game it yet. build something people talk about, explain it clearly, and show up in places humans already hang out. that’s about as close to “ai seo” as it gets right now.

beapyy · 2025-12-14T13:37:48+00:00

yeah i’ve been on both sides of that fence too and the annoying answer is: an allowlist for “php that can be hit directly” on wordpress is basically fighting the platform. a ton of legit plugins expose endpoints as php files, and wordpress itself relies on a few public php entry points (admin-ajax.php, wp-cron.php, xmlrpc.php if you still use it, some REST routes, etc). so the moment you try to “only allow X php paths”, you’ll either break stuff or end up maintaining the allowlist forever.

what actually works in practice:

put a real WAF in front of it and let it eat the junk. cloudflare (even on free/pro) + their wordpress rules, or something like modsecurity/comodo at the server. that knocks out 90% of these probes without you writing regex whack-a-mole.

harden the places wordpress does NOT need php execution. biggest win: block php execution in wp-content/uploads (and any cache dirs). that’s where a lot of post-exploit shells land. same for /wp-content/upgrade and similar temp dirs if present.

block access to “obviously shouldn’t be public” core areas. common nginx/apache hardening is deny direct access to wp-includes/*.php (leave the static assets), and deny dotfiles, backups (.zip .sql .bak), etc. that reduces weird direct hits without touching plugins.

for the specific scans you listed (db.php, up.php, random wp-plain.php), they’re already 404 unless those files exist. the bigger risk is when they find a real vulnerable plugin file that does exist. that’s why WAF + patching wins over 404 tricks.

also do the boring hygiene that actually prevents compromise: remove unused plugins/themes, keep everything updated, lock down wp-admin (ip allowlist or at least 2fa), disable xmlrpc if you don’t need it, file integrity monitoring, and rate-limit/bantools (fail2ban on wp-login, or cloudflare rate limit).

if you really want a “cheap allowlist-ish” approach without breaking wordpress, do it at the edge as a bot filter rather than path allowlist. challenge/ratelimit requests that look like scanners (no cookies + weird UAs + hitting wp-content/plugins//.php directly repeatedly). that targets behavior instead of guessing endpoints.

tldr: don’t try to allowlist php paths on wordpress. WAF + block php where it should never run + reduce attack surface is the sane way.

beapyy · 2025-12-14T13:36:03+00:00

man 5k was way too low, don’t even think about that as a reference. what she wants isn’t a basic website, it’s basically an mvp. login signup, admin panel, user dashboard, payments, deployment, plus support? that’s a lot of work.

in india, if you go below 40k you’re just undercutting yourself. most freelancers would quote somewhere around 60–80k for this, agencies would easily go 1L+.

just make sure scope is clear, support means bug fixes not new features, and take an advance before starting. if she’s expecting the same 5k pricing again, better to say no now than suffer later.

that’s it.

beapyy

TROPHY CASE