I already know two problem areas on my Drupal install—user roles are too permissive and a few custom queries are exposing the site to SQL-injection risks. I do not need a full-blown security audit right now; I need these specific weaknesses closed decisively. A fresh backup is ready, so you can work without hesitation. Once permissions are tightened and the query code is sanitized, I’d like you to retest the affected sections and document exactly what was changed so I can keep the site secure going forward. If you need Drush access or database credentials, I can supply them as soon as we agree on a plan.