WordPress
Request consultation
Service · WordPress

WordPress Audit — Site Health, Security & Performance Check

One-time written diagnosis — technical, security, performance, SEO. PDF report + walkthrough call.

Choose a tier Free audit
from $499 ⏱ 5 business days from kickoff to report 🛡 5-finding guarantee, full refund if not met

What's included

Base scope of work — applies to all tiers. See the tier comparison below for hours and SLA specifics.

🔍

Technical health check

PHP version, WP core hash check, plugin/theme inventory, deprecated hook scan, mu-plugin review, cron audit.

🛡

Security review

Login surface, REST API exposure, plugin CVEs, file permissions, user role audit, 2FA coverage, salts rotation.

Performance baseline

LCP / INP / CLS field data, asset waterfall, cache effectiveness, DB query log, image weight audit.

🔎

SEO + content review

Indexation, canonical sanity, schema validation, internal-link health, thin-content map, meta coverage.

📋

30 to 45-page PDF report

Findings ranked by severity. Each one has reproduction steps, screenshot, and the fix-effort estimate.

📞

Walkthrough call (60 to 90 min)

We screen-share the report and answer questions. Recorded if your team cannot all attend live.

How we work

Transparent process — you always know what stage we're at and what comes next.

1

Kickoff + access

You hand over read-only WP, hosting, and Search Console access. We send a 1-page kickoff doc with what to expect.

1 day
2

Automated sweep

We run our internal scan stack (Wordfence CLI, WPScan CLI, Lighthouse, Screaming Frog, custom DB profiler). Raw findings land in a triage doc.

1-2 days
3

Manual review

Senior engineer walks the code, the admin, and the front-end. Catches what scanners miss — custom code smells, leaky hooks, brittle integrations.

2-3 days
4

Report drafting

We write findings up with severity, evidence, and remediation effort. Every finding has a screenshot.

1 day
5

Walkthrough call

Screen-share the report end to end. You leave with a ranked fix list and we are done.

60-90 min

Pricing tiers

Pick the level that fits your size and required response time. You can switch tiers between months.

Most ordered
Standard Audit
$499

Four-stream 80-point audit for sites up to 50k visits/month.

  • 80-point checklist across 4 streams
  • Plugin CVE check + outdated dependencies map
  • Lighthouse + CrUX field data for 5 URLs
  • Schema markup + indexation review
  • Backup + restore-drill verification
  • 30-page PDF + 60-min walkthrough call
  • Delivered in 5 business days
  • Code-level remediation (separate scope)
Order Standard audit
Premium Audit
$999

Deep 140-point audit + 90-day remediation roadmap for high-traffic and eCommerce.

  • 140-point checklist (eCommerce + LMS + multilingual aware)
  • Database query log + slow-query analysis
  • WooCommerce / EDD transaction-path stress check
  • Manual security review by senior engineer
  • Custom theme/code review (up to 10k LOC)
  • 90-day remediation roadmap with effort + impact scores
  • 45-page PDF + 90-min walkthrough call
  • Delivered in 7 business days
  • Penetration testing (separate offering)
Order Premium audit

What's NOT included

Scope transparency — no surprises in the monthly report.

  • Implementing the fixes — The audit identifies and prioritizes. Implementation is a separate engagement (Optimization, Custom Module, or care plan hours).
  • Penetration testing — We do security review at the code and config level. Active pen-testing is a different practice — we partner with a firm for that.
  • Legal / compliance certification — We flag GDPR and PCI red flags. We do not issue certifications.
  • Branding / UX critique — The audit measures health, not aesthetics. UX reviews are a Design service.

What we'll need from you

Access we require — passed via secure channel (1Password / Bitwarden).

  • WordPress role = Administrator (read-only is fine for most checks)
  • SFTP or SSH read access
  • Hosting control panel (read access)
  • Google Search Console verified user
  • Google Analytics 4 read access (optional but helpful)

What clients say

"We were about to spend 12k on a redesign. The audit said the front-end was fine — the real problem was a runaway WooCommerce cron. Fixed it in 4 hours. Saved us 11.6k."

Sergiy R.
Founder, B2C marketplace

"The 90-day roadmap was the deliverable we kept. Half of it was things we already suspected — the other half saved us from at least one Friday-evening outage."

Olha P.
CTO, EdTech

FAQ

What does a WordPress audit cost?

Standard 80-point audit is $499 fixed. Premium 140-point audit with a 90-day remediation roadmap is $999. Most agencies charge $1,500 to $3,000 for the same scope because they fold an account-management retainer into the price. We do not.

How long does the audit take?

Standard ships 5 business days from access handover. Premium ships 7 days. The walkthrough call is scheduled within the week after delivery.

What is in the PDF report?

Executive summary, severity-ranked findings (each with screenshot + reproduction + fix effort), 4 stream chapters (Tech / Security / Performance / SEO), and a prioritized fix list. Premium adds a 90-day roadmap with effort and impact scoring.

Will the audit interrupt my live site?

No. All checks are read-only or run against a staging clone. The only time we touch production is the backup-restore drill, and that runs on staging too. Your real site is not slowed, not changed, not at risk.

Do you fix the issues you find?

Not as part of the audit price. We hand you the ranked list. From there you can fix it yourselves, give the list to your existing agency, or hire us to implement under one of our other services (Optimization, Support, or a care plan).

Is the audit a sales pitch in disguise?

It would not survive on this site if it were. The PDF is the deliverable. Plenty of clients take the report and never come back — that is fine. If you do hire us for remediation, the audit fee comes off the first invoice.

How do I know which audit tier to pick?

Sites under 50k monthly visits without WooCommerce, LMS, or custom plugins: Standard. Sites with eCommerce, memberships, multilingual, or 10k+ lines of custom code: Premium. If unsure, book the kickoff call and we will recommend.

Can the audit be white-labelled for our client?

Yes, agency partners get white-label PDFs with your branding. Bulk pricing kicks in at 3+ audits per month. Email [email protected] for terms.

A WordPress audit is a one-time, written diagnosis of where your site is healthy, where it is fragile, and what the priority fixes are. Four streams: technical, security, performance, and SEO. Deliverable is a PDF report and a 60-minute walkthrough call. Most clients order an audit before deciding whether they need a maintenance care plan, a speed optimization sprint, or a redesign. The audit gives you the data to decide.

An audit gives you the report. If you want the ongoing engagement — monthly content, schema, ranking work — pair it with our WordPress SEO service.

Got a written audit report and not sure what to do with it? Our WordPress consulting turns the audit into a prioritized action plan — 2-hour package or hourly.

Order your WordPress audit

If the report comes back without at least 5 severity-Medium or higher findings, we refund the engagement in full. We have never refunded an audit.

Contact Form Demo