WordPress website audit – security and perfomance

Wordpress audit services

Site Audit Request Form

I have 10 years of experience operating a WordPress support agency and 17 years experience of using WordPress daily in design, SEO and maintenance. I’ve been preparing website audit documents using best practices for over 25 years. I’m always happy to help a new client by sharing my knowledge and expertise…

Please let me know exactly how I can assist…
WP Administrator Accesss

Site Security Audit

The first thing we request is the administrator access details for your website’s WP Admin and hosting control panel. With that, the next action is to log in and assess the environment your site operates.

Audit Checklist: Here’s an example of what we look at:

Site Health: what does WordPress think needs fixing in its Site Health checks?

WordPress Security:

Are the following issues addressed/implemented/mitigated?

  • Web application firewall
  • Brute Force Login Protection
  • Security Headers
  • XML-RPC and the REST API
  • Malware code checks

Backups: Do you have a robust and fully automated backup mechanism in place? You need to regularly backup both files and data to secure, off-site Cloud storage.

Plugins: Does the site have obsolete, duplicated and/or inactive plugins that constitute a security threat?

Themes: Do you have reams of old themes installed? That’s a security threat…

Performance Audit

Page Load Speed & Core Web Vitals Performance

WordPress Settings

Page Caching: Do you have a reliable and effective mechanism for caching your site’s pages for optimal WordPress speed optimization?

Persistent Object Caching: Docket Cache or SQLite

OPcache Activated

Image Optimisation: Are all images correctly sized and compressed? Or is the Media Library full of bloated images uploaded off a camera?

WP Memory – is the allocation adequate

Web Hosting Settings

PHP: Is the correct (later & faster) version of PHP set?

Memory: Does WordPress have enough memory allocated to function well?

Caching: Are opcache and memcached turned on?

PHP Variables: Is max_input_variables set high enough?

File Size Settings: Is the Maximum Post Size / File Upload Size adequate and matched?

PHP settings can have a significant impact on both performance and security – negative for old versions and positive for updating to later versions. Most sites should be running PHP v8.2.

The website audit document is prepared by an experienced WordPress maintenance agency and will be sent to you for:

  • Your information and records…
  • And for your approval before we touch anything!

You Approve the Changes Before Anything is Done

Once you’ve read through the website technical audit document that outlines the issues, you then give us the ok to proceed with the changes we’ve recommended. The changes proposed will:

  • Make the site highly secure and resistant to external threats from hackers using various attack vectors and mechanisms.
  • Provide a fall-back / fail-safe position for your site and its contents. If ever there is a crisis involving the hosting, site developer or designer etc., a full copy of the website is always available for recreation/restoration.
  • Ensure that the website loads as fast as possible – within the constraints of the hosting platform and the design theme…
  • WE fix any broken links…

Once we have your approval of the recommended changes, the first steps are to:

  • Install Updraftplus Backups premium version
  • Take a Full Backup (Files and Data) and store that in secure Cloud Storage (Dropbox)

Doing this before we make changes ensures we always have a fallback if any issues arise when updates begin. For example, if you have a theme or plugin that generates a critical error when WordPress is updated, or security plugins are installed.

Once we have a full backup safely stored off-site, we first tackle the security issues. There would be nothing worse than discovering that the site has just been hacked as we are beginning the process!

On completion of the recommendations from the initial Website Audit, we will send you an itemised report on what we’ve done, and what difference it has made.

This may include a “Before” and “After” screenshot of Google’s page speed insights tests etc.

At this point, you are welcome to point out any issues you note on the site:

  • Typos to be fixed.
  • Addresses and phone numbers that need updating.
  • Display quirks that don’t look right – sometimes caching can result in CSS not working as expected.

If there’s anything you need us to explain more fully, contact the WordPress specialist consultant...

SEO Audit

This audit is not specifically related to SEO, organic traffic, on-page SEO, meta tag alalysis, indexing in search engines or social media factors. That said, my core competency is search engine optimisation (www.TheSEOguy.co.nz) so if you need a full SEO Technical audit, I can do that for you too.

Website Audit

Page last Updated on Sunday, October 15, 2023 by the author Ben Kemp