Skip to content
Signature offer

WordPress Engineering Audit

A 5-day deep dive into your site's stack, delivered as a prioritised action plan with effort estimates and ROI per fix.

Fixed price
€890
No surprises. Invoiced once.
Turnaround
5 business days
Book the audit

Fixed price. No discovery call required — send the URL and you get the report in 5 business days.

What the audit actually is

Five business days of a senior engineer dropping into your WordPress stack: performance, security, plugin/theme inventory, database health, hosting fit. The output is a prioritised action plan — every issue tagged with effort, cost, and the business outcome of fixing it — so your team (or mine) can act on it without another discovery cycle.

What you get

Performance audit

Core Web Vitals against real-user metrics, query analysis on cold and warm caches, caching strategy review (object and page), CDN configuration, asset pipeline. Concrete numbers and the patches that would move them.

Security audit

Plugin surface area against published CVEs, server configuration, file permissions, wp-config constants, login hardening, REST and XML-RPC exposure. Risk-graded, not a 200-page PDF nobody will read.

Stack review

Plugin and theme inventory with maintenance status, database health (autoloaded options, postmeta indexes, table sizes), hosting fit, PHP version posture. What can be removed, what needs replacement, what is fine.

Prioritised remediation plan

Every recommendation lands with: effort in hours, cost estimate (mine or any senior dev), and the ROI — measured against revenue, conversion, risk reduction, or all three. Ranked so the top three items are obvious.

What the remediation plan looks like

An anonymised excerpt from a recent audit, showing the structure you receive for every item.

Priority Recommendation Effort Cost ROI
P1 Drop 18 MB of autoloaded options from disused plugins 2h €50 Cuts every uncached page load by ~280 ms. Single biggest TTFB win identified.
P1 Disable cart fragments on non-cart pages 1h €25 Stops a 1.8 s uncached AJAX call from firing on every visit. Server holds 3× more concurrent users at the same plan.
P2 Replace Slider Revolution (CVE-2024-XXXXX) with native Gutenberg slider 6h €150 Closes a known unauthenticated RCE. Removes 320 KB of front-end JS.
P2 Move order confirmation emails to ActionScheduler 4h €100 Checkout response time drops from 4.2 s to 1.3 s. Removes the only place a third-party SMTP outage can break checkout.

Frequently asked

How is the audit delivered?

A written report (PDF + linkable web version), structured the same way as the sample above. Every recommendation is independent — you can act on it yourself, hand it to your team, or hire any senior WordPress developer to execute it.

Do you need admin access to the site?

Read-only admin access plus hosting and database access if available. I sign an NDA before any credentials change hands. Everything is reviewed on a staging copy whenever possible.

What if my site is bigger than a standard WooCommerce shop?

The 5-day, €890 audit covers most WordPress sites including stores up to a few thousand products. Enterprise platforms — multi-site, complex integrations, high-traffic catalogues over 50k products — are scoped separately. Send the URL and I will tell you within a day whether the standard audit fits.

Can you fix the issues you find?

Yes, but the audit is independent. The output is yours; the remediation work is a separate engagement at the going senior rate (€85/h) or under one of the maintenance retainers if it fits there. No pressure to use me for the fixes.

Will the audit recommend re-platforming or staying on WordPress?

It will say honestly what fits. If you are on WordPress because of legacy and the audit shows the maintenance cost is no longer justified, that lands in the report. Most of the time the answer is to stay and tighten what is broken, not to migrate.

GDPR — what happens with the data you access?

Nothing is exported off your infrastructure unless you explicitly ask. Credentials I receive are rotated by you immediately after the audit closes. Anonymised metrics may be referenced in future case studies only with written permission.

How fast can you start?

Typical lead time is 1 to 2 weeks. If the issue is urgent (live incident, post-compromise review, pre-launch sanity check), I can usually start within 48 hours — flag the urgency when you book.

What does the €890 actually include?

The five business days of work, the written report, one 30-minute call to walk through it after delivery, and email follow-up for two weeks for clarification questions. No upsell calls or pricing games.

Ready to find out what is actually slowing your site down?

Book the audit

Fixed price. Five business days. Send the URL.