Audits

Posts in this archive

14 insights

1. Managed Hosting · May 19, 2026 · 8 min read

   Cloudflare in DNS-only mode isn’t doing anything for you.

   Most WordPress sites that have Cloudflare set up have it in “DNS only” mode. In that mode, Cloudflare is functioning as nothing more than a...

   Read the article →

2. Accessibility · March 12, 2026 · 9 min read

   The complete WordPress accessibility audit: from scanner output to remediated production code.

   The market for “accessibility audits” on WordPress is genuinely confused. The same word covers everything from a 10-minute browser-extension scan to a 3-month multi-disciplinary engagement...

   Read the article →

3. Accessibility · December 19, 2025 · 8 min read

   Continuous accessibility monitoring vs. one-time audits: what each actually delivers.

   Accessibility services tend to fall into two categories. The first is the audit: an engagement that runs typically 2-6 weeks, examines the site against WCAG...

   Read the article →

4. Security Hardening · September 8, 2025 · 8 min read

   WordPress form spam protection: honeypot, CAPTCHA, Akismet — what to use when.

   Spam against WordPress forms is so common it counts as ambient noise. The bots are automated, persistent, and uninterested in any specific site. They crawl...

   Read the article →

5. Accessibility · March 25, 2025 · 6 min read

   WordPress accessibility documentation: what to capture, and why future-you will thank you.

   Accessibility work on a WordPress site is an ongoing process, not a one-time push. Plugins update, content changes, new components get added, third-party scripts come...

   Read the article →

6. Accessibility · February 18, 2025 · 8 min read

   Why WordPress sites need real screen-reader testing — not just scanners.

   Run any WordPress site that’s passed automated accessibility tests through a real screen reader for ten minutes. Within that window you’ll almost always find at...

   Read the article →

7. Legacy Modernization · January 21, 2025 · 7 min read

   WordPress 6.7 fixed (some of) the autoload problem.

   The Options API in WordPress underwent a meaningful architectural shift across the 6.6 (July 2024) and 6.7 (November 2024) releases. Core now actively manages the...

   Read the article →

8. Accessibility · December 10, 2024 · 6 min read

   What automated WCAG scans catch — and the categories they fundamentally can’t.

   Accessibility scanners catch real bugs at scale on every deploy. They also have structural limits on what they can detect, and those limits matter more than vendors of automation-only solutions admit. Here's what scanners can and can't see.

   Read the article →

9. Accessibility · November 19, 2024 · 6 min read

   Where to start when your WordPress accessibility audit comes back ugly.

   The accessibility audit deliverable is a spreadsheet. 400+ rows. Every row has a severity label assigned by the scanner, a WCAG criterion reference, a code...

   Read the article →

10. Security Hardening · September 19, 2024 · 7 min read

    Using LLMs to audit WordPress code — and the bugs static scanners miss.

    Static WordPress security scanners match code against catalogs of known patterns. They miss bugs that don't match a known pattern. LLM-based code review catches those, and adding it to the audit toolkit changes what kinds of bugs you find.

    Read the article →

11. Legacy Modernization · February 13, 2024 · 7 min read

    Replacing 47 plugins with 12: a consolidation playbook.

    A common opening question on legacy WordPress engagements: “How many of these plugins do we actually need?” The site has 47 active. The honest answer...

    Read the article →

12. Legacy Modernization · October 17, 2023 · 7 min read

    What a real WordPress technical-debt audit actually finds.

    The standard WordPress audit deliverable is a list of about 30 findings, mostly catalogued from automated tools. Plugin count, last update dates, PHP and WordPress...

    Read the article →

13. Legacy Modernization · September 19, 2023 · 12 min read

    The real cost of WordPress plugin sprawl.

    Every plugin you add to WordPress doesn't just add features — it adds technical debt, performance overhead, and another vendor relationship to manage. After twenty years of cleaning up plugin debt, here's what compounds, what's recoverable, and where the real cost lives.

    Read the article →

14. Legacy Modernization · August 9, 2023 · 5 min read

    Autoloaded options: the silent WordPress performance killer.

    Update (January 2025): WordPress 6.6 (June 2024) and 6.7 (November 2024) introduced significant changes to how the Options API handles autoloading, including new autoload values...

    Read the article →

No insights match the current filters. Clear filters to see everything.