WooCommerce Audit
Full report within 5 days, costed action plan.
We tear down the code, plugin state, performance, security, and SEO of your WooCommerce shop. PDF report, priority-by-priority action plan, costing. Fixes by us or by you.
How we can help
Code audit
Theme, custom plugins, overrides, hooks, Action Scheduler workers, code quality.
Security audit
WordPress core, dependencies, XML-RPC, REST API, admin file editor, hardening.
Performance audit
Core Web Vitals, SQL queries, cache, page builders that drag, lazy loading.
Database audit
HPOS, indexes, rogue postmeta, autoload options, n+1 catalog queries.
Plugin audit
Complete plugin inventory: version, CVEs, abandonware, conflicts, alternatives.
Technical SEO audit
Sitemap, hreflang, product JSON-LD, robots, redirects, mobile speed.
Payment audit
Stripe, PayPal, Klarna, Mollie: SCA config, webhooks, subscriptions, tokenization.
Action plan
Prioritization, costing in person-days and euros, top 3 to launch first.
How we work
-
01
30-min brief
Understand the business context, current stack, recent incidents, and objectives.
-
02
Access & analysis
SFTP / DB / admin read access. Static, dynamic, and manual analysis.
-
03
Drafting
Structured PDF report, screenshots, action plan costed in person-days.
-
04
1h debrief
Findings presentation, Q&A, joint prioritization based on your budget.
Tech stack
Ready when you are.
No pitch — just an honest assessment of your project in 20 minutes.
Frequently asked questions
Is the audit neutral?
Yes. The audit is a standalone deliverable — you pay for the report, that's it. You can then have the fixes done by your internal team, by us (separate fixed quote on the fixes), or by another provider. The report is the same in all cases.
What do you need to start?
SFTP read access, database read access, WordPress admin read access (editor or read-only admin role). NDA signed before any access if needed. For sensitive shops, we can work on an anonymized dump.
Do you also look at HPOS migration?
If you're still in legacy mode (wp_postmeta table), we evaluate the complexity and cost of the HPOS migration in the report. It's not included in the audit itself, but the diagnosis is systematic on serious-sized shops — in 2026, staying in legacy mode is starting to cost real performance.
Do you audit third-party plugins?
Yes. The plugin inventory is systematic: version, last update, known CVEs, likely abandonware, cross-plugin conflicts. We also flag paid plugins whose license has expired (so no more security patches). It's often the part that surprises merchants the most.
What performance impact can we expect?
It depends. On a poorly optimized shop, LCP can drop from 4-5s to 1.5-2s in a few weeks of work (server-side cache, proper lazy loading, Action Scheduler audit, removal of parasitic plugins). The report quantifies the expected gain item by item, so you can decide which optimizations to prioritize.
What happens after the report is delivered?
The report contains a costed, prioritizable action plan. You decide: do everything, do the top 3, or nothing. We can quote the fixes as a separate fixed quote if you want us to execute them. You stay in control at every step.
Do you look at payment gateways?
Yes. The audit covers Stripe, PayPal, Klarna, Mollie, and the main gateways: SCA configuration, webhooks, dispute handling, active subscriptions, tokenization. It's often a critical, underestimated point — a misconfigured webhook can silently lose orders.