WORDPRESS · CMS AUDIT

A brutally honest WordPress site audit

WordPress runs about 43% of all websites. Your site is one of them. The other 42.99% have the same five problems yours probably does: a slow theme, three plugins you don't need, image files no one's compressed, and at least one plugin two major versions behind on its updates.

ShiteScore is built specifically to find these. £9.99, one-off. Free score in 30 seconds. Full 15-page report in your inbox in five minutes.

Score your site → 30-second free scan

What makes ShiteScore different on WordPress

Most audit tools treat every site the same. ShiteScore detects WordPress specifically and runs three checks no other tool at this price point runs:

Plugin version intelligence. ShiteScore fingerprints every WordPress plugin loaded on your homepage by parsing the ?ver=X.Y.Z query strings on script and link tags. For each plugin found, we query the WordPress.org public API to compare against the latest stable version. Plugins one or two major versions behind get flagged with a note to review the changelog. Plugins three or more major versions behind get flagged as high-impact and tagged with explicit guidance: back up first, use staging, update one at a time. We never recommend blanket plugin updates because that's how WordPress sites break.

Platform-specific fix steps. When ShiteScore finds an issue (say, a missing HSTS header), the fix instructions are written for WordPress specifically — naming the plugin you'd use, the menu path, and the setting to toggle. Generic advice like "add an HSTS header to your nginx config" is useless if you've never opened a config file. ShiteScore writes "Install Really Simple SSL → Settings → Security → toggle Enforce HSTS". Same outcome, deliverable instructions.

Theme and stack detection. Roughly 30% of WordPress performance problems trace back to a single overweight theme or a known-slow page builder. ShiteScore identifies the theme and surfaces the relevant performance pattern in the report.

What we typically find on WordPress sites

In rough order of impact:

Outdated plugins. Around 50% of the WordPress sites we audit have at least one plugin two or more major versions behind. About 15% have a plugin three or more versions behind, which is a meaningful security risk.

Theme weight. A typical agency-built WordPress theme weighs 800KB–1.5MB before any custom code. The site that scores 90 on Lighthouse and the site that scores 35 are usually using different themes, not different code.

Render-blocking JavaScript. Page builders (Elementor, Divi, Beaver Builder, WPBakery) all load substantial scripts in the head. Combine that with three tracking pixels and you've added 1.5 seconds of perceived load time.

Missing schema. Yoast adds basic Article schema; most sites stop there. No FAQ schema, no LocalBusiness schema, no HowTo schema for service pages.

No image compression. A typical WordPress media library has hundreds of uploads with no WebP conversion. The fix is one plugin away.

Security headers. HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy. Most WordPress sites have two or three of these correctly set, missing the rest.

15 pages, six categories. Every fix written for WordPress specifically, with named plugins, menu paths, and settings. £9.99 one-off. 7-day refund — we'll ask what went wrong, but we won't argue.

so. how shite is your site?

Score me →

FAQ

Reasonable questions.

Is this actually called ShiteScore?

Yes. It's called ShiteScore because that's the word people use when they look at their own website. The brand is the joke that's already in your head.

Will you ring me afterwards?

No. The whole product exists because we're sick of being rung up by agencies. We don't even have a phone number.

What if my score is really shite?

Then the report is more useful, not less. The lower the score, the more low-hanging fruit. We don't sugar-coat, but we also don't shame.

Refund policy?

7 days. If the report genuinely isn't useful to you — not just "I didn't like my score" — reply to your report email with the word "refund" and it's done within an hour. We'll ask what went wrong so we can improve it, but we won't argue.

Is this AI-generated slop?

The crawl and scoring are real data — PageSpeed Insights, a live site crawl, security header checks, DNS lookups. The fix steps are a mix: common, well-understood issues are served from a curated library of pre-reviewed, platform-specific instructions written and checked by a human. Novel or site-specific issues are generated by Claude AI from your actual audit data. Nothing is generic filler.

Which platforms do you support?

We detect your CMS automatically. WordPress, Shopify, Wix, Squarespace and Webflow all get platform-specific fix steps — naming the exact menu, plugin, or setting you need. WordPress sites also get a plugin version check: if your plugins are significantly out of date, we flag it with guidance on updating safely. For custom-built sites, we give you the general technical approach.