How much does an audit cost?

Between €250 and €1,000 depending on the size and complexity of the site.

How often should audits be repeated?

At least once every 12 months for sites with over 5,000 monthly visits.

Audits & Assessments

Technical and security audits for WordPress, WooCommerce, and Shopify - from a few hours to a full deep dive.

Most sites have problems the owners don't know about - outdated configurations, performance bottlenecks, security gaps, or infrastructure decisions that made sense three years ago but are quietly costing money now. An audit surfaces all of it in one place, with clear recommendations you can actually act on.

What's Covered

Every audit is hands-on. I go through your setup myself - not a generic automated scan. A typical audit covers:

WordPress Setup & Configuration - core settings, plugin hygiene, theme setup, file permissions
Hosting & Infrastructure - server config, caching layers, CDN, database setup
Security - vulnerabilities, access controls, login hardening, known exploits
Backups & Recovery - what exists, how reliable it is, how long a restore would actually take
Performance - load times, Core Web Vitals, server response, query efficiency
Risk Assessment - what's likely to break or cause problems, and when
Recommendations - prioritised list of what to fix, in what order, and why

Platforms

I audit WordPress, WooCommerce, and Shopify sites.

What to Expect

Turnaround: a few hours to 2–3 days, depending on the size and complexity of your site
Pricing: €250–€1,000 depending on the scope
Output: a detailed written report you can hand to your team or use as a roadmap yourself

On about one in three audits I review, I find performance improvements that can reduce load time or resource usage by 20–25% or more. Often with changes that take less than a day to implement.

Get in touch

If you need ongoing help after the audit rather than just the report, take a look at my consulting services.

FAQ

What do I need to prepare before the audit?

Bring your questions - all of them. And access to your systems: admin panel, hosting, any relevant third-party tools. The more access I have, the more thorough the audit can be.

How quickly can the audit start?

Message me and we'll figure it out. I always try to prioritise based on urgency - if something is actively broken or you're under pressure, say so.

Do you help with fixing things after the audit, or just deliver the report?

It depends on the client. I often help partially with implementation - especially for the higher-priority items. If you need someone to see the fixes through, we can arrange that separately.

If you find a critical security issue, do you wait until the end to tell me?

No. If I find something critical, I flag it immediately - I don't sit on it until the final report. You need to know as soon as I've confirmed it.

Is the deliverable just a report, or do we also talk through it?

Always at least one meeting - but usually two or more. I find it much more valuable to walk through the findings with your team directly: what to fix, in what order, how, and why. A report sitting in someone's inbox doesn't move things forward.

Should audits be done regularly?

For sites with over 5,000 monthly visits, I'd recommend at least once every 12 months. Things change - plugins get updated, traffic patterns shift, new integrations get added - and what was fine a year ago might not be fine now.

Example WordPress Audit Report Sections

To give you an idea of what the final report looks like, here are the main sections a WordPress audit typically includes:

WordPress Setup & Config
Hosting & Network
Security & Backups
WordPress Ops
Performance Analysis
Risk Assessment
Prioritised Recommendations