A free, full-site SEO audit for any WordPress install. Runs from outside WordPress and audits the live HTML — what Google actually sees — so it catches the regressions Yoast, Rank Math, and SEOPress can't see from inside the admin. No plugin to install. Website regression monitor for founders, agencies, and developers — SEO, security, performance and compliance checks after every deploy.
Enter any WordPress URL below. Free first scan, no credit card.
Free tier: 4 full audits / month on a single domain.
WordPress SEO plugins are configurable in dozens of places — sitemap toggles, breadcrumb settings, robots.txt overrides, social-card defaults. We frequently see misconfigured combinations where the plugin generates a sitemap at /sitemap_index.xml AND WordPress core generates one at /wp-sitemap.xml, both submitted to Search Console, sending split signals. Or robots.txt overrides that conflict with the plugin's output.
Tag pages, author pages, category pages, attachment pages, date archives — WordPress generates all of these by default. Most are thin content with no organic value, and many compete for ranking with the canonical post. A clean audit identifies which archives carry traffic worth keeping (with proper canonicalisation) and which to noindex or 410.
Page builders (Elementor, Divi, WPBakery) ship dozens of CSS / JS files per page, often with render-blocking <link> and <script> tags in the head. The Seoxpert performance agent flags every render-blocker with the exact resource URL, plus payload size, compression status, and Cache-Control headers — so you know which plugin to deactivate or which stylesheet to defer.
WordPress exposes /wp-json/wp/v2/users by default, leaking author IDs and slugs that brute-force tools use to enumerate user accounts. The auto-generated oEmbed endpoint also exposes some metadata. We flag both as security findings — restricting them via a security plugin or .htaccess rule is a 5-minute fix.
Migrations from WordPress.com → self-hosted, http → https, www → apex, or staging → production routinely leave canonical tags pointing at the old URL. Search Console reports "URL not on Google", and traffic dies. The Seoxpert crawl-integrity agent re-resolves the canonical chain on every page and flags origin mismatches.
A WordPress install that's been running for 5 years on the same shared host accumulates plugin debt. Server response time creeps from 200ms to 2000ms; LCP follows. We measure response time on every page; if 30% of pages are over 1.5s, the cause is almost always uncached PHP rendering cumulative plugin queries on each request.
The WordPress-specific findings sit alongside the standard audit: on-page SEO (titles, meta, headings, structured data), Core Web Vitals, security headers, mobile readiness, content quality, GDPR / cookie consent, AI / GEO citability, content gaps, and crawl integrity. Each finding comes back with severity, fix-owner (developer / content editor / business owner / SEO specialist), time estimate, and concrete fix guidance.
Pro and Agency plans add scheduled scans (run daily / weekly / monthly automatically), signed event webhooks delivered to Slack or Linear when the score drops, and on Agency white-label PDF reports you can hand to clients or use in pitch decks.
See the full check listYes. The scanner makes the same HTTP requests against any URL, so it works on WordPress like any other CMS. The findings — Yoast / Rank Math misconfig, render-blocking page-builder CSS, plugin-driven duplicate content, REST API exposure, oEmbed leaks, slow PHP responses — surface naturally because they show up in the HTML and headers we already audit. No WordPress plugin to install, no admin access required.
Yoast and Rank Math audit content quality (focus keyword density, readability, internal linking) per page from inside WordPress. They don't catch sitewide regressions, security headers, Core Web Vitals lab measurements, AI / GEO citability, or content gaps across the whole site. Seoxpert runs from outside WordPress and audits the live HTML — what Google actually sees — so it catches issues the in-admin plugin can't see.
Yes. Each site in a multisite network has its own URL — register each domain separately. Subdirectory installs (example.com/blog) are scanned via their canonical entry URL; the crawler follows internal links and discovers the rest. Subdomain installs (blog.example.com) work the same as any subdomain.
No. The audit makes standard HTTP requests against publicly accessible URLs — no admin, no plugin install, no client-side code. You can audit any WordPress site you can reach in a browser, including your competitors'.
Yes via the Pro / Agency deploy hook. Each registered domain gets a per-domain deploy token (sxp_deploy_…). A single curl POST to /api/webhooks/deploy/<domainId>?token=… kicks off a scan — call it from a WP-Cron job, a CI pipeline running after wp-cli deployments, or a webhook hooked to your hosting provider's deploy event. Rate-limited to 1 scan / 5 min / domain so a chatty pipeline doesn't burn quota.
The free tier covers 1 WordPress site with 4 full audits / month — no credit card. Pro at €19.99/month/month covers 10 domains and 100 scans / month, with scheduled audits and signed event webhooks. Agency adds white-label PDFs you can hand to clients and a 600 req/min API rate limit.
Yes. The GEO citability agent runs on WordPress like any other site — it flags missing /llms.txt, AI-bot disallows in robots.txt, missing Organization JSON-LD (Yoast and Rank Math both ship Organization schema, but it's often disabled or has a stale logo URL), and question-titled pages without an answer-first paragraph (a common pattern in WP blog templates that hero-image first, paragraph second).
Free scan · No plugin · No credit card · Results in under 2 minutes.
Also useful: Website audit · AI SEO · How to rank higher