The RecapWP Blog

Notes on keeping WordPress secure, fast, and healthy.

Practical, plain-English guides from the team behind RecapWP, the on-demand auditor that fixes what it finds. No fluff, no fear-selling, just what to check and how to close the gap.

Perspective 5 min read Why your audit data should never leave your site Why your WordPress audit data should stay local: how RecapWP runs entirely inside your own install, with no external dashboard, no account, and nothing sent to us. Read Guide 8 min read What a RecapWP scan checks: a tour of every area A tour of every area a RecapWP scan checks, from security and performance to links, content, and config, with dozens of deterministic checks and one-click fixes where they apply. Read Perspective 5 min read Site health is a habit, not a project Why WordPress site health is a habit, not a one-time project: a short, repeatable scan-and-fix pass beats the occasional big cleanup that never quite happens. Read Guide 6 min read WordPress security keys, salts, and the default table prefix WordPress security keys, salts, and the default wp_ table prefix: what each does, why placeholder values and defaults are a risk, and how to change them deliberately. Read Guide 5 min read Inactive plugins and the quiet risk of what you are not using Why inactive WordPress plugins are still a risk: deactivated code stays on the server, still needs updates, and still adds attack surface. The fix is to delete what you will not use. Read Guide 6 min read Stale content: when to refresh, redirect, or retire old posts What to do with stale WordPress content: how to decide whether an aging post should be refreshed, redirected, or retired, and why the call stays editorial. Read Guide 6 min read How to read a site audit: triaging findings worst-first How to read a WordPress site audit: triaging findings worst-first, the three kinds of remediation, the already-in-place and Mark-OK states, and a fast triage routine. Read Guide 6 min read WordPress staging sites: testing changes without risking the live one How to use a WordPress staging site to test updates and changes safely, and why a publicly reachable, indexable staging copy is a trap worth closing. Read Guide 6 min read HTTPS and mixed content: closing the last insecure gaps HTTPS and mixed content in WordPress: why the padlock is not the finish line, the certificate-expiry trap, and how to find the http assets still loading on secure pages. Read Guide 7 min read Running WordPress for clients without the grind How to maintain a portfolio of client WordPress sites without the grind: a repeatable, deterministic scan-and-fix pass that runs inside each site, with per-site licensing. Read Guide 7 min read The WordPress pre-launch checklist (so you don't ship invisible) A WordPress pre-launch checklist: catch the search-engine block, debug mode, file editor, HTTPS, and the hardening basics before you go live, not weeks after. Read Guide 6 min read Hardening, firewalls, and malware scanners: what actually does what Hardening, firewalls, and malware scanners do three different security jobs in WordPress. Here is what each actually does, and why you want more than one layer. Read Perspective 5 min read Why a security tool should be deterministic, and never guess The case for deterministic WordPress security: rule-based checks that return the same findings every time, why guessing erodes trust, and the one place AI belongs. Read Perspective 5 min read Every fix should have an undo Why every applied fix should be reversible: how an apply-and-undo ledger makes automating WordPress fixes reasonable, and the one honest exception that has no undo. Read Guide 6 min read A WooCommerce health check: the product problems costing you sales A WooCommerce health check: how to find the products with no price, no image, or published while out of stock, the few that always slip through a large catalog. Read Guide 6 min read The PHP errors your visitors hit, and you never see The PHP fatal errors your WordPress visitors hit on the front end usually never reach you. How they get captured in real time, grouped, and tracked until they stop. Read Guide 7 min read How to update WordPress, plugins, and themes without breaking your site How to update WordPress core, plugins, and themes without breaking your site: why updates matter, a careful routine, the PHP version question, and clearing dead plugins. Read Guide 6 min read The WordPress settings that quietly break a live site The WordPress settings that quietly break a live site: the search-engine block left on after launch, debug mode in production, and the file editor, plus how to catch them. Read Guide 6 min read WordPress user accounts: the security gaps hiding in your user list The security gaps hiding in your WordPress user list: a default admin username, too many administrators, and display names that match the login, and how to close them. Read Guide 6 min read On-page SEO for WordPress: three blanks worth filling first On-page SEO for WordPress made simple: meta descriptions, image alt text, and thin content, why each matters, and how to find every page that is missing them. Read Guide 7 min read Why your WordPress site is slow (and what to actually fix) Why WordPress sites get slow: caching, autoloaded options, runaway post revisions, and the scripts loading on every page, with what to fix and what to flag. Read Perspective 5 min read Finding the problem is the easy half Audit tools mastered finding problems and left the fixing on your desk. Why most WordPress findings are deterministic config a tool can close for you, with undo. Read Guide 7 min read How to find and fix broken links in WordPress How to find and fix broken links in WordPress: internal vs external links, orphan pages, dead URLs with live traffic, and the right fix for each, with redirects. Read Guide 8 min read WordPress security hardening: the settings that actually move the needle A practical guide to WordPress security hardening: the exposures worth closing first, which are one setting away, and which you fix by hand, with undo. Read Guide 9 min read The WordPress site-health checklist (and how to actually fix it) A practical, repeatable WordPress site-health checklist: the ten areas to audit, what to look for in each, and how to fix what you find instead of just flagging it. Read

Showing 7 of 25 articles