Stop Guessing. See Exactly What's Wrong —
And What Changed to Cause It.

A top-level 0–100 score that grades your site across its most impactful performance and safety dimensions — refreshed on demand via AJAX.

• PHP version (8.1+ recommended)
• Pending WordPress core & plugin updates
• Autoloaded options size (warn at 500 KB, critical at 800 KB)
• Orphaned postmeta, HTTPS enforcement, WP_DEBUG status

The dashboard analyses your live error log, autoload size, cron status, and pending updates — then surfaces the fastest routes to your current problem.

• Seven evaluated scenarios: post-update breakage, slow admin, checkout issues, outages, plugin conflicts, DB errors, performance regression
• Each path shows which modules to visit and in what order
• Specific errors from your log that triggered each recommendation
• Clickable module cards for fast navigation to the right place

"Something broke after an update" is the most common WordPress support request — and the hardest to answer without this. What Changed? tracks every plugin update, activation, and WordPress core update as a timestamped event, then correlates them with your PHP error spikes to show exactly what broke your site and when.

• Interactive SVG timeline displaying change events and error frequency side by side — so the pattern is obvious at a glance
• 0–99 confidence scores: file-path matching (error originates inside the updated plugin's folder) scores 80–99 — that's near-certain attribution
• "What Changed?" button on every error card opens the correlation panel inline — see which update caused the error without navigating away from it
• Plugin version history, error onset analysis, and chronological event log in one view

Read-only queries that surface potential database bottlenecks without modifying a single row.

• Table bloat — lists all tables exceeding 50 MB with exact sizes
• Autoloaded options with Top 10 / Show All toggle, color-coded by severity
• Orphaned postmeta, usermeta, and term relationships; revision bloat detection
• Options table audit — expired transients, oversized options, active transient count

Maps every custom table, cron job, and REST route on your site — and attributes each one to the specific plugin that created it.

• Custom database tables with owning plugin name, version, and row count
• Non-core cron jobs attributed via callback Reflection and fingerprint matching
• REST API namespace map — every route attributed to its registering plugin
• Full Hook Inspector — $wp_filter dump with dark-mode modal and pop-out view

Inspects every script and stylesheet WordPress has enqueued on the front end — with file-level size data.

• Separated JavaScript and CSS sections with individual file sizes
• Running totals per category so you can gauge payload at a glance
• Source attribution — identifies which plugin or theme registered each asset
• Graceful fallback when CDNs don't return Content-Length headers

Understand what WordPress background tasks are actually doing — and which ones aren't running at all.

• Standard WP-Cron jobs with next run timestamp and recurrence interval
• Overdue event detection — flags any event whose scheduled time has passed
• Action Scheduler jobs — pending, failed, and completed counts
• All jobs sorted chronologically by next scheduled run

Every autoloaded option loads into PHP memory on every single page request. This module names the culprits and gives you the exact WP-CLI commands to clean them up.

• Total autoload size with tiered thresholds — warning at 500 KB, critical at 800 KB
• Per-plugin attribution — groups options by prefix to identify which plugin is responsible
• Deep Diagnostics — orphaned options from removed plugins (80+ fingerprint database), autoloaded transients, duplicate cache clusters, migration remnants, stale WooCommerce sessions
• Each finding includes a ready-to-run WP-CLI remediation command

Pre-flight compatibility checks for WordPress core upgrades — surface breaking changes before they break production.

• Deprecated Functions Inventory — every deprecated function with the version it was deprecated in and its replacement
• Breaking Hooks Detector — scans the live $wp_filter for hooks renamed or removed in recent WordPress releases
• Plugin Compatibility Matrix — calls the WordPress.org API to flag plugins not tested against your running WP version

Proactive alerts for things that will break your site in the near future — surfaced before they become emergencies.

• SSL Certificate Expiry — live certificate check, red alert when ≤15 days remain
• PHP end-of-life flags, stale plugin count, and expired API key / license inventory
• Update Risk Analysis — detects major version jumps and flags high database migration risk

A complete technical profile of your hosting environment — surfaced directly inside WordPress admin.

• All critical php.ini directives: memory limit, max execution time, OPcache status, error display, and more
• Every relevant wp-config.php constant with its live value and a plain-language flag for any problems
• Recommended extension check, full loaded extension inventory (searchable), and complete database details

Three read-only security inspections that surface privilege creep, tampered plugin files, and exposed REST endpoints — before an attacker finds them.

• User & Role Audit — every account grouped by role, with flags for non-admins holding dangerous capabilities
• Plugin Checksum Verifier — compares installed files against WordPress.org checksums to detect unauthorized modifications
• REST API Route Inspector — registered routes with permission callbacks, so you know what's publicly accessible

Inspects your media library and permalink layer for orphaned files, broken references, and stale rewrite rules that quietly degrade user experience.

• Media Library Health — detects missing physical files, unattached media, and attachments with broken metadata
• Rewrite Rules Inspector — active rules, stale state detection, and plugin-added rules that may conflict
• Broken Reference Detection — scans post content for attachment IDs that no longer exist

Server-side proxy estimates for LCP, CLS, and INP — correlated with detected performance issues so you know what to fix first.

• LCP, CLS, and INP estimates from server-side metrics and asset weight analysis
• Per-metric signals tied to your actual TTFB, external dependencies, and asset payload
• Color-coded Good / Needs Work / Poor ratings so you can prioritize improvements

Captures per-request execution time, peak memory, database query counts, and hook timelines — the data you need to pinpoint exactly where slowdowns originate.

• Live snapshot: execution time, memory delta, query count, and total query time
• Slow query detection with per-query timing when SAVEQUERIES is enabled
• Hook Timeline Visualisation — bar chart of relative time spent per action and filter callback

The answer to "why is this site broken?" — without spending an hour opening twelve different screens. Root Cause Analysis cross-correlates your error log, slow queries, cron backlog, autoload bloat, and external dependencies into named, actionable findings — then tells you which plugin is responsible.

• Correlates data from all modules into plain-English findings with severity and confidence ratings
• Plugin attribution — names the specific plugin responsible for each finding, with WP-CLI commands and a deactivation link so you can act immediately
• "Primary Suspect" callout when multiple findings point to the same plugin — no more guessing which one to disable first
• Change correlation — checks if recent plugin updates coincide with current errors

Shows exactly which plugins are fighting over hooks, loading duplicate assets, and providing overlapping functionality — with full plugin names, versions, and one-click deactivation links.

• Hook conflict detection — plugin name pills show exactly which plugins share the same hook at the same priority
• Competing plugin analysis — flags two caching plugins, two SEO plugins, or two security scanners active simultaneously, with risk level and deactivation links
• Duplicate asset detection — shows each conflicting handle alongside the plugin name and version that registered it
• Priority extremes — shows which plugin runs first and which runs last on the same hook

Tracks every outbound HTTP request your WordPress site makes — because a slow or failing third-party API can silently cripple your page load times.

• Per-host summary with request count, average latency, max latency, and error rate
• Slow request threshold (500ms+) and failing request identification with status codes
• Blocking vs. non-blocking classification — understand which calls are holding up page rendering

Rolling snapshots of execution time, memory usage, and query counts over time — so you catch regressions the moment they start, not after clients report slowdowns.

• Automatic trend analysis: improving, stable, or regressing — tracked across every snapshot
• Historical snapshot table with execution time, peak memory, query count, PHP version, and active plugin count
• No personal data stored — only anonymous system-level performance metrics

Before you click "Update", know exactly what could break. Pre-Update Impact Analysis scores every pending plugin update with a 0–100 Blast Radius Score — weighted by shared hooks, custom database tables, cron jobs, REST routes, asset size, and error history — so you update with confidence, not hope.

• Blast Radius Score (0–100): the higher the score, the more likely this update affects other parts of your site
• Risk rating: Low / Moderate / High / Critical — with a plain-English summary of exactly what the update could affect
• Shared hooks identified — shows which other plugins share the same hooks, making conflicts visible before they happen
• Analysis cached for 30 minutes so repeated checks are instant