WordPress plugin for auditing a single URL for high-impact on-page technical SEO signals.
Live demo: https://www.techseoexperts.com/tools/seo-site-auditor/
On-Page SEO Auditor is a production-ready WordPress plugin built to analyze a single user-provided URL and report deterministic on-page technical SEO observations.
It is designed for real-world public use on a production WordPress site, with a strong emphasis on security, correctness, performance control, and long-term maintainability.
The plugin performs a tightly scoped audit of one URL and reports observed signals such as HTTP response behavior, indexability directives, canonical behavior, heading structure, metadata presence, structured data presence, and selected social metadata.
This repository exists to document and showcase the source code, architecture, security model, and product thinking behind the plugin.
The live plugin page is available here:
https://www.techseoexperts.com/tools/seo-site-auditor/
That page demonstrates the real tool in use on the Tech SEO Experts website.
A large number of “SEO audit” tools are either too broad to be trustworthy, too shallow to be useful, or too loosely implemented to expose safely from a public WordPress site.
This plugin was built to solve a narrower and more defensible problem:
- accept a single URL
- perform a controlled fetch
- extract high-value technical SEO signals
- report observations clearly
- avoid unsafe defaults
- avoid feature creep into a crawler or browser emulator
The result is a more focused and more reliable tool for quick on-page technical inspection.
This plugin is designed for:
- WordPress developers
- SEO professionals
- marketers
- site owners
- employers and technical reviewers evaluating secure plugin engineering
The plugin supports controlled analysis of a single URL, including:
- final HTTP status code
- redirect chain inspection
- content-type inspection
- X-Robots-Tag detection
- title extraction and title length
- meta description extraction and length
- meta robots detection
- canonical extraction
- canonical conflict analysis
- heading counts for H1 through H6
- deterministic indexability summary statements
- JSON-LD presence detection
- Open Graph presence checks
- Twitter meta presence checks
- JSON export of the audit report
This plugin intentionally does not do the following:
- full-site crawling
- backlink analysis
- keyword tracking
- ranking analysis
- JavaScript rendering
- headless browser execution
- external SaaS API enrichment
- persistent storage of audit reports
These boundaries are intentional. They reduce attack surface, improve predictability, and keep the tool honest about what it can verify directly.
Security is a first-class part of the implementation.
Key controls include:
- strict URL normalization and validation
- http and https allowlist only
- SSRF protections
- localhost and private network blocking
- redirect validation on every hop
- request timeout enforcement
- response-size caps
- output escaping
- nonce-protected AJAX requests
- rate limiting
- no deployment automation from GitHub
- no unsafe runtime features such as eval, shell execution, arbitrary file writes, or hidden persistence
Additional security documentation:
The plugin uses a plugin-based architecture with separated responsibilities for:
- request handling
- validation
- remote fetching
- parsing
- rendering
- rate limiting
- logging
This separation is deliberate. It improves reviewability, maintainability, and testing discipline.
More detail:
A typical report may include:
- request summary
- HTTP findings
- indexability summary
- HTML findings
- canonical analysis
- structured data presence
- social meta presence
- derived signals
- critical errors
The plugin reports observations and deterministic findings only. It does not attempt to guess intent, assign an “SEO score,” or predict search engine behavior beyond directly observed directives.
More detail:
- Download or clone this repository
- Place the plugin files in your WordPress plugins directory
- Activate the plugin in WordPress Admin
- Add the shortcode
[seo_site_auditor]to a page or Elementor Shortcode widget - Publish the page and test the tool with a public URL
- Open the live plugin page or a local page where the shortcode is embedded
- Enter a fully qualified URL
- Run the audit
- Review the resulting sections
- Optionally export the report as JSON
Core repository documentation:
- Architecture: docs/architecture.md
- Error codes: docs/error-codes.md
- Limitations: docs/limitations.md
- Release process: docs/release-process.md
- Response schema: docs/response-schema.md
- Roadmap: docs/roadmap.md
- Security model: docs/security-model.md
- Testing guide: docs/testing-guide.md
- Threat model: docs/threat-model.md
Governance and security files:
This repository is intended to demonstrate more than plugin functionality.
It also demonstrates:
- security-conscious WordPress engineering
- narrow-scope product design
- defensive input handling
- maintainable plugin architecture
- documentation discipline
- governance and release hygiene
The project is public for transparency and reviewability, but trusted code remains under controlled maintainer review.
This repository is public and accepts public issues.
Public pull requests may also be opened, but all changes to the trusted main branch require explicit maintainer review and approval.
This repository is not a production deployment authority. No code should be treated as production-trusted merely because it exists on GitHub.
High-quality bug reports and tightly scoped feature requests are welcome.
Contributions must preserve the project’s narrow scope and security posture.
Before opening a pull request, review:
Public releases should follow semantic versioning where practical.
Examples:
- v1.0.0
- v1.1.0
- v1.2.0
All notable changes should be recorded in CHANGELOG.md.
The live page demonstrates the real plugin in use: https://www.techseoexperts.com/tools/seo-site-auditor/
This repository documents the source code, design decisions, documentation, and governance behind that tool.
That relationship is intentional. The live page provides product trust. The repository provides engineering trust.
This project is licensed under GPLv2 or later. See LICENSE for details.
Built and maintained by Tech SEO Experts.
Live plugin page: https://www.techseoexperts.com/tools/seo-site-auditor/
Brand site: https://www.techseoexperts.com/
Tech SEO Experts develops security-conscious technical SEO plugins, validation tooling, and implementation systems for organizations that require verifiable diagnostics, clean engineering, and long-term maintainability.
For repository-specific issues, use this repo’s GitHub Issues and security process. For professional implementation or technical SEO consulting inquiries, use the appropriate contact channel published by Tech SEO Experts.