Fenerly
← Back to homeExample — not live data
Northwind CaféNeeds attention
67
67/ 100

Blended from internal plugin checks + the external scan.

Per-check breakdown

Sec

72 / 100
  • outdated_pluginsHow many installed plugins have updates pending.

    Outdated plugins are the most common way WordPress sites get hacked — known vulnerabilities get patched in updates that haven't been applied.

    Technical detail

    Reads WordPress's cached update counts (no extra request). 0 outdated = full points; the score steps down as the count rises. Fix: update plugins from Dashboard → Updates; remove ones you don't use.

    3
    15/25

Perf

54 / 100
  • autoload_kbHow much data WordPress loads on every single request.

    WordPress loads a set of “autoloaded” options on every page view. When that grows large (often from plugins that never clean up), every request gets slower.

    Technical detail

    Sums LENGTH(option_value) WHERE autoload='yes'. <500KB healthy; >3MB scores zero. Fix: audit the wp_options table for bloated autoloaded rows left by removed plugins; set heavy rarely-read options to autoload='no'.

    Read the full spec ↗
    1840
    30/40
  • opcache_enabledPHP's bytecode cache is on — a big speed win.

    OPcache stores compiled PHP in memory so the server doesn't recompile your code on every request. Turning it on is one of the cheapest performance wins available.

    Technical detail

    Checks opcache_get_status(). Fix: enable opcache in php.ini (opcache.enable=1) — most managed hosts offer a toggle.

    Read the full spec ↗
    true
    25/25

Ops

68 / 100
  • wp_cron_firingWordPress's scheduled-task runner is working.

    WP-Cron runs your site's scheduled jobs (publishing posts, sending emails, plugin tasks, and our own health heartbeat). If it isn't firing, those jobs silently never run.

    Technical detail

    Checked via wp_next_scheduled('fenerly_send_heartbeat'). If false, WP-Cron is broken — often because DISABLE_WP_CRON is set without a real system cron replacing it. Fix: add a server cron hitting wp-cron.php every few minutes, or remove DISABLE_WP_CRON.

    Read the full spec ↗
    false
    0/30
  • php_supportedThe site runs a PHP version that still gets security fixes.

    PHP is the language WordPress runs on. Old versions stop receiving security patches, leaving the site exposed and often slower.

    Technical detail

    Passes on PHP 8.1+. PHP 8.0 reached end-of-life 2023-11 and 7.x is long EOL. Fix: ask your host to upgrade PHP (usually a one-click setting in the hosting panel).

    Read the full spec ↗
    8.2.18
    30/30
  • wp_core_currentNo major WordPress core update is pending.

    Running the current WordPress release means you have the latest security and bug fixes. A pending major update is a known gap.

    Technical detail

    Reads WordPress's own cached update data (no extra request). Fix: update WordPress from Dashboard → Updates; enable automatic background updates for minor releases.

    Read the full spec ↗
    true
    25/25

This is an illustration. Sign in to connect your own sites.