This Is My URL Shadow

WPShadow is the diagnostics tool I wish I’d had when I started auditing WordPress sites professionally. Most of the well-known options either pressure you toward an upsell (“upgrade to fix this!”) or run their checks against your site from a remote server, which means uploading your data to someone else’s infrastructure to learn whether your site is healthy. WPShadow does neither. It runs every check locally inside your install, explains each result in plain English, and stays out of your way unless you ask for help.

What’s inside

• 230+ display-ready diagnostics across security, performance, SEO foundations, accessibility, and editorial hygiene
• Local-first architecture — every check runs inside your WordPress install; nothing is uploaded to a third party
• Plain-English findings — each diagnostic states the issue, the consequence, and the safest fix in language a non-developer can act on
• Safer remediation workflows — fixes that touch the database or filesystem create restore points before they run
• No cloud lock-in — no account creation, no API key management, no usage telemetry

Who it’s for

WordPress site owners and operators who want to know what’s actually going on under the hood without hiring a developer for every audit. Useful if you’re: inheriting a site that someone else built, planning a migration or theme switch, prepping for a security review, or just doing a quarterly health check on a site you care about. Built for non-developers but respected by developers — the diagnostic categories map cleanly to what we’d manually check anyway.

How to install and verify

1. Download the plugin .zip from the button below.
2. Upload via WordPress Admin → Plugins → Add New → Upload Plugin → Install Now → Activate.
3. Run your first scan. The new “WPShadow” item in the admin menu opens to a one-click scan. The first run takes 60–90 seconds depending on your install size and produces a categorized findings list.
4. Verify the local-first behaviour. If you’re security-cautious, watch your network tab while the scan runs. You’ll see zero outbound requests to wpshadow.com — every check is server-local.

How it differs from the alternatives

The well-known WordPress audit plugins all share three patterns I deliberately chose not to copy: they require an account before running their first check, they upload your URL list and content to their cloud for analysis, and they gate the most useful findings behind a paid tier. WPShadow inverts all three — no account, all-local, no paywall on the diagnostic itself. The trade-off is that WPShadow doesn’t ship competitive benchmarks (“how does your site compare to 10,000 others?”); that data only exists if you have a fleet of customer sites to mine, and I don’t think collecting that data is worth the cost.

What WPShadow doesn’t do

It doesn’t push fixes to production for you, and it doesn’t run on a schedule. Every diagnostic is on-demand, every fix is opt-in. If you want unattended operation, that’s a different product — a managed service, not a plugin. WPShadow is the inspection layer; you’re the operator.

Requirements

• WordPress 6.5 or newer
• PHP 8.1 or newer
• ~30 MB free disk space for the plugin and its restore-point store
• An existing WordPress install (WPShadow doesn’t bootstrap a new site for you)

File details

• Version: 1.0.0
• Last updated: December 19, 2025
• Format: .zip
• License: GPL-2.0-or-later
• Tested with: WordPress 6.7 · PHP 8.1+