Skip to content
Insight

WordPress SEO Audit: Plugins, Permalinks, And Core Updates

If you run your site on WordPress, you are already on the most common CMS on the web. WordPress powers about 43% of all websites, which is exactly why SEO in WordPress is both well understood and fiercely competitive.

Rick Talbot
Rick

Digital Director

A proper WordPress SEO audit is not about installing yet another plugin and hoping for the best. It is about making sure your technical foundations are solid, your URL structure is consistent, and your site stays stable through core updates. Get those 3 right and you normally see faster crawling, cleaner indexation, better rankings for the pages that matter, and fewer nasty surprises when WordPress changes under the hood.

This guide walks you through a practical audit you can run on your own site, with a clear focus on plugins, permalinks, and core updates. It is written in the same fix-first, performance-led mindset we use at Totally Digital.

Why a WordPress SEO audit matters in the UK market

In the UK, online shopping is a huge slice of overall retail, and it moves around month to month. The Office for National Statistics tracks internet sales as a percentage of total retail sales, and it regularly sits in the high-20% range (for example, it hit 27.0% in December 2024). That means your organic visibility is tied directly to commercial outcomes for a big chunk of the market.

And it is not just ecommerce. If you are generating leads, your website is often the first real sales conversation someone has with you. If SEO problems stop Google from crawling, indexing, or trusting key pages, you are basically paying an invisible tax on every click you should have earned for free.

A WordPress SEO audit helps you remove that tax by checking 3 areas that cause the most avoidable issues:

  1. Plugin bloat and misconfiguration (duplicate SEO features, blocked crawling, slow pages)
  2. Permalink and URL consistency (duplicate URLs, messy redirects, thin category archives)
  3. Core updates and change control (rankings drops from theme or plugin conflicts, broken templates, performance regressions)

If you want a broader checklist alongside this WordPress-specific guide, Totally Digital’s 15-point audit framework is a good reference point.

Step 1: Start your audit with outcomes, not tools

Before you touch plugins or permalinks, get clear on what success looks like, because WordPress sites can be technically perfect and still underperform if they target the wrong pages or the wrong intent.

Ask yourself:

  • Which pages should drive revenue or leads in GBP
  • Which keyword themes support those pages
  • Which conversions matter (form submits, calls, purchases, quote requests)
  • What your baseline organic performance is today

If your tracking is not reliable, you will struggle to prioritise. A practical way to ground your audit is to combine GA4 and Google Search Console so you can tie search visibility to behaviour and conversions. This is exactly why we often start with a data-first audit pass.

Step 2: Plugin audit (the part most WordPress sites get wrong)

Plugins are one of WordPress’s biggest strengths and one of its most common SEO failure points.

Your goal is not “more plugins”. Your goal is:

  • 1 clear source of truth for SEO settings
  • Minimal overlap across performance, caching, schema, redirects, and security
  • No plugin doing heavy work on every page load if it could be cached, deferred, or handled server-side

Identify plugin overlap and conflicts

Common overlap patterns that hurt SEO:

  • Multiple SEO plugins (for example, 2 plugins outputting titles, canonicals, or schema)
  • Multiple caching layers that fight each other (plugin caching plus server caching plus CDN rules that do not match)
  • Multiple redirect managers (redirect loops, chains, and rules you forget exist)
  • Multiple image optimisation plugins (double compression, broken lazy loading, CLS issues)

What to do:

  • Make a list of every active plugin and what it is responsible for
  • For each SEO-critical function, ensure only 1 plugin owns it:
    • Titles and meta descriptions
    • Canonical tags
    • XML sitemaps
    • Robots meta and noindex rules
    • Schema markup
    • Redirect management

If you are not sure what is actually being output, view the page source and search for canonical, robots, and JSON-LD. It is boring, but it is the fastest way to spot duplication.

Check your SEO plugin setup (not just that it is installed)

Whatever SEO plugin you use, your audit checklist should include:

  • Titles and meta templates Make sure you are not auto-generating junk titles on category archives or tag pages.
  • Indexation rules WordPress loves creating thin pages: tags, author archives, date archives, attachment pages. Decide what is valuable and noindex the rest.
  • XML sitemap coverage Confirm it includes the pages you want indexed and excludes the pages you do not.
  • Canonical rules Confirm your canonical points to the preferred URL version, especially if you use parameters, sorting, or pagination.

If you want a deeper, sitewide view of indexation and crawl signals, the “technical audit first” approach is covered here.

Performance plugins and Core Web Vitals

Speed is not just a UX issue, it is an SEO and conversion issue. The problem on WordPress is that performance issues often come from plugin weight and theme decisions, not just hosting.

Your audit should check:

  • Whether caching is actually working (test logged out, test multiple pages, confirm headers)
  • Whether you are delaying or deferring non-critical scripts
  • Whether you have render-blocking CSS and JavaScript from page builders, sliders, or third-party widgets
  • Whether images are sized correctly and not causing layout shift

A practical performance deep-dive including CWV thresholds and what to fix is here.

Quick reality check: if you have 30 plus plugins and a heavy page builder theme, you will almost always have opportunities to improve Largest Contentful Paint, Interaction to Next Paint, and layout stability. You do not need a fancy solution, you need fewer moving parts.

Security, spam, and SEO trust

Security is an SEO issue because hacked sites get deindexed, spam pages get indexed, and you end up cleaning up a mess instead of growing revenue.

During your plugin audit:

  • Remove inactive plugins you are not using (inactive does not mean safe)
  • Keep only reputable plugins with active maintenance
  • Make sure your login and admin routes are protected
  • Monitor for unknown admin users, strange redirects, and newly created pages

This is also where core updates come in, which we will cover properly in a minute.

Step 3: Permalink audit (where WordPress creates silent duplication)

Permalinks are not just aesthetics. They control how Google sees your site structure, how authority flows, and whether you create multiple URLs that represent the same content.

Pick a single URL format and enforce it everywhere

You want consistency across:

  • HTTP vs HTTPS (it should be HTTPS)
  • www vs non-www (choose one)
  • Trailing slash vs no trailing slash (choose one)
  • Uppercase vs lowercase (lowercase)
  • Parameter handling (trackers and filters should not create indexable duplicates)

Your audit actions:

  • Check your WordPress Address and Site Address settings
  • Confirm your canonical tags match your chosen format
  • Crawl the site and look for both versions being accessible
  • Fix via redirects at server level where possible (faster, more reliable than plugin rules)

If you see redirect chains, clean them up. One redirect is usually fine. Multiple redirects waste crawl budget and slow down users.

Review your permalink structure for clarity and scalability

For most UK businesses, a clean structure works best:

  • /service-name/
  • /locations/location-name/ (if you have location pages)
  • /insights/article-name/ or /blog/article-name/

Avoid:

  • Dates in URLs unless you have a strong publishing reason
  • Deep category nesting that you constantly change
  • Random IDs that make URLs unreadable

Also, avoid changing permalink structures casually. If you already rank, a structural change is a migration, even if the site stays on the same domain.

Category and tag archives (thin content magnets)

WordPress archive pages are a classic index bloat problem:

  • Tag pages with 1 post
  • Category pages that duplicate the content of your blog listing
  • Author pages that add no value
  • Date archives that exist purely because WordPress created them

Your audit checklist:

  • Decide which archive types should be indexable
  • If a category page is indexable, make it useful:
    • Add a real intro, explain the topic, link to key resources
    • Make sure pagination is handled correctly
  • Noindex the rest

Index bloat is not theoretical. It creates crawl traps and dilutes your site quality signals. If you want a wider lens on crawl management, this is worth reading.

Media attachment pages and image URLs

Depending on your setup, WordPress can generate attachment pages for every image. These pages are usually thin and should almost always be redirected to the media file or the parent post, and often noindexed.

Check:

  • Are attachment pages indexable
  • Are they generating organic impressions in Search Console
  • Are they being linked internally in a way that steals authority

Fixing this alone can clean up a surprising amount of noise.

Step 4: Core updates (how to stop updates from hurting your rankings)

Core updates are not optional. If you ignore them, you risk security issues and compatibility problems. If you apply them blindly, you risk breaking your SEO outputs, layouts, and performance.

A good update process is simple and boring, which is exactly what you want.

Use a staging environment and a rollback plan

Before you update:

  • Take a full backup (database and files)
  • Update in staging first
  • Record baseline performance:
    • A few key templates (home, service page, blog post, category)
    • Core Web Vitals or Lighthouse scores
    • Indexation checks (robots, canonicals, schema present)

After you update:

  • Recheck templates and structured data output
  • Recheck caching and minification behaviour
  • Check for JavaScript errors introduced by theme or plugin changes

If you are not sure what “good” looks like technically, the Technical SEO audit guide helps you know what to validate after changes: 

Watch for SEO regressions after updates

The most common post-update SEO issues on WordPress:

  • Canonical tags missing or duplicated
  • Robots meta changed (suddenly noindexing key pages)
  • XML sitemap errors
  • Schema markup removed by theme changes
  • Performance regressions from new scripts or CSS
  • Broken internal links from template updates

This is why you should treat updates as release management, not admin chores.

Keep plugins updated, but do not auto-update everything blindly

Auto-updates can be fine for minor releases on stable plugins, but be careful with:

  • Your SEO plugin
  • Caching and performance plugins
  • Page builder plugins
  • Ecommerce plugins
  • Security plugins that can affect access rules

Instead, batch updates and test them together in staging, then push live when you have validated SEO outputs.

Step 5: Make your audit measurable using reporting and monitoring

A WordPress audit should leave you with:

  • A prioritised fix list (high impact first)
  • Clear owners (who will implement each fix)
  • A measurement plan (how you will confirm improvement)

If you want to push beyond one-off fixes into continuous growth, you want monitoring and reporting built into your rhythm.

And if you want a more data-led view of what to fix first, explore Totally Digital’s analytics approach.

A simple WordPress SEO audit checklist you can run this week

Use this as a quick action plan.

Plugins

  • Remove anything unused, duplicated, or abandoned
  • Ensure only 1 plugin controls SEO meta, canonicals, schema, and sitemap
  • Validate caching works and does not break rendering
  • Confirm image optimisation does not cause layout shift

Permalinks

  • Enforce HTTPS and a single preferred domain version
  • Standardise trailing slash behaviour
  • Clean up redirect chains
  • Noindex thin archives (tags, author pages, date archives) unless you have a real reason

Core updates

  • Use staging, backups, and post-update validation
  • Recheck page source for canonicals, robots, and schema
  • Recheck Core Web Vitals performance after updates

Data

  • Confirm GA4 and Search Console are connected and usable
  • Track organic landing pages that drive conversions in GBP
  • Monitor indexation changes and sudden traffic drops

If you want a more complete audit structure to work through alongside this, these are solid companion reads:

  • Content audit framework
  • Ecommerce-specific audit issues (filters, canonicals, indexation)
  • Full insights hub for audit playbooks.

What to do next (so your audit turns into growth)

A WordPress SEO audit is only useful if it turns into fixes that move the needle. The practical approach is:

  1. Fix anything that blocks crawling and indexing
  2. Remove duplication and index bloat caused by archives and URL inconsistencies
  3. Reduce plugin overlap and improve performance
  4. Put an update process in place so core changes do not break SEO
  5. Track results against the pages that generate leads or sales

If you want a second set of eyes, or you would rather have a team audit and prioritise everything for you (with clear developer-ready recommendations), explore Totally Digital’s audit service here.

If you’re tired of traffic that doesn’t convert, Totally Digital is here to help. Start with technical seo and a detailed seo audit to fix performance issues, indexing problems, and lost visibility. Next, scale sustainably with organic marketing and accelerate results with targeted paid ads. Get in touch today and we’ll show you where the quickest wins are.

Rick Talbot
Rick

Digital Director