# WordPress plugin audit checklist
## Volade — practical guide · June 2026

Print this page or check off as you go.

---

## Phase 0 — Inventory (before any scan)

- [ ] Count active plugins: __________
- [ ] Count inactive plugins: __________
- [ ] List critical plugins (WooCommerce, payment, SEO, cache, backup)
- [ ] Full files + database backup
- [ ] Mirror staging available: yes / no
- [ ] WordPress and PHP versions noted: __________

---

## Phase 1 — PUD install & scan

- [ ] Plugin Usage Detector installed on **staging**
- [ ] Preset chosen: Full audit / WooCommerce cleanup / Security minimal
- [ ] Scan launched and completed without error
- [ ] JSON export archived: `/client-audits/[date]-pud.json`

---

## Phase 2 — Report analysis

- [ ] `zombie_bloat` and `likely_unused` statuses listed
- [ ] Trust breakdown read for each removal candidate
- [ ] SEO / cache / backup overlaps documented
- [ ] `infrastructure` and `admin_only` plugins marked KEEP
- [ ] Ignore list configured for client custom / MU-plugins

---

## Phase 3 — Staging & tests (5/5)

- [ ] Batch deactivation (max 3 plugins at a time)
- [ ] Public front: home + key page OK
- [ ] Checkout test OK (if WooCommerce)
- [ ] Forms / transactional emails OK
- [ ] Wait 24–48 h or manual cron before final deletion

---

## Phase 4 — Post-purge & deliverable

- [ ] PHP Compatibility Checker scan on remaining stack
- [ ] Heartbeat Control Manager if admin-ajax heavy (optional)
- [ ] Client report: removed / kept plugins / overlaps
- [ ] 7-day watch — PHP logs, Site Health

---

## If something goes wrong

| Symptom | Lead |
|---------|------|
| Checkout broken after deactivation | Reactivate gateway — admin_only status? |
| Missing shortcode on front | Search CPT / builder templates |
| DB autoload still heavy | Delete inactive zombie plugin files |
| Client reinstalls plugins | Propose governance charter + quarterly review |

---

volade.com/en/blog · Plugin Usage Detector by Volade
