Takeover risk assessment for WordPress agencies

Know the risk before you quote the takeover.

Agencies inherit badly maintained sites and underquote the true cost. Install the scanner on the site you're being asked to take on and get an honest risk verdict — and a recommended price band — in seconds.

FROM $49/YEAR · LIFETIME OPTION · 14-DAY GUARANTEE

11 categories, scored & weighted Low / Med / High verdict + price band Deep scan finds abandoned plugins Branded PDF for your quote
“We quoted a standard care plan. Three weeks in we found end-of-life PHP, a bespoke theme nobody documented, two abandoned plugins and a database dump sitting in the web root. We were doing remediation for free.”
— the takeover that ate the margin

The cost of a site you inherit is hidden until you're already committed. WP Takeover Scanner surfaces it before you send the quote.

What it does

Eleven checks. One verdict. A number to quote.

Everything is read from the site itself, so the assessment is instant and works on a site you've only just been handed.

ASSESS

Eleven weighted categories

PHP & WordPress versions, the plugin estate, plugin conflicts, admin accounts, custom code, cron load, database weight, update posture, security posture, backup debris & exposure, and maintenance complexity. Each finding is scored and rolled into a single risk figure.

VERDICT

Low / Medium / High + a price band

The weighted score becomes a plain verdict, and each verdict maps to an editable support price band you set to your rate card. The assessment doesn't just flag risk — it tells you what to quote, or whether to price a remediation project first.

DEEP SCAN

Find the truly abandoned plugins

The instant scan flags plugins with no wordpress.org updates. The optional deep scan asks wordpress.org for each plugin's last author-update date and tested-up-to version — surfacing plugins abandoned 2+ years and ones untested on your WordPress branch.

EXPOSURE

Catch the debris left in the web root

Database dumps, backup archives, an exposed .git directory, public debug logs — the sweep finds .sql / .wpress / .tar.gz files, oversized zips, backup folders and readable logs. Often the single scariest finding in a real takeover, and a fast credibility win in your report.

REPORT

A branded PDF for the quote

Produce a print-ready assessment with your logo, colour and agency name — the verdict, the price band and every category finding. Attach it to the proposal so the client sees exactly what they're asking you to take on.

The verdict

Anatomy of a takeover you priced correctly.

AThe verdict & band

Low, Medium or High, and the monthly support tier you should be quoting for it.

BThe findings, ranked

Every category with a severity, so the risks that matter are impossible to miss.

CThe hidden liabilities

Abandoned plugins, exposed backups, dead PHP — the costs that don't show up until week three.

DThe evidence

A branded report the client can read, so a defensive quote looks professional, not pessimistic.

Honest comparison

How we compare to quoting blind.

The alternative to a scan is a hopeful guess and a standard price. Here's what changes when you see the site first.

WP Takeover Scanner (us)Quoting blind
Know the risk before you commit✓ Verdict in seconds✗ Find out in week three
Abandoned / untested plugins✓ Deep scan flags them✗ Discovered the hard way
Backup debris & exposure✓ Swept automatically✗ Usually missed
A number to quote✓ Verdict → price band◐ Your standard rate, fingers crossed
Consistent across the team✓ Same assessment every time✗ Depends who looked
Client-ready justification✓ Branded PDF✗ None
Read-only & safe on a live site✓ Never modifies anything
Replaces a manual security audit◐ Flags risk, doesn't replace it

The scanner doesn't replace a proper code review and security audit on a serious takeover — it tells you how much of each to budget for, and gives you the evidence to quote it. Full comparison →

Pricing

Simple prices. One is forever.

Every plan includes every feature — all eleven categories, the deep scan, editable price bands and the branded report. You're only choosing how many sites.

Solo
$49/yr

1 site

  • All features included
  • Updates & support for a year
  • 14-day guarantee
Choose Solo
Agency
$99/yr

25 sites · for agencies

  • All features included
  • Updates & support for a year
  • 14-day guarantee
Choose Agency
Unlimited
$149/yr

Unlimited sites

  • All features included
  • Updates & support for a year
  • 14-day guarantee
Choose Unlimited
Lifetime
$299 once

Unlimited sites, forever

  • All features, all future updates
  • Never renew, never re-buy
  • 14-day guarantee
Own it forever

Prices in USD. Licence keys are domain-based — no accounts, no phoning home. VAT invoices available.

Questions

Asked and answered.

What does the scanner check?

Eleven categories, all read live from the site with no external calls (except the optional deep scan): PHP and WordPress versions, the plugin estate, plugin conflicts, administrator accounts, custom code, cron load, database weight, update posture, security posture, backup debris and exposure, and overall maintenance complexity. Each is scored and weighted into a single risk figure.

What is the recommended price band?

The weighted score produces a Low / Medium / High verdict, and each verdict maps to an editable support price band you set to match your rate card. So the assessment doesn't just flag risk — it tells you roughly what to quote, or whether to price a remediation project first.

How does it find abandoned plugins?

The instant scan flags plugins that receive no wordpress.org updates (custom, premium or abandoned). The optional Deep Scan then asks wordpress.org for each plugin's last author-update date and tested-up-to version — surfacing plugins abandoned for 2+ years and ones untested on your WordPress branch.

What's the backup-debris and exposure check?

Inherited sites are notorious for database dumps, backup archives and exposed .git folders left in the web root, plus public debug logs. The scanner sweeps for .sql / .wpress / .tar.gz dumps, oversized zips, backup-looking folders, an exposed .git directory and readable log files — often the scariest single finding in a real takeover.

Can I give the report to the client?

Yes. Produce a branded, print-ready PDF assessment (your logo, colour and agency name) with the verdict, price band and every category finding — ideal to attach to a quote so the client understands what they're asking you to take on.

Does it change anything on the site?

No. It's read-only: it assesses and reports, it never modifies the site. A takeover should still include a manual code review and a proper security audit — the scanner tells you how much of each to budget for.

How is the licence delivered?

Order through the form and your licence key and invoice arrive by email, usually within the hour. Keys are domain-based — no account, no phoning home, no lock-in.

What if it's not for me?

14-day money-back guarantee, no questions. Email us and we refund you.

Get started

Quote your next takeover with your eyes open.

Order below and your licence key and invoice arrive by email — usually within the hour. Install on the site you're assessing, run the scan, and attach a branded risk report to your proposal today.

14-DAY MONEY-BACK GUARANTEE · SUPPORT BY ACTUAL HUMANS

You'll receive an invoice by email — pay by card or bank transfer. Nothing is charged on this page.