War Story: The Audits That Made Us Walk Away

🛠 1. Plugin Bloat & Redundancy

Active Plugins: 25+
Best Practice: Max 10–12, well-vetted plugins. Anything beyond that is a red flag for poor planning, technical debt, or lack of dev expertise.

Redundancies & Bloatware:

• - MetForm – Replaced by WebRunner’s dynamic form.
• - Site Kit – Redundant with GTM4WP.
• - 301 Redirects – Installed to patch broken structure. Shouldn’t exist in a clean build.
• - Duplicate Menu – Another patch for poor architecture.
• - Permalink Manager Lite – Crutch for bad structural decisions.
• - Safe SVG – Adds SVG support globally; minor benefit, not worth the load.
• - Templately – Redundant. Elementor already handles templating.
• - Temporary Login – Niche use-case. Should be replaced with secure internal system or removed.
• - Wicked Folders – Eye candy, no functional benefit.

Heavyweight Bloatware Addons:
All tank performance, bloat the DOM, and could be replaced with clean code:

• - ElementsKit Lite
• - Envato Elements
• - Essential Addons for Elementor (Free & Pro)
• - Jeg Elementor Kit

Dead Weight:

• Rank Math SEO – Inactive, abandoned, still taking up room.

Security Risk: Outdated/inactive plugins = bigger attack surface, especially on high-traffic WordPress sites.

Performance Hit:

• - Slower page loads
• - More DB queries
• - Increased memory usage
• - Higher risk of JS/CSS conflicts

Bottom Line:
The plugin stack is a load of patchwork tools, slapped together to cover fundamental flaws in the site’s architecture. Instead of writing secure, efficient code, there are 25+ plugins clogging performance and security.

🛠 2. Hybrid Dynamic vs. Static Pages

ACF Usage: Good intention. Bad application.
ACF (Advanced Custom Fields) was applied incorrectly:

• 70+ field groups created — some assigned to hundreds of pages → massive overhead.
• Fields aren’t standardized, reused arbitrarily, creating inconsistencies and bugs.

Parts of the site:

• Some built using hardcoded Elementor widgets.
• Others rely on ACF to inject values.

This mix = inconsistent updates and double the effort.

Structure patched with ACF:
Some location pages cloned in Elementor, then “fixed” with injected ACF content.

Theme Builder Abuse:

• 40+ separate footers for countries/locations — nearly identical.
• Manually linked with conditions, plugins, or permalinks instead of dynamic fields.

Result:

• - No centralized logic
• - Redundant templates
• - Unmanageable page-per-country structure
• - Zero scalability

Adding a new location means:

1. Create a new page template
2. Set up custom ACF fields
3. Assign a tag
4. Manually assign headers/footers
5. Custom permalink setup
6. Pray nothing breaks

Verdict: This is anti-scalable architecture — built without a content model, without a plan, and without a clue.

🛠 3. Custom Code (PHP/JS)

functions.php

• - Random JS injected via <script> in PHP — used for tracking, but injected unsafely and unconditionally. Should have used wp_enqueue_script() or hooks. Current method = messy, insecure.
• - Localization menu built in PHP instead of using WordPress Menus — total overkill. Reinvented functionality that already exists, bypassing standards and making navigation harder for non-devs.
• - Commented-out SVG widget code still loads — dead code mines. Even commented, it’s bundled and can cause conflicts or confusion.
• - Adds tags to pages — technically works, but not integrated with templates, search, or navigation. Half-done, useless bloat.

cg-scripts.js

• -DOM observers for form detection running on all pages — huge overhead. Wasted CPU + slower rendering.
• -CTA click tracking via cookies — sloppy. No fallback, no expiration logic. Risky and possibly non-compliant with privacy standards.
• -JS added via theme file instead of enqueue system or Elementor Custom Code — poorly modular. Should’ve been properly scoped + conditionally loaded.

Verdict:
A full child theme was spun up just to drop in 3 PHP snippets + a JS file. No separation, no encapsulation, no control. This duct-tape “custom dev” wastes the modularity WordPress + Elementor already provide.

Better solutions:

• - Custom Plugin for PHP code
• - Elementor Custom Code (for JS) since elementor is already used
• - Proper wp_enqueue_script() usage

🛠 4. Structural Chaos in Pages & Templates

Elementor Theme Builder: Misused & Abused

• - 40+ separate footer templates manually created + assigned.
• - Each nearly identical. Any global change (logo, link, tweak) must be done 40+ times.
• - Wastes time, unsustainable, not scalable.

Permalink Manager = A Crutch
Used to simulate clean, location-based URLs (e.g. /us/ or /uk/) instead of:

• - Native WordPress taxonomy rewrite rules
• - Or custom post types with hierarchical URL control

⚠️ This creates brittle URLs and conflict risks.

Folder + Tag Combo = Confusion Overload

• - Tags for categorization
• - Folders (via Wicked Folders plugin) for visual grouping
• - Permalink Manager for URL shaping

3 systems layered → none communicate → pure chaos.

Result: No Unified Content Architecture

• - No content model
• - No single source of truth
• - No coherent admin navigation
• - No reusable templating strategy

The Admin Experience:
A booby-trapped maze. Franchisees given backend access would be overwhelmed instantly.

• - 40 templates
• - Conflicting tags
• - Custom fields everywhere
• - Broken preview links
• - Weird permalinks
• - 25+ plugins

Verdict:
Without heavy training and documentation, this setup = guaranteed chaos, data loss, broken pages.
And right now? Zero documentation exists.

🛠 5. ACF Overengineering & Mismanagement

Advanced Custom Fields (ACF): A powerful tool when used correctly. Here? It’s a bloated maze.

• - 70+ field groups created
• - Some used only once — better handled via page templates or local fields
• - One group (“Full Services Block”) assigned to 542 pages — no clear reason
• - Zero naming conventions, no grouping, no descriptions — impossible to maintain
• - Location rules incoherent — groups applied globally even when irrelevant

Why this is a problem:

• - Makes the admin overwhelming — editors see irrelevant fields everywhere
• - Slows down the backend — ACF loads unnecessary logic across hundreds of pages
• - No scalable strategy — hard to maintain or extend
• - Risk of editors breaking layouts due to unclear fields

Conclusion:
Instead of simplifying content management, ACF was abused to build a “second WordPress inside WordPress” with no documentation. What should be a clean editing layer became a tangled mess of fields with no map.

🛠 6. Workflow: Jira Without Process

The current Jira board looks more like a marketing Trello list than a dev pipeline.

• - No sprints → no time-boxed goals, no velocity tracking
• - No prioritization → critical tasks buried under vague subtasks
• - No planning → everything floats aimlessly
• - No time tracking, documentation, or reporting
• - No QA, UAT, or code reviews
• - No Git branches, no staging, no CI/CD pipeline

Examples of dysfunction:

• - Tickets sat “In Progress” for a month
• - 20+ active tickets “In Progress” with no updates, commits, or delivery

Impact:

• - Zero accountability → no logs, no visibility
• - No confidence in deadlines → work stuck or forgotten
• - QA blocked → no checkpoints to test against
• - Leadership blindfolded → no tracking of cost vs. output

🛠 7. Performance + Maintainability

The site isn’t just inefficient — it’s hostile to performance and future scalability.

No Optimization Strategy:

• - JS & CSS not combined, minified, or deferred
• - Third-party scripts injected via raw <script> tags
• - No lazy loading, no critical CSS logic
• - No preloading of fonts or key assets

No Staging or CI/CD:

• - All changes made directly on production (⚠️ huge risk)
• - No versioning, rollback, or test pipeline
• - One mistake can bring the site down

Caching = Broken:

• - Blend of manual content + ACF + third-party templates kills caching
• - Nothing truly static, everything dynamic but handled like static

Code Structure = “Spaghetti”:

• - No separation between logic and display
• - Business logic mixed into frontend rendering
• - Reusability = 0, Scalability = 0

Conclusion:
The site wasn’t designed to perform or scale. It’s been patched until it just barely limps along.

🛠 8. Security & SEO Concerns

Obfuscated JS in wp_head:

• - Tracking script injected via encoded JavaScript
• - Suspicious to bots/scanners — could be flagged as malicious or obfuscated behavior
• - No input sanitization or script management policy in place

SVG Support Sitewide (Safe SVG):

• - SVG uploads globally allowed
• - Even with Safe SVG, unsanitized SVGs = XSS risk
• - No SVG validation logic implemented

SEO Stack = Conflicted & Neglected:

• - Yoast + RankMath both installed
• - RankMath inactive
• - No canonicals, schema config, or sitemap strategy
• - No robots.txt optimization
• - Search engines have zero guidance

Conclusion:
Security is an afterthought. SEO is virtually non-existent.

🛠 Summary: The Conclusion in One Breath

The current website is a textbook case of compounded technical debt. Instead of fixing fundamentals, the dev team layered plugins, templates, ACF fields, and overrides on top of a broken system — effectively building a “WordPress inside WordPress.”

The result?

• ❌ No Scalability
• ❌ No Maintainability
• ❌ No Strategy
• ❌ Admin so convoluted that partners would need extensive training just to not break things

The original project may have started in disarray, but the current developers made it worse: bad practices, plugin abuse, redundant logic, undocumented custom code, zero structure, zero QA.

Our stance:
This cannot be salvaged. It must be rebuilt.

The solution? A full reset (outlined in the Non-Technical Audit): clean infrastructure, dynamic templating, optimized workflows, documented QA, secure code, scalable architecture.

🛠 Final Note

Even if "X - Company Name" doesn’t choose to work with Web Runner, our professional stance remains the same:

This website is unsustainable and will fail under its own technical debt.

If not us, find experienced developers to rebuild it properly from the ground up. The current team is applying short-sighted patches to a compromised foundation. It’s not inefficient — it’s dangerous.

This is not preference — this is business continuity.

Delaying action = higher cost, higher risk, lost time.

Based on our analysis, it’s not a question of if things break, but when.

We want the best for "X Company Name", whether that includes us or not. But staying on this path, with this dev team, on this system, is not viable.

"Company Name X" Audit Report – Strategic Analysis

Executive Summary

- Company Name X’s current web infrastructure and development practices are critically flawed. The website, dev workflow, and team output aren’t just underperforming — they’re actively draining resources and blocking scalability.

- What should be a clean, high-performing, easy-to-manage platform has become a tangled hybrid of static pages, plugin dependency, poorly structured dynamic content, and improvised fixes. A patchwork of duplicated efforts mixed with chaotic plugin usage makes content management confusing even for developers — let alone future partner users.

- This system is outdated and structurally unsound. Every new change makes the foundation shakier, and every delay increases risk. Continuing with this setup is not an option.

Observations – Current State of Affairs

The Site

• - Page Structure Chaos: Started with copy-pasted location pages, patched mid-way with a dynamic content plugin. Result = confusing mix, hard to maintain, impossible to scale.


• - Half-Smart, Fully Confusing: Some pages use reusable content, others still hardcoded. Backend = hybrid mess. Even internal staff would struggle.


• - Form Strategy: Original plan was dozens of separate forms. We replaced this with a single dynamic form — handles legal (Terms and Conditions), IP detection, auto-country select, GDPR consent display logic based on geolocation.


• - Plugin Overload: 25+ active plugins — double healthy limit. Many are bloatware, some unused, slowing down performance, updates, and opening security holes.


• - Custom Code, Poorly Done: Features jammed in with messy, unstructured code. Scripts dropped in random places. Zero documentation.


• - Mobile Responsiveness: No mobile testing done. Pages break or behave oddly on smaller screens.


• - Performance Bottlenecks: Despite having a speed plugin, basics aren’t optimized. Pages + backend load slowly, especially in regions with weak connections. SEO + UX suffer.

The Development Team

• - No Structure, No Strategy: No project management, no weekly planning, no defined responsibilities. Entirely reactive.


• - Jira = Sticky Note Wall: Jira used like a to-do list. Tickets are vague (“fix header”) with no detail or tracking.


• - No Testing, No Reviews: Changes go live with no review or QA. Problems found only after users encounter them.


• - No Documentation: Nothing written down. New hires would be lost. No guides, no architecture notes.


• - Weak Hosting Setup: No proper control panel, no evidence of backups, limited visibility. Break something → no fast recovery.


• - Low Technical Awareness: Devs confuse plugins with hosting, stall on simple requests, drag tasks for days. Even connecting a form to CRM became a roadblock.

⚠️ The Future If This Continues

• - Partner Access = Disaster: There’s a plan to let parners manage their own content. But the current backend is chaotic, complex, undocumented. Non-technical users will be overwhelmed or break things without realizing.


• - Innovation? Not Here: Interactive maps? Centralized control? Scalable features? Impossible with this foundation. Every new feature is like stacking weight onto a crumbling bridge — one patch away from collapse.


• - Progress? Developers deliver slowly, with no oversight and no measurable output. ROI is invisible. Fixes are half-baked.

⚠️ Before Proceeding

Before considering our following proposal, review the Technical Audit. It exposes in detail the real state of the site and workflow:

• - Code quality issues
• - Plugin abuse
• - Structural chaos
• - Every flaw blocking performance, workflow, and scalability

The Technical Audit provides the raw facts. Every decision that follows must be made with those facts in mind.

Web Runner Offer

The Full Rebuild

No patchwork. No clutter. We rebuild everything from scratch on a lean, scalable WordPress stack — clean Elementor layouts, custom-coded components, and plugins only where they matter.

• ✅ Centralized & Dynamic: One global template per type, one smart location-aware form, auto-adapting content. No duplication, no chaos.
• ✅ SEO-Optimized & Future-Proof: Clean permalinks, schema-ready architecture, fast loads, mobile-first built in.
• ✅ Clean Plugin Stack: From 25+ to a curated lightweight set. No bloat, no overlap, no performance killers.
• ✅ Infrastructure Built Like a Tank: AWS EC2 HA clusters, auto-healing, CloudWatch monitoring, redundancy everywhere.
• ✅ Custom External File Manager: Accessible via files.example.com — works even if the main site is down.
• ✅ Professional DevOps Pipeline: Dev → Staging → Production, rollback support, zero cowboy coding.

Project Management & Execution

• ✅ Agile Done Right: Weekly sprints, bi-weekly planning calls, transparent timelines, executive summary reports.
• ✅ Professional Jira Workflow: Real workflow → To Do → In Progress → Code Review → QA → UAT → Done. Tickets with detail, time tracking, acceptance criteria.
• ✅ Confluence Documentation: Dev guides, infra blueprints, specs, admin manuals. No tribal knowledge.
• ✅ Crystal Clear Progress: Real-time updates, logged time, stakeholder briefings weekly/bi-weekly.

QA & Testing Built-In

• ✅ Dedicated QA Cycles — manual + automated test cases
• ✅ Cross-browser + mobile responsiveness validation
• ✅ Regression testing every sprint
• ✅ QA reports — logged cases, bugs, resolutions

Not a Rebuild — A Revamp

This isn’t a remake. This is "Site Name X v2.0" — a reimagined, future-proof platform.

• ✅ Outdated pages/features restructured & reimagined
• ✅ Viable Jira backlog items implemented
• ✅ Interactive franchise map replaces clunky location list
• ✅ Enhanced UX, responsiveness, accessibility baked in
• ✅ Franchise backend prep: controlled, documented access

Backlog Integration: We triage Jira tasks, group them, scope them, and prioritize those with real business value.

Scalable Roadmap: Any new feature gets scoped, estimated, and slotted into timeline. No patchwork.

Long-Term Partnership Options

• ✅ Managed For You: Weekly backups, patches, performance tuning, ad-hoc requests, ongoing improvements.
• ✅ Train & Handoff: Full transition docs, admin onboarding, developer handbooks. Your team can run it solo.
• ✅ Multi-Site Hub (Optional): Migrate all brands/sites to one AWS hub, one dashboard, one backend.
• ✅ Synergized Web + QA + DevOps: One partner covering the entire stack.

Bottom Line: What you get is a remastered product — optimized, upgraded, and elevated in every way. Not just fixed. Reinvented.

Our Guarantee: Full Documentation, Even If You Walk Away

At Web Runner, we don’t lock clients into chaos. We build systems that can be understood, managed, and passed on if needed.

If for any reason — budget shifts, restructuring, scope changes, or even dissatisfaction — you choose to pause or stop the project, you won’t be left stranded.

What we guarantee:

• ✅ Full Documentation: Every step, every config, every credential. Clear. Accessible. Secure.
• ✅ Knowledge Transfer: Explained in human terms — what we did, why we did it, and how to extend it.
• ✅ Ready for Handoff: Internal team or new partner, our work transitions cleanly. No gatekeeping.
• ✅ Clean Exit Deliverables: Assets, instructions, step-by-step summary of progress vs. pending. No black boxes.

Your Decision

This document, alongside the Technical Audit, outlines not just the problems — but the full extent of risk, waste, and long-term failure in your current system.

We don’t patch rot. We don’t slap pretty UIs over broken systems. We rebuild, document, test, and future-proof — because anything less is a ticking time bomb.

Two paths forward:

• ✅ Move Forward with Web Runner: We rebuild "Site Name X" from the ground up under a new contract. Clean, scalable, maintainable. We align dev, infra, QA, and docs into one system. You get version 2.0, not a recycled patch job. No downtime during transition.


• 🛑 Or Not: If you choose not to, we terminate professionally, invoice for work done, and part ways. Any further time spent on the current site is wasted resources from your end.

⚠️ Continuing with the current system and team is not an option.
The risk is active. The waste is measurable. The degradation ongoing. We’re not here to scare you. We’re here to give you the truth. The decision is yours.