WordPress

Help with your WordPress site.

WordPress powers more than forty per cent of the web for good reason — flexible, extensible, and remarkably fast when built correctly. Most sites are not. We build them right from the start, and we fix the ones that were not.

Get a free SEO report See what we do
A long-haul platform, kept in good order · Custom Themes · Plugin Development · Migrations · Performance · GeneratePress · Yoast SEO · WPForms · GenerateBlocks
01 — What We Do

Six layers of WordPress
work, under one roof.

WordPress is the platform we work with most days of the week. We know its strengths, its quirks, and exactly where things go wrong when the basics are skipped. The work below covers the full life of a WordPress site — from a clean first build, through ongoing optimisation, to a careful migration when the time comes.

Need the dev-services angle? See our dedicated Web Design & Development service.

N° 01

New WordPress builds

Foundational

Every site we build starts with a clean, performance-first architecture. We use GeneratePress as the theme framework paired with GenerateBlocks V2 for layout — a combination that produces sites with minimal DOM complexity, fast load times, and zero dependency on bloated page builders. The result is a site that scores well on Core Web Vitals out of the box, rather than one that needs months of optimisation just to reach acceptable performance. Caching, image handling, structured data, and security baselines are configured during the build, not bolted on afterwards. We hand over a site that is ready to rank, not one that needs another agency to come and fix the foundation.

N° 02

Custom theme development

Design control

We develop custom child themes built on GeneratePress and GenerateBlocks V2 — a lightweight, block-based stack that gives full design control without the overhead of traditional page builders. Your site’s design is expressed in clean, semantic HTML and well-organised CSS rather than layers of shortcodes and nested wrapper divs. Theme work includes custom block patterns for repeating layouts, site-wide design tokens for consistent typography and colour, and responsive behaviour that holds up on every screen. When your content team needs to update a page, they work with intuitive block controls — not fragile builder interfaces that break when a plugin updates. Child-theme structure ensures your customisations survive parent-theme updates without manual intervention.

N° 03

Plugin audits

Diagnostic

Most WordPress performance and security problems trace back to plugins — too many of them, poorly coded ones, or abandoned ones that have not been touched in years. A plugin audit examines every active and inactive plugin against criteria that matter: code quality, update frequency, known vulnerabilities, performance impact, and whether the plugin is actually necessary or whether its function can be handled natively or by a lighter alternative. We measure the real-world cost of each plugin by testing page load with and without it, identifying the ones that add hundreds of milliseconds for minimal value. The deliverable is a written report with specific recommendations — keep, replace, remove, or consolidate — and we can execute the changes if you want us to handle the implementation.

N° 04

Performance optimisation

Speed & Vitals

Performance optimisation is not about installing a caching plugin and hoping for the best. It is a systematic process that addresses server-side response time, database query efficiency, asset loading strategy, image delivery, third-party script management, and frontend rendering. We configure proper server-level caching — FastCGI or Redis object caching depending on the hosting environment — clean transients and autoloaded options, lazy-load images and iframes, defer non-critical JavaScript, and eliminate render-blocking CSS. Every optimisation is measured with before-and-after Lighthouse scores and real-user metrics from Core Web Vitals. The goal is not a perfect synthetic score; it is a site that loads quickly for actual visitors on actual devices and network conditions.

N° 05

Security hardening

Layered defence

Security is not a single plugin — it is a layered approach to the most common attack vectors. We start with the fundamentals: keeping core, themes, and plugins updated; enforcing strong authentication with two-factor where possible; removing default admin usernames; restricting file permissions. Beyond the basics, we implement HTTP security headers, disable XML-RPC if it is not needed, restrict REST API exposure, configure CORS policies, set up automated malware scanning, and establish a backup regime that is tested for restore — not just for taking. We also review your hosting environment: server software versions, PHP version, SSL configuration, firewall rules. If your site has already been compromised, we handle malware removal, file-integrity restoration, and post-incident hardening to prevent recurrence.

N° 06

Migration to WordPress

From Wix · Squarespace · legacy CMS

Moving to WordPress from another platform — Wix, Squarespace, a legacy CMS, or a static HTML site — requires careful planning to preserve search equity and avoid broken links, missing content, and lost rankings. We handle the full process: content extraction and mapping, URL structure planning with proper 301 redirects from every old URL to its new equivalent, media migration with proper file naming, SEO metadata preservation, and post-migration verification. We monitor rankings closely for the first sixty days and address any drops immediately. A well-executed migration should leave search performance intact or better — never a ranking cliff.

02 — Common Problems We Fix

The four faults
that most sites carry.

These are the issues we see most often when a WordPress site comes to us for the first time. They are almost always fixable — and fixing them usually produces measurable improvement within weeks, not quarters. None of them require a full rebuild on their own.

i

Slow page speed

The single most common WordPress complaint. A site that takes four or five seconds to load is losing visitors before they read a word. The causes are usually a combination — an overloaded theme with excessive CSS and JavaScript, too many plugins each adding scripts to every page, unoptimised images served at full resolution regardless of screen, no server-level caching, and an underpowered hosting environment. We diagnose the specific bottlenecks, prioritise fixes by impact, and implement them in order. Most slow sites can be brought under two seconds without a rebuild.

ii

Plugin bloat

It begins innocently — one for forms, one for SEO, one for caching, a slider, social sharing, cookie consent. Before long the site has thirty or forty active plugins, many overlapping in function, some abandoned by their developers, a few loading assets on every page whether they are needed there or not. The solution is rarely “remove everything.” It is to audit each plugin critically — does it serve a current need, is it maintained, is it performant, could a lighter alternative or native WordPress functionality cover it — and act on the answer.

iii

Security vulnerabilities

WordPress core is well maintained — vulnerabilities tend to come from the ecosystem. Plugins with SQL injection flaws, themes with cross-site scripting issues, sites running PHP versions past end-of-life, admin accounts with weak passwords, hosting environments without server-level firewalls. When we encounter a compromised site, the first step is containment and cleanup. The second is hardening to prevent recurrence: identifying how the breach occurred, closing that vector, and implementing the layers of defence that should have been in place from the start.

iv

Broken after updates

Updates are essential — but they break things. A theme update overwrites custom CSS. A plugin update changes its API. A core update deprecates a function a plugin still relied on. The site goes white, the layout breaks, a critical form stops working. The root cause is almost always missing discipline: no staging environment to test updates, no compatibility check, customisations made directly to theme files instead of through child themes or hooks. We establish a proper workflow — staged updates, tested sequence, rollback plan — so that updates are applied safely and predictably.

03 — Who It’s For

Anyone whose site
has to last.

WordPress is rarely the right choice for a brochure that will be discarded in twelve months — but for any business that intends to stay online for years, it is one of the most durable choices available. The work looks different depending on where you are starting from.

Our WordPress clients typically arrive in one of a few shapes — and the engagement looks different in each.

  • i Businesses planning a new siteChoosing a platform for the next five to ten years. We scope the build, recommend hosting, and deliver a clean GeneratePress + GenerateBlocks foundation ready for content and search.
  • ii Owners of an inherited siteThe previous developer is gone, the theme is unfamiliar, and nothing has been updated in months. We audit, document, harden, and bring the site back to a maintainable baseline.
  • iii Sites trapped in a page builderElementor, Divi, or a heavy stack that produces unreadable markup and slow Core Web Vitals. We rebuild the layouts on GenerateBlocks V2 — same look, fraction of the weight.
  • iv Migrations from another platformWix, Squarespace, a legacy CMS, or static HTML. We map every old URL to its new home, preserve the metadata that drives rankings, and monitor traffic for sixty days post-launch.
  • v Sites that have been compromisedMalware, blacklisting, redirect injection, or an admin account quietly added by an attacker. We clean, restore, and harden — then put the maintenance discipline in place that should have been there from the start.

If you are weighing a rebuild against ongoing optimisation, we will tell you honestly which one your site needs. Most sites do not need a rebuild — they need attention. The few that do are usually obvious within a week of looking under the bonnet.

04 — A complimentary report

Curious how Google sees your WordPress site?

Send us your URL. We’ll send back a Premium SEO Report, prepared by hand, within 48 hours — domain authority, keyword rankings, backlinks, competitor gap, and the WordPress-specific quick wins worth chasing first. WordPress sites often have untapped SEO potential hidden behind technical issues. We’ll show you exactly where yours stands.

No sales call required.

WordPress rewards patience. Built thoughtfully and maintained quietly, the same site can carry a business for a decade — most never get the chance.
— The Aureole Practice —
05 — Frequently Asked

Everything we
get asked about WordPress.

If a question is missing here, the contact link at the foot of the page goes straight to the person who would answer it. No ticket queues, no funnels.

i Why GeneratePress and GenerateBlocks instead of Elementor or Divi?
Performance and maintainability. Page builders like Elementor and Divi produce complex, deeply nested HTML with large CSS and JavaScript payloads that slow page rendering. They also create vendor lock-in — if you ever want to switch away, your content is trapped in proprietary shortcodes and markup that does not transfer cleanly. GeneratePress is a lightweight theme framework that produces clean, semantic HTML. GenerateBlocks V2 is a block-based layout system that works inside the native WordPress block editor, producing minimal markup without shortcode dependency. The result is a site that loads faster, scores better on Core Web Vitals, is easier to maintain, and keeps your content in standard WordPress blocks that remain portable if you ever change themes. We chose this stack after evaluating the alternatives carefully, and the performance difference is measurable on every project.
ii Can you work on my existing site, or do I need a rebuild?
We work with existing sites regularly. Not every site needs a rebuild — many can be significantly improved through performance optimisation, security hardening, plugin cleanup, and SEO work without touching the underlying theme or layout. We assess the current state during the initial audit and make an honest recommendation. If the foundation is sound but neglected, we optimise it. If the foundation itself is the problem — an overweight theme, a page builder that cannot produce acceptable performance, or an architecture that works against your SEO goals — we will tell you directly and explain why a rebuild would produce a better return on your investment. We never recommend a rebuild when optimisation will achieve the same result.
iii How do you handle WordPress security?
Security is addressed at multiple layers. At the server level, we ensure your hosting environment runs a current PHP version with proper file permissions, HTTPS enforcement, and firewall rules. At the application level, we keep WordPress core, themes, and plugins updated on a regular schedule using a staging-first workflow to catch compatibility issues before they reach production. We enforce strong authentication, remove unnecessary user accounts, disable XML-RPC and REST API endpoints that are not in use, implement HTTP security headers, and configure automated malware scanning with alerting. Backups run on an automated schedule with off-site storage and are tested periodically to confirm they can be restored successfully. Security is not a feature you install — it is a discipline that requires ongoing attention, which is one reason we recommend our maintenance plans for WordPress sites.
iv What hosting do you recommend?
It depends on your needs, traffic level, and budget. For most business sites, a well-configured VPS with proper server-level caching provides the best balance of performance, control, and cost. We deploy and manage WordPress on VPS infrastructure using containerised setups that allow for isolated environments, automated backups, and straightforward scaling. For sites with simpler requirements or smaller budgets, managed WordPress hosting from reputable providers can work well, though you trade some control for convenience. We avoid recommending cheap shared hosting for business sites — the performance ceiling is too low and the shared environment introduces risks outside your control. We will assess your specific situation and recommend the hosting approach that matches your traffic, performance expectations, and budget.
v How long does a new WordPress site take to build?
A typical business website with five to fifteen pages, including content creation, SEO setup, and performance optimisation, takes four to eight weeks from kickoff to launch. More complex sites — those with custom functionality, e-commerce integration, multilingual support, or large content volumes — take longer, and we will provide a specific timeline after scoping the project. The timeline includes design and layout development, content creation or migration, technical SEO configuration, performance optimisation, security hardening, cross-browser and mobile testing, and a staged launch process. We do not rush builds to meet arbitrary deadlines at the expense of quality, and we do not pad timelines to manufacture the appearance of complexity. The estimate we give you is the one we plan to hit.
vi Do you offer ongoing maintenance?
Yes, through our Maintenance & Care Plans. WordPress requires ongoing attention — core updates, plugin updates, theme updates, security monitoring, backup verification, uptime monitoring, and periodic performance review. Our maintenance plans cover all of these on a regular schedule, with updates applied through a staging-first workflow so that nothing breaks on the live site without being caught first. Maintenance also includes a monthly allocation of development time for small changes, content updates, and minor feature additions. Most of the WordPress problems we see — security breaches, performance degradation, broken functionality — happen on sites that were not being actively maintained. Regular maintenance is the most cost-effective way to protect your investment in the site.
vii Can you migrate a site to WordPress without losing rankings?
It is one of our core competencies. A WordPress migration involves pre-migration URL mapping and content auditing, redirect planning (every old URL mapped to its new equivalent), technical configuration of the new site for search, post-launch monitoring to catch ranking drops or crawl issues immediately, and a recovery plan if anything slips. We have managed migrations from Wix, Squarespace, legacy CMS platforms, and bespoke static sites — and within WordPress, we have handled domain changes, HTTPS transitions, and major restructures. The key is planning. Most migration-related ranking losses happen because redirects were incomplete or the technical setup was not validated before launch. We treat migration as a project with its own dedicated checklist and timeline.
viii Do you support WooCommerce and bilingual sites?
Yes to both. WooCommerce is the natural extension of WordPress for transactional sites, and we treat it as a first-class platform — see our dedicated WooCommerce technology page. For bilingual and multilingual sites we work with Polylang as the default, integrated cleanly with our GeneratePress + GenerateBlocks stack. We have shipped production EN ↔ ZH sites with menu mirroring, slug parity, and search-engine-correct hreflang signals. Bilingual capability is a basic capability for us, not a niche claim — if your audience reads in two languages, the site should serve them properly in both.
06 — Connected Practice

Services that pair
well with WordPress.

WordPress is the foundation. The services below build on it to drive traffic, improve content, and keep everything running smoothly long after launch.

Related services

Web Design & Development SEO Maintenance & Care Plans IT Services Content & Copywriting AI Workflow & Automation

Related platforms & industries

WooCommerce Shopify Legal Services E-commerce Healthcare & Wellness Professional Services Local Service Businesses
The Invitation

Ready to get your
WordPress site right?

Whether you need a new build, a performance overhaul, a careful migration, or ongoing maintenance for an existing site — start with a conversation. You’ll hear back from the team that does the work, not a sales department.

Get in touch Or request a free SEO report
Mon–Fri · 9–6 PT support@aureoleintelligence.com Reply within 1 business day