Executive Summary
Workstream 1 (WS1) — Security Hardening & Site Optimization — is complete, delivered April 9, one day ahead of the April 10 deadline. This phase focused on making sperrytreecare.com more secure, faster, and properly connected to your marketing and analytics tools.
In plain terms: we cleaned up your website, locked it down against common threats, made it load faster for visitors, and connected the tools that let you measure whether your advertising is working. Your website is now a stronger foundation for the marketing campaigns ahead.
What was accomplished:
- Removed 6 unused software plugins that were slowing down the site with no benefit
- Enabled automatic security updates on all 19 remaining plugins — no more manual maintenance
- Shut down the website comment system, which was being targeted by spammers
- Installed and activated enterprise-grade security software (Wordfence Premium) with live, real-time threat monitoring
- Set up page speed caching — technology that makes your site load faster for every visitor
- Connected Google Analytics 4 (GA4) to both your website and your Jobber online estimate forms, so you can see exactly how many people are visiting and requesting estimates
- Activated Meta Pixel (Facebook/Instagram ad tracking) across your entire site, enabling accurate conversion tracking for paid ad campaigns
What's still open: Two minor items remain — both require a quick action from your hosting provider's server team, not from you. Details are in the Open Action Items section below.
Next up: Workstream 4 (WS4) — Email Automation & Club Nurture Campaigns, due April 27.
Work Completed
Plugins
Removed 6 Unused Plugins
What this means for you
Every piece of software running on your website — even if you're not actively using it — adds weight that slows the site down and creates potential security vulnerabilities. We identified six plugins with zero active use through a full widget scan of your key pages and removed them, making your site leaner, faster, and more secure.
IT details: Removed ElementsKit, Royal Addons, Happy Addons, UAE Addons, Unlimited Elements (zero widget usage confirmed via DOM scan across 7 pages), and WPForms Lite (redundant with existing Ninja Forms installation).
Plugins
Automatic Updates Enabled — All 19 Plugins
What this means for you
Software companies regularly release updates that fix security holes and bugs. Without automatic updates, these fixes sit waiting until someone manually applies them — a window that hackers exploit. We turned on automatic updates for every plugin on your site so security patches apply themselves the moment they're released.
IT details: WordPress auto-update flag set to true for all 19 active plugins via the plugin management screen. Covers major, minor, and patch-level updates.
Spam & Security
Comment System Disabled Site-Wide
What this means for you
WordPress websites have a built-in comment system that most business sites don't need — and spammers know it's often left unguarded. Your site had 30 spam comments sitting in moderation. We permanently disabled the comment system across all pages and deleted the spam backlog, eliminating this attack surface entirely.
IT details: Deployed "Completely Disable Comments" snippet via WPCode (PHP snippet, runs on init hook). Removes comment fields from all post types, disables XML-RPC comment submission, and returns 403 on direct comment POST requests. 30 pending spam entries bulk-deleted from wp_comments.
Automation
Webhook Audit & Conflict Resolution
What this means for you
Your site uses automated workflows that send form submission data to other systems when a visitor fills out a form. A webhook is essentially an automatic notification — like a text message your website sends to another software tool the moment something happens. We audited all active webhooks for conflicts and cleaned up a stale entry that was no longer needed.
IT details: Audited WP Webhooks plugin and WPCode-based webhook triggers for Contact Form 7 (CF7). Confirmed no duplication — WP Webhooks fires to Zapier endpoint A (club signup); WPCode snippet fires to Zapier endpoint B (Home Show form). Different endpoints, different forms. Deleted one disabled/stale WP Webhooks entry.
Performance
Page Speed Caching Installed & Configured
What this means for you
Website caching works like keeping a ready-made copy of your menu at the front desk instead of printing a fresh one for every customer — your site responds instantly to visitors rather than rebuilding every page from scratch each time. Faster sites rank higher in Google search results and convert more visitors into leads. We installed caching software, confirmed your server type, and configured the rules. Browser caching (which tells visitors' browsers to store your site files locally) and code compression are live now. Full disk caching activates once your hosting provider's server team restarts their web server software — see Open Action Items below.
IT details: Confirmed server stack as Nginx. Installed W3 Total Cache (W3TC) with auto-updates enabled. Nginx rewrite rules written to nginx.conf for Disk Enhanced page cache mode. Browser cache headers configured. JavaScript (JS) and Cascading Style Sheet (CSS) minification active. Awaiting nginx reload by hosting provider for disk cache activation.
Plugin Audit
Elementor Add-On Widget Scan
What this means for you
Your site was running five different add-on software packages for the page builder tool (Elementor) used to design your pages. Each add-on adds load time and complexity. We scanned every key page on your site to find out which add-on features were actually being used — and found that only one package had any real usage. The other four were removed without affecting anything visible on your site.
IT details: Scanned 7 pages (Home, About, Club, Services, Contact, Home Show, Blog) for Elementor add-on widget signatures via DOM inspection. Essential Addons confirmed active: CF7 widget on Club and Home Show pages, creative button widget on Home page. ElementsKit, Royal Addons, Happy Addons, UAE Addons, and Unlimited Elements: zero widget instances found. All five removed.
Analytics
Google Analytics 4 Connected to Jobber
What this means for you
Google Analytics 4 (GA4) is the tool that tracks who visits your website, where they come from, and what they do. Your main website was already connected. We extended that connection to your Jobber estimate request forms — so now you can see exactly how many people visit your estimate page, how many complete the form, and where those visitors came from (Google search, Facebook ad, etc.).
IT details: GA4 Measurement ID G-3XMLK5G96X added to Jobber → Settings → Requests & Bookings → Online Booking Settings. Fires page_view event on all Jobber-hosted booking form pages. Cross-domain tracking not required as Jobber forms use a Jobber subdomain with GA4 natively.
Advertising
Meta Pixel Deployed Site-Wide
What this means for you
Meta Pixel is a small piece of tracking code that connects your website to your Facebook and Instagram advertising account. When it's installed, Facebook can tell you which website visitors later saw or clicked your ads — and more importantly, which ad campaigns are actually generating leads and phone calls. Without it, you're spending ad money blind. We deployed the pixel across every page of your site, including any sign-up forms embedded on your pages.
IT details: Pixel ID 913622498288019 deployed as a site-wide <head> snippet via WPCode Lite. Fires PageView event on all WordPress (WP) page loads, including pages with Kit inline form embeds. Verified active via Meta Pixel Helper browser extension April 9, 2026.
Security
Wordfence Premium Security — Activated
What this means for you
Wordfence is enterprise-grade security software for WordPress that acts like a firewall and security guard for your website — blocking malicious traffic, scanning for malware, and alerting you to threats. The free version of Wordfence receives threat updates 30 days after they're discovered. Premium receives them in real time, meaning your site is protected against new attack types as soon as they emerge, not a month later. We upgraded to Premium, ran a full security scan, and confirmed zero threats. The result queue is clean.
IT details: Wordfence Premium license activated April 9, 2026. Scan type upgraded to High Sensitivity. Malware signature database set to real-time updates (vs. 30-day lag on free tier). Full scan completed: 37,567 files, 29 plugins, 9 themes, 49 posts scanned. Results: 0 findings. One stale finding (abandoned PHP Compatibility Checker plugin — files confirmed absent from disk at /wp-content/plugins/php-compatibility-checker/) marked as fixed. One Low-severity skipped path (/var/www/html/.tmb) set to Ignored.
Tracking & Analytics — Live as of April 9, 2026
All tracking is live. Both Google Analytics 4 (GA4) and Meta Pixel are active across sperrytreecare.com and your Jobber estimate forms. Any sign-up forms embedded on your WordPress pages are automatically covered by both tools.
Live
Google Analytics 4 (GA4) — sperrytreecare.com
What it does
Tracks all visitor activity on your website — pages viewed, time on site, traffic sources, and form interactions. Was already active on your main site before WS1.
G-3XMLK5G96X
Live
Google Analytics 4 (GA4) — Jobber Estimate Forms
What it does
Tracks visitors who reach your Jobber estimate request form — including how many complete it. Added during WS1 so you can now measure online lead generation end-to-end.
G-3XMLK5G96X
Live
Meta Pixel — sperrytreecare.com
What it does
Connects your website to your Facebook/Instagram ad account so you can see which campaigns drive real website visits and leads. Fires on every page, including embedded sign-up forms.
913622498288019
Retainer
Meta Pixel Lead Event — Jobber
What it does
Will fire a "Lead" conversion signal to Facebook each time someone submits a Jobber estimate request — letting your ad campaigns optimize toward people who actually become leads, not just website visitors. Scoped into WS4 automation setup as a retainer deliverable.
Current Plugin Inventory
19 plugins active, all on automatic updates. Down from 25 at WS1 start. Each plugin below serves a specific, documented purpose. Plugins are the software add-ons that extend what your WordPress website can do — think of them like apps on your phone.
| Plugin | What It Does (Plain Language) | Auto-Update |
|---|---|---|
| Elementor / Elementor Pro | The visual design tool used to build and edit every page on your site — like a drag-and-drop layout editor | On |
| Essential Addons for Elementor | Provides the specific form display and button design features used on your Club signup and Home Show pages | On |
| Contact Form 7 (CF7) | Powers your Club signup and Home Show contact forms — the forms visitors fill out to join or request info | On |
| Flamingo | Saves a copy of every form submission to your WordPress dashboard, so you have a backup record even if email delivery fails | On |
| CF7 Redirection | Sends visitors to a specific "thank you" page after they submit a form — used to trigger conversion tracking and confirm their submission | On |
| Ninja Forms | A secondary form builder used for additional contact forms on the site | On |
| WP Webhooks | Automatically sends new Club signup data to your external marketing automation tools (via Zapier) the moment someone submits the form | On |
| WPCode Lite | A code manager that safely runs custom scripts on your site — currently handling comment blocking, Meta Pixel, the Home Show form webhook, and form validation | On |
| Wordfence Security (Premium) | Your site's security system — blocks malicious traffic, scans for malware, and monitors for threats in real time with Premium-tier threat definitions | On |
| UpdraftPlus | Automatically backs up your entire website on a schedule, so you can restore it quickly if something ever goes wrong | On |
| W3 Total Cache (W3TC) | Makes your website load faster for every visitor by storing pre-built page versions rather than rebuilding pages from scratch on each visit — also improves Google search rankings | On |
| Yoast Search Engine Optimization (SEO) | Helps each page on your site rank better in Google by managing page titles, descriptions, and technical SEO settings | On |
| WP Show Posts | Displays blog posts and content listings on pages throughout the site | On |
| Custom CSS & JS | Allows custom design tweaks and scripts to be applied to the site without modifying core theme files | On |
| Redirection for Contact Form 7 | Works alongside CF7 Redirection to manage form-based page redirects | On |
| Akismet Anti-Spam | Filters spam from any remaining form submissions, acting as a secondary defense layer alongside the disabled comment system | On |
| Additional active plugins | Core WordPress functionality and system utilities | On |
Open Action Items
Two items remain — both require your hosting provider's server team. Neither requires action from you or your staff directly. We recommend submitting a support ticket to your host for item 1.
-
Restart Web Server Software — Activate Full Page Caching Server Manager RequiredWe've configured your site for disk-based page caching — the most significant speed improvement — but the final step requires your hosting provider's server team to restart the Nginx web server software to load the new configuration. Browser caching and code compression are already live and benefiting visitors now.Action: Submit a support ticket to your hosting provider. Ask them to reload Nginx to activate the W3 Total Cache disk cache configuration. Reference: "W3TC Disk Enhanced nginx cache configuration written to nginx.conf — requesting nginx reload."
-
UpdraftPlus — Delete Old Restore FoldersA minor cleanup prompt is visible in your backup plugin (UpdraftPlus) from a recent restore operation. Completing this frees up disk space on your server. This is non-urgent and has no impact on your active backups running normally.Action: Log into WordPress → UpdraftPlus → click "Delete old folders." Takes about 30 seconds.
Next Step — Caching Configuration
Recommended W3 Total Cache Settings for Nginx
W3 Total Cache is installed and running with default settings. For best results once the server team restarts Nginx: go to Performance → General Settings in your WordPress dashboard and enable Page Cache (method: Disk Enhanced), Minify (Auto mode), and Browser Cache. Skip the Content Delivery Network (CDN) setting for now — Cloudflare can be layered in as part of the Phase Zero new site design sprint.
After configuring, test performance using GTmetrix or Google PageSpeed Insights. Expect meaningful improvements in how fast your pages load once the server manager activates the full disk caching configuration.