Four free audit axes cover performance, security basics, SEO basics, and broken links. Three paid Pro axes go deeper on performance and security, and add the POPIA compliance scanner: data collection disclosure, cookie consent scope, third-party data handling, contact form requirements. The admin UI is built in Vue for a responsive feel without loading the full block editor. License enforcement is handled by a separate license server running PHP, SQLite, and HMAC-signed keys, decoupled from the plugin so it can serve multiple products.
Anti-piracy is layered. 23 scatter checks run via a watchdog canary across the plugin codebase. If a license check fails, degradation is staggered across 24, 48, and 72-hour grace periods before Pro features disable, reducing false positives from transient network issues without leaving the door open. Each licensed download is watermarked at build time via a script that bakes a buyer ID into the zip. Pro modules run through a custom obfuscator.
Version 0.1.0 is live on staging. License server is running on production infrastructure. WordPress plugin directory submission is underway. The POPIA scanner is the differentiator no comparable free plugin currently offers in the SA market.
Stack: PHP, Vue.js, SQLite, HMAC-signed license keys, custom build pipeline.