Total Secure IT Solutions Website Audit
Total Secure IT Solutions is a managed IT services company providing expert IT support, database and server management, and ECM services to businesses in Africa and the UAE. The audit covered the full site plus three service pages and Google Search Console data.
The most serious finding: xmlrpc.php was publicly accessible and being actively targeted. GSC showed 4,445 bot-generated 404 URLs on a site with just 6 real pages, 121 server errors, and 171 spam comments in moderation. On top of that, the page cache on the Expert IT Support page was confirmed to be from July 2024 - visitors had been seeing a two-year-old version of the site.
Bot-generated 404 URLs in GSC
Spam comments in moderation
Mobile PageSpeed score
Project Overview
Services provided
- Website Audit
- Security Review
- Technical SEO Review
- Content & Conversion Analysis
- Google Search Console Audit
What Was Holding the Site Back
Total Secure IT Solutions sells IT security services - which makes the state of their own site particularly important. The audit found several problems that would be visible to any technically minded potential client who looked closely.
The most urgent issue was the open xmlrpc.php endpoint. It was advertised in every page's HTML source, and bots were already using it - 171 spam comments in moderation and 4,445 junk URLs in GSC confirmed active bot traffic. This was draining crawl budget and creating server load.
The page cache situation was also a clear problem. The Expert IT Support page was serving a cached version from July 25, 2024. Any content updates made in the last two years had not reached visitors or Google.
On the content side, there was no social proof anywhere on the site - no client quotes, no logos, no case studies. For a company asking businesses to trust them with managed IT, that gap makes conversion harder at every stage.
Key Issues Found
- xmlrpc.php open and under active bot attack
- 4,445 bot-generated 404 URLs logged in Google Search Console
- 171 spam comments in moderation
- 121 server errors (5xx) in GSC
- No social proof - no testimonials, logos, or case studies
- No Schema.org markup on any page
- Page cache from July 2024 - visitors seeing a 2-year-old site
- "Get a Quote" CTA hidden on mobile
- No meta descriptions on any of the 6 pages
- 20+ images missing alt text across the site
What the Audit Covered
The audit covered the full site, three service pages, Google Search Console data, page source, and performance metrics.
Security Review
We checked for exposed attack surfaces, active bot activity, and security headers. Found xmlrpc.php open and advertised in page source, missing HTTP security headers, exposed WordPress version, and no brute-force protection on the login page.
GSC & Crawl Analysis
We reviewed Google Search Console data for crawl errors, indexing issues, and server errors. Found 4,445 bot-generated 404 URLs, 121 server errors, 1,114 crawled but not indexed pages, and confirmed that the site's real pages were losing crawl budget to junk traffic.
Technical & Performance
We reviewed page speed, cache configuration, heading structure, image alt texts, meta tags, and page source. Found render-blocking scripts, 17+ CSS files loading before content, stale cache from 2024, and the main CTA invisible on mobile.
Content & Conversion
We reviewed content depth, social proof, conversion paths, and trust signals. Every service page was thin, no client evidence existed anywhere on the site, and both CTAs led to the same action with no lower-commitment option for visitors earlier in the buying process.
The Audit Findings
Audit overview - Total Secure IT Solutions, May 2026
Issues were sorted by priority across security, technical, content, and conversion categories. Critical fixes were identified and documented with step-by-step implementation instructions.
Web Audits has delivered quality work, resulting in positive feedback from all departments. The team has provided excellent service and communicated effectively through virtual meetings, emails, and messaging apps. Their timely delivery of tasks is commendable.
Key Findings from the Audit
The main issues found across security, crawl health, technical performance, and content.
The <link rel="EditURI"> tag in every page's <head> was pointing directly to xmlrpc.php. This tells bots exactly where to send brute-force login attempts - xmlrpc.php accepts thousands of username and password combinations in a single HTTP request. The 171 spam comments in moderation and the 4,445 junk URLs in GSC are both consistent with active bot traffic through this endpoint. Blocking it in .htaccess and removing the EditURI link from wp_head are the two immediate fixes.
Google Search Console showed 4,445 broken URLs on a site with only 6 real pages. The pattern was clear: numeric IDs combined with random product names like camera lenses and car parts - none of which have anything to do with the site. External bots were scanning the domain using random paths and GSC logged every attempt. The result is that Google's crawler was spending its budget on junk instead of the six pages that actually matter.
The HTML source of /expert-it-support/ contained a comment confirming the cache was built on 25 July 2024. Any content changes made since then had not reached visitors or Google. The WP version shown in the meta generator on that page (6.5.5) differed from the version on other pages (6.5.8), which confirmed the cache was built during an older WordPress install. Clearing the cache and setting auto-rebuild to every 24-48 hours was the recommended fix.
There are no testimonials, no client logos, no case studies, and no reviews anywhere on the site. IT managed services involve a significant trust decision - businesses are handing over control of infrastructure to an external provider. Without any client evidence, the site asks visitors to make that decision based on marketing copy alone, which increases bounce rate at the consideration stage.
No JSON-LD structured data was found on any page. That means no Organization schema on the homepage, no Service schema on the service pages, and no BreadcrumbList on inner pages. This affects both rich snippet eligibility in Google search and how AI systems understand and describe the business.
No Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, HSTS, or Referrer-Policy headers were detected. For most sites this is a medium-priority issue, but for a company selling IT security services it is a credibility problem. Any technically informed potential client can check headers at securityheaders.com in seconds. An F grade there contradicts the service offering before a conversation even starts.
The main call-to-action button had the Elementor class elementor-hidden-phone, which removes it from mobile view entirely. With most visitors in Africa browsing on mobile, the primary conversion action was invisible to the majority of the site's audience.
All six pages - homepage, three service pages, about, and contact - were missing meta descriptions. When Google writes its own snippet it tends to pull from whatever text appears first on the page, which often misses the keyword and value statement. All six pages had specific descriptions suggested in the audit with target character counts.
Every image across the site had alt="". That affects SEO, accessibility, and how AI crawlers interpret visual content on the page. The audit listed all 23 affected filenames, several of which were also non-descriptive generic names like 1.jpg, 2.jpg, and 3-2.jpg.
The homepage had 215 words and every service page used one or two sentence blocks per service with no SLA details, no technology specifics, and no real examples. The content management page also had an incomplete sentence - "…to minimise downtime and" - that ended mid-phrase, and the IT support page had a duplicate list item and two sentences that trailed off without finishing.
From the Audit Report
Real screenshots from the audit delivered to the client - issues identified, documented, and ranked by priority.
Services Used in This Project
AI Visibility Audit
Assessment of how AI search engines - Google AI Overview, ChatGPT, Perplexity, Claude - perceive, describe, and recommend your product. Covers content clarity, structured data, authority signals, and E-E-A-T.
SEO Audit
On-page analysis covering meta tags, heading structure, keyword usage, content uniqueness, internal linking, and schema markup opportunities.
Website Audit
Full-site review covering UX, conversion flow, content structure, and technical health - with prioritised fixes and implementation support.
See What Limits Your AI Visibility
Every day your brand is invisible in AI search, a competitor takes that click. Start with a free check - find out where you're losing.
- No Credit Card Required
- Free 15-Point Check
- Results in 60 Seconds

AI/LLM Visibility audit
Ecommerce audit