An ExpressionEngine audit is one of the most useful exercises a business with an EE site can commission, particularly if the site has been running for several years, has changed hands, or has not received consistent maintenance. What it reveals often surprises business owners, not because the problems are dramatic, but because they are systematic and have been accumulating quietly for some time.
The first thing a proper audit establishes is what version of ExpressionEngine the site is running and what the upgrade path looks like. Older versions of EE have known security vulnerabilities and compatibility issues with current PHP versions. Understanding where the site sits on the upgrade path, and what work is required to move it forward, is foundational to everything else.
Most ExpressionEngine sites depend on addons for significant functionality. An audit should catalogue every addon installed, confirm whether each one is actively maintained, check for known issues, and identify any that have been abandoned or are incompatible with current EE or PHP versions. This part of the audit frequently surfaces addons that have been quietly unsupported for years, or that are holding the site back from upgrading.
The audit should include the server environment: the current PHP version, whether the server supports the version of EE installed, and what impact a server-side change such as a PHP upgrade applied automatically by the hosting provider would have on the site. PHP compatibility is one of the most common sources of unexpected problems on EE sites that have not been actively maintained.
A code review of the EE templates and any custom code identifies areas that create performance problems, security risks, or unnecessary maintenance overhead. This is not about finding fault with the original build. It is about understanding the current state of the site and identifying what is creating friction or risk going forward.
The most common findings are: an EE installation several versions behind current, two or three addons that are no longer actively maintained, a PHP version that is either out of support or close to it, and a small number of template issues causing unnecessary load or presenting security exposure. None of these are catastrophic in isolation. Together, they paint a picture of a site that is carrying more risk than its owner realises.
Most business owners have no idea what state their ExpressionEngine site is in. They know it’s working, they can add content, and the contact form still sends emails. Beyond that, it’s a black box. Problems can accumulate quietly over a long period before they become visible.
This is a distinction that matters more than most business owners realise. The site is working. Pages load, content can be updated, forms submit. From the outside, everything looks fine. But working and maintained are two very different things, and the gap between them has a cost that compounds over time.
Most clients come to us when their site has started to feel like a risk rather than an asset. Whether the agency relationship has ended, an upgrade has been delayed, or the site has simply grown beyond what it can handle, a conversation costs nothing.
Get in touch with KarlTrusted by established businesses and growing brands across the UK
Expression 37 works with a small number of clients at any one time. These are some of them.
Karl is the founder of Expression 37 Ltd and has been working exclusively with ExpressionEngine and Craft CMS since 2007. In eighteen years he has supported more than 80 clients across the UK, from long-term retainer arrangements to emergency rescues when something has gone wrong at the worst possible moment. Every piece of work is handled personally by Karl, with no account managers or junior developers between you and the person doing it.
Find out how we workOur ExpressionEngine site had been neglected for a while and we were aware it needed a proper upgrade, but we were nervous about the disruption that might cause. Expression 37 carried out a thorough assessment first and gave us a clear picture of what was involved before any work began. The upgrade was handled with no downtime and the site has been running much more reliably ever since. We now have ongoing support in place and the peace of mind that any issues will be dealt with quickly by someone who genuinely understands the system.
Sarah Connolly - Head of Operations
Propel London