An ExpressionEngine audit is one of the most useful exercises a business with an EE site can commission, particularly if the site has been running for several years, has changed hands, or has not received consistent maintenance. What it reveals often surprises business owners, not because the problems are dramatic, but because they are systematic and have been accumulating quietly for some time.
The first thing a proper audit establishes is what version of ExpressionEngine the site is running and what the upgrade path looks like. Older versions of EE have known security vulnerabilities and compatibility issues with current PHP versions. Understanding where the site sits on the upgrade path, and what work is required to move it forward, is foundational to everything else.
Most ExpressionEngine sites depend on addons for significant functionality. An audit should catalogue every addon installed, confirm whether each one is actively maintained, check for known issues, and identify any that have been abandoned or are incompatible with current EE or PHP versions. This part of the audit frequently surfaces addons that have been quietly unsupported for years, or that are holding the site back from upgrading.
The audit should include the server environment: the current PHP version, whether the server supports the version of EE installed, and what impact a server-side change such as a PHP upgrade applied automatically by the hosting provider would have on the site. PHP compatibility is one of the most common sources of unexpected problems on EE sites that have not been actively maintained.
A code review of the EE templates and any custom code identifies areas that create performance problems, security risks, or unnecessary maintenance overhead. This is not about finding fault with the original build. It is about understanding the current state of the site and identifying what is creating friction or risk going forward.
The most common findings are: an EE installation several versions behind current, two or three addons that are no longer actively maintained, a PHP version that is either out of support or close to it, and a small number of template issues causing unnecessary load or presenting security exposure. None of these are catastrophic in isolation. Together, they paint a picture of a site that is carrying more risk than its owner realises.
Most business owners have no idea what state their ExpressionEngine site is in. They know it’s working, they can add content, and the contact form still sends emails. Beyond that, it’s a black box. Problems can accumulate quietly over a long period before they become visible.
This is a distinction that matters more than most business owners realise. The site is working. Pages load, content can be updated, forms submit. From the outside, everything looks fine. But working and maintained are two very different things, and the gap between them has a cost that compounds over time.
Most clients come to us when their site has started to feel like a risk rather than an asset. Whether the agency relationship has ended, an upgrade has been delayed, or the site has simply grown beyond what it can handle, a conversation costs nothing.
Get in touch with KarlTrusted by established businesses and growing brands across the UK
Expression 37 works with a small number of clients at any one time. These are some of them.
Karl founded Expression 37 in 2007 and has worked exclusively with ExpressionEngine and Craft CMS ever since. He does not take on work in other platforms and does not hand work to other developers. Expression 37 is deliberately small, because the kind of support that matters to clients with business-critical sites is specific to their site, not something that scales in the conventional sense. If you work with Expression 37, you work with Karl.
Find out how we workThornfields has relied on Expression 37 for our ExpressionEngine website for a number of years now, and the level of service has consistently been excellent. The site is central to how we promote our training programmes, so reliability matters a great deal to us. Any issues are dealt with quickly, updates are handled without disruption, and Karl takes the time to understand what we actually need rather than just applying a generic fix. We would not hesitate to recommend Expression 37 to any organisation that needs a genuine specialist looking after their site.
Chris Ibbetson, Head of Training
Thornfields Primary Care Training