VDL Site Leak Scanner - 404 & Broken Link Checker

VDL Site Leak Scanner is a 404, broken link, redirect, orphan page, and safe diagnostic signal scanner for WordPress. It scans URLs from your sitemap and internal crawl data, then shows practical findings that can waste crawl budget, slow visitors, leak SEO value, leave important pages hard to find, hurt WooCommerce checkout paths, or justify a closer security/reliability review. Use it before migrations, redesigns, SEO retainers, content cleanups, WooCommerce site reviews, or routine site audits. What it finds

• 404 pages (missing URLs)
• Broken links and dead URLs that need redirects or cleanup
• Redirect chains (multi-hop redirects)
• Orphaned URLs (in sitemap but not discoverable through internal links)
• Timeout and server-error signals returned by the scan service
• Revenue-critical URL signals for common WooCommerce paths such as cart, checkout, account, order-pay, order-received, and payment-related endpoints
• Safe WordPress security/reliability signals such as missing common security headers, XML-RPC reachability, common exposed-file paths, and plugin/theme update counts

Why it is different Many broken-link tools focus only on links found inside posts. VDL Site Leak Scanner is built for audit-style cleanup: it compares sitemap URLs with crawl discovery, flags redirect hops, highlights revenue-critical URL and safe security/reliability signals, and gives exports you can hand to a developer, SEO, or site owner. WooCommerce-aware review signals When WooCommerce and the WooCommerce Stripe Gateway plugin appear active, the plugin can show a contextual review card if scan findings touch checkout, cart, account, order payment, order received, or payment-related endpoints. This is diagnostic evidence only. It does not confirm a payment issue or duplicate charge. WordPress security + reliability signals The plugin can include safe, passive checks for common security/reliability signals such as response security headers, XML-RPC reachability, REST API reachability notes, common exposed-file paths, and plugin/theme update counts. These checks do not attempt exploitation and are not a full penetration test, compliance audit, or vulnerability guarantee. What you get

• One-click scan workflow in wp-admin
• Clear issue labels: broken URLs, redirect chains, orphan pages, timeouts, and server errors
• Suggested next action for each issue
• CSV export after a completed scan
• Optional escalation/review pack export with scan rows, plugin versions, WooCommerce/Stripe Gateway status, revenue-critical flagged findings, and safe security/reliability signals
• Optional single-URL test for quick checks
• Service-backed scan execution for consistent results

Best first use Run a scan before migrations, redesigns, SEO audits, WooCommerce checks, or content cleanups. Start with broken links, 404s, redirect chains, and orphan sitemap pages, then review WooCommerce checkout-path and safe security/reliability signals when they appear. Search visibility companion Need to check noindex, canonical, sitemap coverage, and search visibility signals too? Use VDL Search Visibility Scanner alongside VDL Site Leak Scanner for a fuller WordPress discovery audit. Optional cleanup help The plugin is free to install and run. If you prefer a manual review, VaultDevLabs can review scan results and prepare a plain-English Site Rescue Review separately. If WooCommerce and Stripe-related signals are present, VaultDevLabs can also review whether the findings justify a closer Payment Rescue Review. Review handoffs open only when you choose them from the plugin results screen and may pass summary counts and your site URL to https://www.vaultdevlabs.com/site-rescue-review or https://www.vaultdevlabs.com/payment-rescue-review.

1.1.27

• Updated WordPress.org positioning around 404s, broken links, redirect chains, orphan sitemap pages, and WooCommerce checkout-path issues.
• Renamed the public plugin title to "VDL Site Leak Scanner - 404 & Broken Link Checker" while keeping the existing slug and text domain.
• Added clearer first-use guidance for migrations, redesigns, SEO audits, WooCommerce checks, and content cleanups.

1.1.26

• Added safe WordPress security and reliability signals for common headers, XML-RPC reachability, common exposed-file paths, REST API notes, and update counts.
• Added Site Rescue Review positioning and review-pack context for broader WordPress security/reliability findings.
• Changed results to show one contextual review panel: Payment Rescue Review for Woo/Stripe revenue-critical signals, Site Rescue Review for broader site/security signals.

1.1.24

• Updated contextual review handoff links to the dedicated VaultDevLabs Payment Rescue Review page.
• Passed plugin source context and finding counts into the review handoff while keeping the scanner read-only and diagnostic.

1.1.23

• Improved wp-admin UI polish with product artwork, dashboard-style scan metrics, clearer status labels, and a stronger empty state.
• Kept scan logic, external service behavior, and diagnostic claims unchanged.

1.1.22

• Added WooCommerce-aware revenue-critical URL tagging for checkout, cart, account, order-pay, order-received, and payment-related endpoints.
• Added passive WooCommerce and WooCommerce Stripe Gateway plugin detection.
• Added contextual Woo + Stripe diagnostic CTAs only when relevant scan findings and active Woo/Stripe context are present.
• Added escalation/review pack export with plugin status, scan findings, and a cautious manual-review brief.
• Tightened diagnostic wording to avoid confirmed payment issue or overclaiming.

1.1.21

• Added a WP.org-safe human review handoff from scan results to VaultDevLabs.
• Kept the free scan, CSV export, filters, and actionable results available in the plugin.

1.1.20

• Repositioned plugin copy around broken links, redirect chains, orphan pages, and audit-style cleanup.
• Added clearer wp-admin guidance for scan outcomes and optional cleanup reporting.
• Kept external service disclosure and free scan workflow unchanged.

1.1.19

• Auto-issues a free service key on first scan when missing, then starts remote scan in the same request.
• Removed manual service-key status/email action buttons from wp-admin and detached related route wiring.
• Removed local cap fallback logic; cap messaging now appears only when cap data is returned by the scan service.

1.1.18

• Restored text domain to vdl-site-leak-scanner to match current slug.
• Renamed main plugin file to vdl-site-leak-scanner.php.
• Standardized localized JS globals and prefixed self-test transient key.

1.1.17

• Updated text-domain usage to match current reserved slug checks.
• Added prefixed API base constant with backward compatibility alias.
• Plugin Check compatibility pass for i18n domain mismatch warnings.

1.1.16

• Added Recover Service Key flow in Connect Service.
• Added neutral recovery messaging and improved service-key recovery UX.
• Version and packaging refresh for cache-safe rollout.

1.1.15

• Added Get Free Service Key flow for self-serve setup.
• Switched scan workflow to remote service execution path.
• Removed legacy local gating from plugin UX.

1.1.14

• Updated Tested up to metadata to WordPress 7.0.

1.1.13

• Release metadata and packaging consistency updates.
• GitHub release workflow adjusted for WP.org-ready ZIP output.

1.1.12

• WordPress.org compliance metadata improvements.

1.1.11

• Security and sanitization hardening across admin handlers.
• Plan label display improvements in license summary.
• External service disclosure clarity for review.

1.1.10

• Version metadata alignment.
• External services disclosure added for directory review.
• Removed background admin-side license prefetch hook.

1.0.4

• Improved service key verification messaging.

1.0.0

• Initial release with sitemap scanning, issue detection, and CSV export.