Description

VDL Site Leak Scanner is a 404, broken link, redirect, orphan page, and safe diagnostic signal scanner for WordPress. It scans URLs from your sitemap and internal crawl data, then shows practical findings that can waste crawl budget, slow visitors, leak SEO value, leave important pages hard to find, hurt WooCommerce checkout paths, or justify a closer security/reliability review.

Use it before migrations, redesigns, SEO retainers, content cleanups, WooCommerce site reviews, or routine site audits.

What it finds

404 pages (missing URLs)
Broken links and dead URLs that need redirects or cleanup
Redirect chains (multi-hop redirects)
Orphaned URLs (in sitemap but not discoverable through internal links)
Timeout and server-error signals returned by the scan service
Revenue-critical URL signals for common WooCommerce paths such as cart, checkout, account, order-pay, order-received, and payment-related endpoints
Safe WordPress security/reliability signals such as missing common security headers, XML-RPC reachability, common exposed-file paths, and plugin/theme update counts

Why it is different

Many broken-link tools focus only on links found inside posts. VDL Site Leak Scanner is built for audit-style cleanup: it compares sitemap URLs with crawl discovery, flags redirect hops, highlights revenue-critical URL and safe security/reliability signals, and gives exports you can hand to a developer, SEO, or site owner.

WooCommerce-aware review signals

When WooCommerce and the WooCommerce Stripe Gateway plugin appear active, the plugin can show a contextual review card if scan findings touch checkout, cart, account, order payment, order received, or payment-related endpoints. This is diagnostic evidence only. It does not confirm a payment issue or duplicate charge.

WordPress security + reliability signals

The plugin can include safe, passive checks for common security/reliability signals such as response security headers, XML-RPC reachability, REST API reachability notes, common exposed-file paths, and plugin/theme update counts. These checks do not attempt exploitation and are not a full penetration test, compliance audit, or vulnerability guarantee.

What you get

One-click scan workflow in wp-admin
Clear issue labels: broken URLs, redirect chains, orphan pages, timeouts, and server errors
Suggested next action for each issue
CSV export after a completed scan
Optional escalation/review pack export with scan rows, plugin versions, WooCommerce/Stripe Gateway status, revenue-critical flagged findings, and safe security/reliability signals
Optional single-URL test for quick checks
Service-backed scan execution for consistent results

Best first use

Run a scan before migrations, redesigns, SEO audits, WooCommerce checks, or content cleanups. Start with broken links, 404s, redirect chains, and orphan sitemap pages, then review WooCommerce checkout-path and safe security/reliability signals when they appear.

Search visibility companion

Need to check noindex, canonical, sitemap coverage, and search visibility signals too? Use VDL Search Visibility Scanner alongside VDL Site Leak Scanner for a fuller WordPress discovery audit.

Optional cleanup help

The plugin is free to install and run. If you prefer a manual review, VaultDevLabs can review scan results and prepare a plain-English Site Rescue Review separately. If WooCommerce and Stripe-related signals are present, VaultDevLabs can also review whether the findings justify a closer Payment Rescue Review. Review handoffs open only when you choose them from the plugin results screen and may pass summary counts and your site URL to https://www.vaultdevlabs.com/site-rescue-review or https://www.vaultdevlabs.com/payment-rescue-review.

Screenshots

Dashboard showing broken links, 404s, redirect chains, and orphan page findings

Issue table with status codes, redirect hops, affected URLs, and suggested fixes — Dashboard showing broken links, 404s, redirect chains, and orphan page findings

Installation

Install the plugin from the WordPress Plugin Directory, or upload the plugin ZIP.
Activate the plugin.
Open VDL Site Leak Scanner in wp-admin.
Run a scan. The plugin can request a free service key automatically when needed.
Review the issue table and export a CSV for your cleanup workflow.

FAQ

Does this plugin use external services?

Yes.

VDL Site Leak Scanner connects to an external API for service authentication and scan requests.

What data is sent:
* Service key for status/activation checks.
* Site URL/host in request headers.
* Optional sitemap URL provided in plugin settings.
* Scan job metadata and scan results returned by the service (URL, status code, final URL, redirect hops, issue label).

When it is sent:
* When you save a service key or request a free/recovery key.
* When you start a scan.
* When the plugin polls scan job status/results.

Why it is sent:
* To authenticate the site with the scan service.
* To execute remote scan processing.
* To return scan results in wp-admin and CSV export.

Service provider:
* API endpoint: https://ai-seo-api-bey2.onrender.com
* Terms of Service: https://vaultdevlabs.com/terms
* Privacy Policy: https://vaultdevlabs.com/privacy

Can this plugin auto-fix issues for me?

No. It is a detection and triage tool. You review issues and apply fixes in your normal workflow.

Is this a penetration test or vulnerability scanner?

No. VDL Site Leak Scanner performs safe diagnostic checks only. It may flag security and reliability signals such as missing common headers, reachable XML-RPC, common exposed-file paths, or update counts, but it does not exploit vulnerabilities, perform credential attacks, run denial-of-service tests, or certify compliance.

Does this plugin access my Stripe account?

No. This passively detects whether WooCommerce and the WooCommerce Stripe Gateway plugin appear installed or active, and whether scan findings touch revenue-critical WooCommerce paths. It does not request Stripe API keys and does not access your Stripe account.

Does a revenue-critical signal mean I have a payment problem?

No. Revenue-critical signals are diagnostic findings only. They may justify manual review, especially on WooCommerce stores, but they do not confirm a payment issue or duplicate charge.

What is included in the review pack export?

The review pack includes scan rows, severity labels, revenue-critical URL signals, WooCommerce presence/status, WooCommerce Stripe Gateway plugin presence/status, plugin/theme update counts, safe security/reliability signals, and a prefilled diagnostic brief for manual review.

How do I test locally in LocalWP?

In LocalWP, open your site and go to Site Shell.
Zip the plugin folder so the root is vdl-site-leak-scanner/.
Upload and activate the ZIP in WordPress admin.
Open VDL Site Leak Scanner, optionally set a sitemap URL, and run a scan.

Reviews

kyelaw Maig 4, 2026

Simple, clear and genuinely useful. It found broken URLs, redirect problems and orphan pages quickly, and made it easy to see what needed fixing first. Great little WordPress health-check tool.

dpickering1986 Març 1, 2026

I’ve been using VDL Site Leak Scanner and it’s a helpful tool that quickly finds 404 errors, redirect chains and orphaned URLs on my site. The scanner runs fast right in wp-admin and shows clear issue labels with suggestions on what to fix, and you can export results as a CSV. It’s simple to use and a great way to catch site issues you might otherwise miss.

Read all 2 reviews

Contributors & Developers

“VDL Site Leak Scanner – 404 & Broken Link Checker” is open source software. The following people have contributed to this plugin.

VaultDevLabs

Translate “VDL Site Leak Scanner – 404 & Broken Link Checker” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.

Changelog

1.1.27

Updated WordPress.org positioning around 404s, broken links, redirect chains, orphan sitemap pages, and WooCommerce checkout-path issues.
Renamed the public plugin title to “VDL Site Leak Scanner – 404 & Broken Link Checker” while keeping the existing slug and text domain.
Added clearer first-use guidance for migrations, redesigns, SEO audits, WooCommerce checks, and content cleanups.

1.1.26

Added safe WordPress security and reliability signals for common headers, XML-RPC reachability, common exposed-file paths, REST API notes, and update counts.
Added Site Rescue Review positioning and review-pack context for broader WordPress security/reliability findings.
Changed results to show one contextual review panel: Payment Rescue Review for Woo/Stripe revenue-critical signals, Site Rescue Review for broader site/security signals.

1.1.24

Updated contextual review handoff links to the dedicated VaultDevLabs Payment Rescue Review page.
Passed plugin source context and finding counts into the review handoff while keeping the scanner read-only and diagnostic.

1.1.23

Improved wp-admin UI polish with product artwork, dashboard-style scan metrics, clearer status labels, and a stronger empty state.
Kept scan logic, external service behavior, and diagnostic claims unchanged.

1.1.22

Added WooCommerce-aware revenue-critical URL tagging for checkout, cart, account, order-pay, order-received, and payment-related endpoints.
Added passive WooCommerce and WooCommerce Stripe Gateway plugin detection.
Added contextual Woo + Stripe diagnostic CTAs only when relevant scan findings and active Woo/Stripe context are present.
Added escalation/review pack export with plugin status, scan findings, and a cautious manual-review brief.
Tightened diagnostic wording to avoid confirmed payment issue or overclaiming.

1.1.21

Added a WP.org-safe human review handoff from scan results to VaultDevLabs.
Kept the free scan, CSV export, filters, and actionable results available in the plugin.

1.1.20

Repositioned plugin copy around broken links, redirect chains, orphan pages, and audit-style cleanup.
Added clearer wp-admin guidance for scan outcomes and optional cleanup reporting.
Kept external service disclosure and free scan workflow unchanged.

1.1.19

Auto-issues a free service key on first scan when missing, then starts remote scan in the same request.
Removed manual service-key status/email action buttons from wp-admin and detached related route wiring.
Removed local cap fallback logic; cap messaging now appears only when cap data is returned by the scan service.

1.1.18

Restored text domain to vdl-site-leak-scanner to match current slug.
Renamed main plugin file to vdl-site-leak-scanner.php.
Standardized localized JS globals and prefixed self-test transient key.

1.1.17

Updated text-domain usage to match current reserved slug checks.
Added prefixed API base constant with backward compatibility alias.
Plugin Check compatibility pass for i18n domain mismatch warnings.

1.1.16

Added Recover Service Key flow in Connect Service.
Added neutral recovery messaging and improved service-key recovery UX.
Version and packaging refresh for cache-safe rollout.

1.1.15

Added Get Free Service Key flow for self-serve setup.
Switched scan workflow to remote service execution path.
Removed legacy local gating from plugin UX.

1.1.14

Updated Tested up to metadata to WordPress 7.0.

1.1.13

Release metadata and packaging consistency updates.
GitHub release workflow adjusted for WP.org-ready ZIP output.

1.1.12

WordPress.org compliance metadata improvements.

1.1.11

Security and sanitization hardening across admin handlers.
Plan label display improvements in license summary.
External service disclosure clarity for review.

1.1.10

Version metadata alignment.
External services disclosure added for directory review.
Removed background admin-side license prefetch hook.

1.0.4

Improved service key verification messaging.

1.0.0

Initial release with sitemap scanning, issue detection, and CSV export.

A really well designed app, very helpful.

Helpful tool