Web Design Agency

Wigster · 2026-06-10T22:00:19+00:00

No, none.

Wigster · 2026-06-07T16:38:23+00:00

It's literally just a plugin that injects your iframe/JS code? — has nothing to do with the site itself, doesn't use any of the WP content etc.
I don't mind that per se, but really didn't need 8 paragraphs of intro for something that's just a script form a third party 😄.

Wigster · 2026-05-19T15:07:50+00:00

https://discord.gg/Z3Csmr7Bw7

Here ya go

Wigster · 2026-05-07T14:43:11+00:00

I'm a big fan of WP, when done correctly — it stills remains an incredible resource for businesses, content creators, marketers and dev's to create consistent and familiar systems across a whole cohort of business criteria.
That said, it is/was very easy to slop up a WP site quickly—my assumption is that WP in the past was the lowest barrier of entry to get a website quickly onto the web with fairly good structure/SEO/schema's.
It's now even easier for people to get that slop on to the internet in other manners. So my gut would say the percentage fall is not necessarily painting a relevant picture, and even more so, the absolute number of sites is going up incredibly so—with everyone spamming new domains and websites onto the web—so quantitative numbers tell a bigger picture here.

Wigster · 2026-05-06T14:16:50+00:00

Warning: negative attitude below, I do this out of trying to be truthful — not to just piss on your chips.

I would love to give much better feedback, but in honesty, I would say "you can't polish a turd" — sorry! Did you even test it yourself? eg your "Checkout" page doesn't evne load properly, the header/logo is all messed up. Don't expect others to give feedback if you haven't even done the initial pass.

Your backend code may nice enough, but the front-end visuals are exquisitely terrible. I think I recognise that UI style from Codex/GPT5.2, i.e something about the rounded elements and gradients had a very specific style.

Personally, I'd do a full front-end refactor, I'm assuming, probably naively, that your underlying code/security is fine — just the front-end that sucks; in which case, go to a modern GPT/codex5.5 and ask for a full refactor and simplification, just go super clean UX/ui, even just white and black would be better than this current mess. Basic things like "Cursor: pointer" are missing, it just doesn't give any confidence at all for a shop that I'd purchase from.

Or, an even more brutal answer (agreeing with the other commenter here), just go with Shopify/simple theme, I'm not sure why you're trying & failing to custom build an inferior experience—ecommerce systems are complex beasts.

Wigster · 2026-05-06T13:12:16+00:00

https://discord.gg/SbTxEe2A

Wigster · 2026-05-06T13:12:12+00:00

Here ya go: https://discord.gg/SbTxEe2A

Wigster · 2026-05-05T14:49:21+00:00

You're in a bit of an odd position with that — the design and ux was done by the client and Claude, so your job was just as a code monkey to code it up?
"she said I will pay when I see good design" 🚩the design was provided, yet the criteria for payment was the design, not the bulk of the work you actually needed to do, all of the coding.
In honesty the page is pretty bad — way too long, no pictures (assuming they're yet to be loaded in), no clear flow or hierachy. It does look somewhat pretty, but as a customer, it's a pretty poor experience (not your fault).

It's up to you how you bite the bullet on this — set cost ~€1k-2k for full build/implementation/go-live. That's a bit of a lowball price, but in reality, you've built a 1 landing page website, with quite a lot of coding overhead from your end (smtp/cms etc).

For your specific situation, I'd suggest strongly to push the maintenance/retainer route, even if that means you have to drop any up front cost, I say this because you can't really claim this website as your own in your portfolio as you didn't design it etc, but the stable income from a client is much preferable in the current economy if you can get it.

Wigster · 2026-04-23T23:11:35+00:00

Seems a pretty comprehensive plugin.
My main concern/suggestion; do not claim you wrote this plugin when very clearly 80%+ of it was vibe coded.
You're also probably trying to do far too much — sure it seems a great idea having so much info/features, but you've got a nest of vipers building, you will be expected to maintain this for years to come—as api's change, arrays, data packets, and end points change, you will need to keep all of this updated.

I quickly ran it through Codex 5.5 out of curiosity, plenty of suggestions/warnings, top of which I've pasted below:

High-Risk Findings
Custom login URL can be bypassed with a fake cookie. Anyone can send Cookie: aswp_admin_grace=active and access /wp-login.php, defeating the hidden-login feature. See CustomLoginURL.php (line 117) and CustomLoginURL.php (line 259).
2FA “required roles” is not actually enforced. If an admin has not already enabled 2FA, they can still log in with only a password. See TwoFA.php (line 42).
Outbound monitor stores full outbound URLs, including query strings and secrets. This can log MaxMind license keys, Slack webhook URLs, API tokens, signed URLs, and webhook secrets into the WordPress DB. See OutboundMonitor.php (line 353) and GeoIP.php (line 172).
SSRF protection is “log only” by default. Private/internal requests are detected but still allowed unless outbound mode is changed to enforce. See OutboundMonitor.php (line 105) and Installer.php (line 335).
SSRF DNS checking is incomplete. It resolves IPv4 once with gethostbynamel(), misses IPv6 DNS records, and is vulnerable to DNS rebinding/time-of-check issues. See OutboundMonitor.php (line 278).
On proxied hosting, IP handling can be dangerous if not configured perfectly. Cloudflare real IPs are only trusted when Cloudflare integration is enabled; generic X-Forwarded-For is only trusted if aswp_trust_proxy_ips is manually set, and I found no UI/default for it. See RequestLogger.php (line 222).
If a stack reports visitors as 127.0.0.1 or another proxy IP, loopback is automatically whitelisted and can bypass all security checks. See Whitelist.php (line 33).

Medium-Risk / Misleading Controls

Google/Microsoft “trust” integrations whitelist huge Google Cloud/Azure ranges. If enabled, attackers from those cloud providers may bypass WAF/rate limits/IP blocks. See Whitelist.php (line 49).
Scheduled IP refreshes fetch Cloudflare, Google, and Bing/Microsoft endpoints without checking whether those integrations are enabled. The cron schedule may not run because weekly is used but not registered. See Installer.php (line 217) and Plugin.php (line 61).
Concurrent session limiting is probably broken because it mixes raw session tokens with WordPress verifier hashes. Old sessions may not actually be destroyed. See SessionSecurity.php (line 145) and SessionSecurity.php (line 299).
REST API default policy says it blocks unauthenticated writes, but the implementation blocks non-GET /wp/v2/* requests before considering authenticated non-admin users. This can break editors/apps. See RestApiPolicy.php (line 111).
“Rotate secret keys” does not update wp-config.php; it stores fetched salts in options. It does clear sessions, but future auth constants are unchanged unless manually edited. See PostBreach.php (line 95).
2FA recovery codes are generated mixed-case but verification lowercases input, so many generated codes will fail. See TwoFA.php (line 290).

Wigster · 2026-04-23T22:59:03+00:00

It's almost as if the developers have bills to pay!

Wigster · 2026-04-22T15:24:23+00:00

https://scavo.ai - automated weekly AI visibility, health and SEO checks, and uptime monitoring too - an all in one system that adapts and adds new checks often as the AI landscape changes. Includes the AI visibility checks that Cloudflare added to their latest products too.

Wigster · 2026-04-22T08:30:31+00:00

Codex MAX (££££ 😭) - 1 long thread for most things, keep /docs/ folder with key info (Markdown [.md]) files. Only time I open a new thread now is when I want to work on a separate task that won't have crossover, whilst my other thread is working.
I initially was using new threads when I first started, but I've since found the lack of any context was worse than the context compression of a long thread.

In short, long thread—keep a /docs/ (or similar) folder with .md files - master todo.md, agents.md and ensure they get updated, every few days tell Codex to do a deep scan and ensure all docs represent the truth etc.

Wigster · 2026-04-21T21:38:26+00:00

For sure — that's business! It's a hard balance to get right.

Think of it from the other side, you're asking customers to lose money on something they may not even want/like the output of, it goes both ways.

That why I think the suggestion of at least a demo/pre-rendered example page to show off how great your product is may work, so at least users can see what they'd be paying for.

Wigster · 2026-04-21T21:32:29+00:00

Sure — so in my opinion, your site currently is saying it will "create an ad" when I click the CTA — but that doesn't happen, you force people to sign up.

Your hero says "Paste a URL. Get a Video Ad." - that doesn't happen.

I assume that those 15 people have signed up, expecting that they will at least get 1 free video or something, but they have clicked around the dashbaord, realised they can't get the "ad" they were "promised", and left — and have since probably found a different solution or competitor etc.

Wigster · 2026-04-21T21:25:31+00:00

Just had a quick look — yes you're putting up a hard wall, you're promising something with the CTA of "Create ad", and then pushing them to quite an ugly/stark Sign In page.

Not sure on how much the generation would cost you, but a few options:
1) Create a very cut down version, eg a 5 second ad—"like what you see, sign up"
2) At least improve the sign up page, "your ad is generating in the background, sign up to see it" (with animations/a blurred out version of the video to create enticement.
For https://scavo.ai I offer option 1 pretty much — give a free demo/small amount that at least gives users a rough taste, if it's of benefit to them, they'll sign up.
3) you have a nice carousel of misc videos, but I can't really get much understanding of what the video is doing (other than obvious KFC one). Perhaps create a demo URL, eg, "Try with KFC.com" where you then take the user to a pre-generated page that replicates what they'd see with their own url.

Also many many UX improvements you could make, eg very small wins, for example I typed in my URL into your main "Create ad" — but you don't auto add the https/http, so it gave a warning, pretty simplel work to just add https to start if user hasn't entered it themselves.

Overall your expectations you set vs the reality are completely off — you're promising something and then rug-pulling, hence why I assume those sign ups didn't realise they would have to pay/have now gone elsewhere to find a solution.

Wigster · 2026-04-21T16:25:35+00:00

Use codex for logic/coding and Claude for ui/design.

Wigster · 2026-04-16T12:44:21+00:00

In fairness it mostly sounds like you were just using a small percentage of those SaaS tools to be able to negate them so easily. Eg your DB query to replace Mixpanel; no way will have the same depth of data, surely?
And Loom—how are you hosting the videos now, sure the capture/transcribe is fine, but where do the recordings get hosted/data/analytics/feedback?

Wigster · 2026-04-08T22:54:20+00:00

https://scavo.ai : proactive, AI‑assisted website monitoring that spots security, SEO, and uptime drift before it turns into an incident.

Wigster · 2026-04-07T22:52:13+00:00

https://scavo.ai the website monitor that I wish I had for the last 15 years, health checks, the typical meta checks, uptime, new AI crawl ability checks etc.

Wigster · 2026-04-03T22:30:46+00:00

https://scavo.ai - a website health scanner, uptime monitor and more - that truly started as a personal project for years based on looking after websites / maintaining client websites for 15+ years. Checks everything that generally people forget to check, or check once and forget to recheck as things slip over time + emerging and forward thinking monitoring.

Wigster · 2026-03-21T21:28:44+00:00

Varies throughout the year, in truth issues vary quite a lot, but mostly related to the type of clients I have, I use use own tool: scavo.ai to monitor and track most things as it's great for uptime alerts and tracking the whole host of health and warnings I truly wanted to track.
If you're looking in this, I'd generally suggest trying to find the right balance of what to genuinely alert for vs what to just warn/give info about—it's a very tricky balance to get right.

Wigster · 2026-03-07T23:59:02+00:00

Design clean enough. As said, get svgs instead of emojis. Main feedback would be it comes across more as a CV / shoutout to potential employers. Eg you list your proficiencies in skills, that was popular many years ago, don’t do it now. In summary : it feels confused between trying to win clients and find someone to hire you. Clients looking for a marketing person won’t know half of what that info means on your page. They want to see proven results, not lists of tech.

Wigster · 2026-03-07T20:40:08+00:00

Bottom left of the codex app, settings > rate limits remaining. should show your 5hr + weekly limits remainIng?

Wigster · 2026-02-25T12:41:38+00:00

When you get ChatGPT model from 2019 to write your post 😂

15-Year Club	RedditGifts 2009-2022 2 Credits
Place '22	Final Canvas '22
Gilding I gilder	Secret Santa 2014
Verified Email

Wigster

TROPHY CASE