Platform
WordPress 6.8.5BeaverBuilder + WP Rocket
Aging platform · End-of-life server
Your site's content is strong.
Your site's content is strong.
The platform underneath it is holding it back.
rvmlawyer.com runs on WordPress on a server whose software stopped receiving security updates. The writing, the structured data, and the SEO groundwork are good — but the platform is slow on phones, exposes an attacker surface a law firm shouldn't carry, and needs constant patching. This review shows exactly where it stands and what a modern static rebuild fixes.
Server
PHP · End-of-lifeNo security patches since Dec 2025
Mobile speed
66 / 100Google Lighthouse
Pages
19Schema + llms.txt present
66
Mobile platform score
Underperforming — rebuild recommended
SEO foundation
85
Mobile speed
66
Crawl efficiency
55
Security posture
40
Maintenance & risk
35
The case in 30 seconds
Keep the content. Replace the engine.
- Speed: the homepage takes 5.8 seconds to show its main image on a phone. Google's "good" threshold is 2.5s. Speed is a confirmed ranking factor.
- Security: WordPress carries a login page, a database, and third-party plugins — all of which can be attacked. The current server's PHP is past end-of-life, so newly discovered holes stay open.
- Exposure: the site currently announces its exact software versions to anyone — a roadmap for attackers.
- Maintenance: WordPress needs ongoing core + plugin updates. Miss one and you're exposed. A static site has nothing to patch.
- The fix: rebuild as a modern static site (Astro) on a current server. No database, no login, no plugins — just fast, pre-built pages.
01 · Speed
Slow on mobile — and that costs rankings and clients
Most people who find a lawyer on Google do it from a phone. Google measures real mobile load speed ("Core Web Vitals") and uses it to rank pages. The current site fails the most important metric.
5.8s
Largest image load (mobile)
66
Lighthouse score / 100
47
Requests per page load
| Metric | WordPress now | Google "good" | Static rebuild (target) |
|---|---|---|---|
| Largest Contentful Paint | 5.8s | ≤ 2.5s | < 2.5s |
| Lighthouse mobile score | 66 | ≥ 90 | 90+ |
| Main-thread blocking (TBT) | plugin JavaScript | minimal | ~0 ms |
| Requests per page | 47 | fewer is better | ~10 |
Targets are based on our other sites already migrated from WordPress to Astro, where main-thread blocking dropped to 0 ms and page weight fell by roughly 75%.
02 · Security & site exposure
WordPress gives attackers a door. A static site has none.
A law firm site holds your reputation and your clients' trust. WordPress is the most-attacked platform on the web precisely because it's the most common — it has a login, a database, and plugins, each a potential way in. Here's the honest current state.
Attack surface — what exists to break into
WordPress (today)
Static Astro (after)
| Exposure | WordPress now | Static rebuild |
|---|---|---|
| Admin login page | Exposed wp-login.php returns 200 — a target for password-guessing bots | None no login exists |
| Database | Yes MySQL — a breach/injection target | None nothing to breach |
| Plugins | Several BeaverBuilder, WP Rocket, PowerPack — each a CVE surface | None no plugins |
| Server-side code (PHP) | End-of-life unpatched since Dec 2025 | None pages are pre-built, no PHP runs |
| XML-RPC endpoint | Blocked already hardened (403) | N/A |
| User enumeration (REST) | Blocked (401) | N/A |
Information disclosure — what the site tells attackers
!
Software versions leaked
The site publicly announces "WordPress 6.8.5" and its plugin version numbers. That's a shopping list — an attacker checks those versions against known exploits.
!
Stack disclosed in headers
Server responses reveal WP Rocket/3.15.0.1 and PleskLin, fingerprinting the exact hosting and caching stack.
Security headers — protective rules the browser looks for
| Header | Status | What it protects against |
|---|---|---|
| Strict-Transport-Security | Missing | Forcing secure HTTPS connections |
| Content-Security-Policy | Missing | Script-injection / XSS attacks |
| X-Frame-Options | Missing | Clickjacking (site embedded in a fake page) |
| X-Content-Type-Options | Missing | MIME-type confusion attacks |
| Referrer-Policy | Missing | Leaking visitor browsing data |
| Permissions-Policy | Missing | Unwanted camera/mic/location access |
| X-Powered-By | Disclosed | Should be hidden — currently reveals the stack |
All seven add up to 0 of 6 protective headers present. On the rebuild these are applied at the server edge by default.
03 · Google & crawling
Google can read it — but a static site reads cleaner and ranks better
Your SEO foundation is genuinely good and we keep all of it. The gains come from how Google receives the pages.
What's already working (we keep it)
✓ Structured data for a law firm (Attorney + business address)
✓ llms.txt for AI search engines (ChatGPT, Perplexity)
✓ XML sitemap (19 pages) and robots.txt
✓ Page titles, descriptions, and clean URLs
What a rebuild improves
• Crawl speed: every WordPress page is built on-the-fly by PHP + a database query + 47 requests. Static pages are pre-built and served instantly — Google crawls more, faster.
• Core Web Vitals: currently failing mobile speed, a ranking signal — the rebuild fixes it.
• Reliability: no database means the site can't go down from a plugin conflict mid-crawl.
i
One broken item found
The site's own visitor analytics is silently failing — two requests return "404 Not Found" on every page load because the caching plugin rewrote the tracking address. A rebuild removes the plugin layer that causes this.
04 · Design & upkeep
Same look — without the maintenance treadmill
The rebuild reproduces your current design exactly (or refreshes it if you'd like). The difference is what happens after launch.
WordPress today
Core + plugin updates every few weeks. Skip one and you risk a hack. Page builders bloat the HTML and slow the site.
Static Astro
Nothing to patch on a schedule. No plugins to conflict. Edits are deployed as fresh pre-built pages in seconds.
Hosting cost
Static sites are lighter and cheaper to host, and run comfortably on a current, supported server.
05 · WordPress vs. Astro
Side by side
WordPress (current)
Astro static (proposed)
| Factor | WordPress | Astro static |
|---|---|---|
| Mobile speed | 66 / 100 | 90+ target |
| Attack surface | Login + DB + plugins | None |
| Server software | PHP end-of-life | Current, supported |
| Ongoing maintenance | Constant updates | Effectively none |
| SEO foundation | Good | Preserved + faster |
| Can go down from a plugin | Yes | No database to fail |
| Hosting cost | Higher | Lower |
06 · Recommendation
Rebuild rvmlawyer.com as a modern static site
Same content, same (or improved) design — rebuilt on a fast, secure, low-maintenance foundation that protects the SEO work already in place.
What we do
1. Rebuild all 19 pages as a fast static (Astro) site
2. Carry over every title, description, URL, your law-firm structured data, and llms.txt
3. Optimize images and layout for mobile speed
4. Add the missing security headers at the edge
5. Launch on a current, supported server — then point your domain over with near-zero downtime
What you get
✓ A site that loads fast on phones (better rankings, fewer lost visitors)
✓ No WordPress login, database, or plugins to be hacked
✓ No more update treadmill
✓ Your search rankings protected, not reset
✓ Lower hosting cost
✓
Bottom line
The content and SEO are assets worth keeping. The platform under them is a liability. Moving to a static build keeps the assets and retires the liability — faster, safer, and cheaper to run.