SEF Card WordPress Audit Fix Package
Generated: 2026-06-30

Major fixes applied:
1. Added root .htaccess with Options -Indexes, security headers, cache headers, compression rules, sensitive file protection, and /sitemap.xml redirect to /wp-sitemap.xml.
2. Added robots.txt with sitemap references and safe WooCommerce utility-page exclusions.
3. Added PWA/branding files: manifest.webmanifest, site.webmanifest, favicon.svg, icon-192.png, icon-512.png, apple-touch-icon.png.
4. Added MU plugin: wp-content/mu-plugins/sef-audit-fixes.php
   - Security headers fallback from PHP
   - Cache-Control fallback
   - robots.txt filter and sitemap redirect fallback
   - Canonical/meta description/Open Graph/Twitter card fallbacks
   - Organization, WebSite, BreadcrumbList, Product, and ItemList JSON-LD fallbacks
   - Optional GTM and Meta Pixel support through wp-config constants SEF_GTM_ID and SEF_META_PIXEL_ID
5. Updated SEF theme:
   - Header phone/email are clickable tel:/mailto links
   - Search form label and nonce added
   - Primary nav aria-label added
   - Newsletter form label, nonce, email type, and required field added
   - Hero slider/dot buttons improved for accessibility
   - Footer plain-text phone/email/WhatsApp lines auto-link where possible
   - Fallback # links changed to real URLs
6. Fixed SEF Chat dbDelta schema format that caused “Key column KEY doesn't exist” SQL errors.
7. Updated SEF Security Guard defaults/migration to avoid self-blocking audit crawlers with an overly low rate limit and broad user-agent blocks.
8. Updated Security Guard 403 helper output with lang, viewport, robots, nav, and main landmarks.
9. Patched WP Total Audit noindex false positives for cart/checkout/account/add-to-cart/wp-admin utility URLs.
10. Patched wp-login.php undefined variable warnings seen in error_log.

Manual/ID-dependent items:
- GTM and Meta Pixel require real IDs. Define in wp-config.php:
  define('SEF_GTM_ID', 'GTM-XXXXXXX');
  define('SEF_META_PIXEL_ID', '000000000000000');
- Thin content, multiple H1, and heading hierarchy issues need page/product content edits inside WordPress editor or page builder.
- If the old Security Guard database table already contains blocked IP rows, clear blocked IPs once from plugin admin after upload.
