avechi.co.ke
Avechi Kenya | Online shop for smartphones and electronics
SEO
75
C
Performance
46
F
Accessibility
89
B
Security
60
D
Detected Technology Stack
Comprehensive Audit
E-commerce (Electronics Retail) — security, performance, UI/UX, SEO & technical debt
Security
4/10
UI/UX
5/10
Performance
5/10
SEO
6/10
Technical Debt
5/10
22 issues identified across 5 categories — 3 critical, 6 high, 9 medium, 4 low priority. Several issues are quick-wins fixable in under a day and will immediately increase trust and conversions.
Avechi Kenya is a Kenyan electronics e-commerce platform built on WordPress with WooCommerce, jQuery, Font Awesome, and GSAP animations. While the site offers a wide product catalog spanning smartphones, TVs, and accessories, it suffers from critical security vulnerabilities including an exposed WordPress admin panel and missing HTTP security headers. With a performance score of just 46/100 and multiple UI/UX issues including misspelled navigation categories and broken footer links, the site is losing potential customers at every stage of the buying journey.
Security— 7 issues
Only HTTPS is configured. The WordPress admin panel is publicly exposed, no WAF is in place, and critical security headers (CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy) are all missing — leaving the store vulnerable to brute-force attacks, clickjacking, and XSS.
WordPress admin panel publicly exposed
The default /wp-admin and /wp-login.php paths are accessible to anyone on the internet, making the site a prime target for brute-force attacks and credential stuffing bots. For an e-commerce store processing M-Pesa and Airtel Money transactions, an admin breach could expose customer data and payment information.
Fix:
Rename or hide the login URL using a plugin (WPS Hide Login), enable 2FA with Wordfence, and whitelist admin IPs via .htaccess or server config.
No HTTP security headers in place
The site is missing Content-Security-Policy (CSP), X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy headers. These protect against XSS, clickjacking, and MIME sniffing attacks — all of which can be used to steal customer credentials or inject malicious payment forms.
Fix:
Configure headers in the web server (Apache/.htaccess) or via a WordPress security plugin like Wordfence or Solid Security.
WordPress version likely exposed in page source
WordPress sites commonly expose their version number in meta tags and asset query strings (e.g., ?ver=6.x). Attackers use this to target known CVEs specific to that version, and avechi.co.ke's WordPress installation is no exception.
Fix:
Remove the generator meta tag via functions.php and strip version parameters from script/style URLs.
Plugin and theme update status unknown
The site was launched in late 2021. WooCommerce and WordPress plugins without regular updates are a leading cause of e-commerce site breaches. Outdated plugins account for over 50% of WordPress hacks, and Avechi's age makes this a significant risk.
Fix:
Audit all installed plugins, remove unused ones, enable auto-updates for security patches, and set up a monitoring dashboard.
No visible WAF (Web Application Firewall)
There is no sign of Cloudflare, Sucuri, or any WAF protecting the site from SQL injection, bot traffic, and DDoS — critical for an e-commerce platform handling mobile money payments in Kenya's competitive electronics market.
Fix:
Enable Cloudflare (free tier) at minimum, or Sucuri for full WAF + CDN. This also improves performance.
Right-click protection is security theater
The 'error: Content is protected!!' message appears as visible text on page load — meaning the protection script is poorly implemented. It provides zero actual protection and degrades UX for legitimate users trying to copy product names or specifications.
Fix:
Remove it entirely. It does not protect content and actively annoys users. Images can always be saved via DevTools regardless.
Payment security transparency is missing
M-Pesa, Equitel, and Airtel Money payment logos appear in the footer but all link to '#' — no PCI-DSS badge, no payment processor security page, no trust seal. This reduces buyer confidence, especially for first-time customers spending KSh 10,000+ on electronics.
Fix:
Link payment icons to their respective provider security pages and add a visible trust seal near the checkout.
UI/UX— 7 issues
Multiple spelling errors across navigation ('Accesories' instead of 'Accessories'), broken footer links ('Sign in' and 'Get our app' both point to homepage), and an overwhelmingly complex 50+ item flat category dropdown that creates cognitive overload for shoppers.
Multiple spelling errors across the site
The word 'Accessories' is misspelled as 'Accesories' in at least 3 visible navigation locations: 'Phone Accesories', 'TV Accesories', 'Camera & Accesories'. The footer also reads 'Contacts us' instead of 'Contact us'. These reduce brand credibility for shoppers comparing Avechi to competitors like Jumia.
Fix:
Correct all instances in WooCommerce category names and footer widget text.
'Sign in' and 'Get our app' footer links go to the homepage
Both footer links currently point to https://avechi.co.ke/ — meaning there is no actual login page or app download page. Users who click these will be confused and lose trust in the site's completeness.
Fix:
Either build these pages or remove the links from the footer until ready.
Navigation is overwhelmingly complex
The 'All Categories' dropdown contains 50+ items in a flat list with no grouping or visual hierarchy. This is cognitive overload for users and is a known conversion killer on mobile. Navigation should guide, not exhaust — especially for shoppers browsing on mobile data.
Fix:
Implement a mega-menu with grouped categories and icons, or a sidebar drawer with collapsible sections. Limit top-level visible categories to 8-10.
Inconsistent naming conventions across categories
'TVS' (uppercase) is used in some places while 'TVs' is used in others. Category URLs contain inconsistent spacing patterns in price ranges (e.g., 'Ksh 5,000-Ksh 10, 000' with a space before zero in some). These signal poor QA to detail-oriented shoppers.
Fix:
Standardize all category names and URL slugs. Use a consistent format like 'KSh 5,000-10,000'.
No trust signals or social proof on the homepage
There are no visible customer reviews, star ratings, 'X happy customers' counters, or press mentions on the homepage. For a competitive electronics market in Kenya, social proof is essential to convert first-time visitors who may be wary of online shopping.
Fix:
Add a review carousel, total order count badge, and Google rating widget to the homepage above the fold.
No wishlist or comparison feature prominently highlighted
The site has wishlist and compare features (visible in header) but they are not promoted or explained to users anywhere on the homepage — a missed opportunity to increase engagement and return visits for high-consideration electronics purchases.
Fix:
Add a subtle tooltip or banner on first visit explaining the wishlist feature. Show a count when items are added.
Chat widget z-index conflicts on mobile
The 'Avechi Cares' chatbot floating button and the 'Back to Top' link can overlap on smaller screens, making both hard to interact with on popular Kenyan mobile devices (360px-414px widths).
Fix:
Ensure chat widget and sticky buttons are tested at 360px-414px widths and have non-conflicting z-index and positioning.
Performance— 4 issues
Navigation icons are loaded as 30+ separate unoptimized PNGs, no CDN or image optimization strategy is visible, no caching plugin is detected, and lazy loading is not implemented — all contributing to slow page loads on Kenya's mobile data connections.
Navigation icons are loaded as separate unoptimised images
Each menu category uses two separate PNG images (a white version and a colored version for hover state). With 15+ categories, this is 30+ separate HTTP requests just for nav icons — significantly slowing first paint on Avechi's pages.
Fix:
Replace with an SVG sprite sheet or inline SVG icons. If keeping PNGs, lazy-load them and serve via a CDN like Cloudflare.
No CDN or image optimization strategy visible
All images are served directly from avechi.co.ke/wp-content/uploads/ — no CDN caching, no WebP conversion, no responsive srcset attributes evident. Large unoptimized product images are a leading cause of poor mobile performance in Kenya where data costs are high.
Fix:
Enable Cloudflare CDN and install a plugin like Imagify or ShortPixel for automatic WebP conversion and compression.
WordPress without caching leads to slow TTFB
WordPress sites without server-side caching generate pages dynamically on each request, leading to high Time to First Byte (TTFB) — especially under traffic spikes during promotions or sales events that Avechi likely runs.
Fix:
Install WP Rocket or W3 Total Cache. Enable page caching, object caching (Redis), and database query caching.
No lazy loading implementation visible
Product images in category grids and the homepage likely load all at once on page load, increasing initial page weight significantly — especially problematic on Kenya's mobile data connections where bandwidth is limited and expensive.
Fix:
Add loading='lazy' to all below-fold images. WooCommerce + modern WordPress versions support this natively.
Technical Debt— 2 issues
The 2021-era WordPress theme with jQuery shows signs of legacy PHP template architecture. No progressive enhancement means the site is slower on mobile and harder to maintain at scale compared to modern e-commerce platforms.
Site built entirely on legacy WordPress stack
The 2021-era theme shows signs of legacy PHP template architecture with jQuery and GSAP. With no progressive enhancement, the site is slower on mobile and harder to maintain at scale. Competing e-commerce sites in Kenya are moving to headless or modern Jamstack approaches.
Fix:
This is a long-term strategic conversation — propose a phased modernization roadmap starting with performance and security, then a potential Headless WooCommerce migration.
No sitemap or robots.txt accessible
Standard WordPress installations include a sitemap at /wp-sitemap.xml. If this is blocked or missing, search engine crawlers may not index all products properly, hurting organic traffic for Avechi's product catalog of smartphones and electronics.
Fix:
Verify sitemap exists and is submitted to Google Search Console. Ensure robots.txt is not accidentally blocking key paths.
SEO— 2 issues
No structured data or schema markup is detected, meaning products won't show rich snippets (star ratings, prices) in Google results. Category URL structures contain redundant slugs that dilute keyword focus.
No structured data / schema markup evident
The site doesn't appear to use Product, Offer, Review, or BreadcrumbList schema markup. This means products won't show rich snippets (star ratings, prices) in Google results — a significant SEO and click-through disadvantage versus competitors like Jumia Kenya.
Fix:
Install Rank Math or Yoast WooCommerce SEO add-on to auto-generate product schema. Verify via Google's Rich Results Test.
Category URL structure has redundant slugs
URLs like /product-category/audio/audio-price/ksh-2-000-ksh-5-000/ contain the word 'audio' twice and use hyphens in price ranges in an inconsistent pattern, which dilutes keyword focus and makes links harder to share on social media.
Fix:
Audit and streamline URL slugs using a proper redirect strategy after changing. Example: /audio/2000-5000/ is cleaner.
Quick Wins
can be fixed in 1 day
- Fix all spelling errors— 'Accesories' → 'Accessories', 'Contacts us' → 'Contact us'
- Remove or fix broken footer links— Remove 'Sign in' and 'Get our app' links that point to homepage
- Remove broken right-click protection— Remove the content protection script that displays visible error text
- Link payment logos to provider pages— Connect M-Pesa, Equitel, Airtel Money footer icons to their security pages
- Enable image lazy loading— Add loading='lazy' to all product and category images below the fold
- Install Cloudflare free plan— Get CDN, basic WAF, and DDoS protection in one setup
Service Roadmap
Security hardening & quick wins
(Week 1–2)Fix critical security issues (hide wp-admin, add security headers, install Cloudflare WAF), correct spelling errors, fix broken footer links, and remove the broken right-click protection. Fast, visible wins that build client trust.
Performance overhaul
(Month 1)Image optimization pipeline (WebP conversion, CDN delivery), caching setup (WP Rocket + Redis), lazy loading implementation, and SVG icon migration. Target measurable improvement in Core Web Vitals and PageSpeed score.
UX & conversion optimization
(Month 2–3)Navigation redesign with mega-menu, trust signals and social proof integration, schema markup for rich snippets, mobile UX audit, and wishlist/comparison feature promotion. Tie improvements directly to conversion rate metrics.
Strategic modernization
(Long-term)Propose a modern stack migration or at minimum a theme rebuild. Consider Headless WooCommerce with Next.js for dramatically better performance. Establish ongoing retainer for maintenance, security monitoring, and plugin updates.
Our Assessment
Your WordPress admin panel is publicly exposed at the default URL, you have no Web Application Firewall, and your security headers are completely missing — for an e-commerce site processing M-Pesa and Airtel Money transactions, a breach could expose customer payment data and result in catastrophic reputational damage in Kenya's competitive electronics market.
Avechi Kenya has the product catalog and market positioning to compete with larger players like Jumia, but the critical security vulnerabilities and performance issues are actively driving customers away. The spelling errors and broken links are your easiest door-openers — any business owner immediately understands why 'Accesories' on their site looks unprofessional. With the security hardening and performance improvements outlined above, Avechi can become the most trusted and fastest electronics shopping experience in Kenya, unlocking significantly higher conversion rates and customer lifetime value.
Audit conducted April 2026 · Based on public page analysis · Some server-side issues require backend access to fully assess.
SEO Analysis
Page Title
Avechi Kenya | Online shop for smartphones and electronics
Title Length
58 characters
Meta Description
Avechi Kenya is a popular online shop for smartphones and electronics , buy your
Description Length
167 characters
Headings
H1: 0 | H2: 0 | H3: 0
Images
50 total, 49 missing alt text
Issues & Recommendations
Meta description too long (167 chars)
Shorten to under 160 characters.
Missing H1 heading
Add exactly one H1 tag with your primary keyword.
49 images missing alt text
Add descriptive alt text to all images for SEO and accessibility.
Performance Analysis
Issues & Recommendations
Largest Contentful Paint is 4.6s
Optimize images, reduce server response time, and minimize render-blocking resources.
Cumulative Layout Shift is 0.837
Set explicit dimensions on images/videos and avoid inserting content above existing content.
First Contentful Paint is 4.0s
Reduce server response time and eliminate render-blocking resources.
Accessibility Analysis
Form Labels
2 inputs, 1 missing labels
Issues & Recommendations
1 form inputs may be missing labels
Associate a <label> with every form input using the for attribute.
No skip navigation link found
Add a skip link to allow keyboard users to skip to main content.
Security Analysis
Issues & Recommendations
Missing Strict-Transport-Security header
Add HSTS header to enforce HTTPS connections.
Missing Content-Security-Policy header
Add CSP header to prevent XSS and injection attacks.
Missing X-Frame-Options header
Add X-Frame-Options: DENY or SAMEORIGIN to prevent clickjacking.
Missing X-Content-Type-Options header
Add X-Content-Type-Options: nosniff to prevent MIME-type sniffing.
Missing Referrer-Policy header
Add a Referrer-Policy header to control referrer information.
Want to Improve These Scores?
Get a free consultation on how to fix the issues found for avechi.co.ke. I'll create a custom improvement plan tailored to your website.