← Back to Stella Chatbot Wordpress Plugin
Owner tools
For the owner of Stella Chatbot Wordpress Plugin (Visit site).
Ownership
This launch is unclaimed.
Claim this launch to get an owner link, re-scan after fixes, track your score improvements, or remove your site from StackScope entirely.
Fixes that improve your score
Security
- HIGHAdd the missing security response headersMissing: Content-Security-PolicyWhyEach header limits a class of browser-side attack: clickjacking, XSS, MIME sniffing, plaintext fallback. Missing headers leave default-permissive behaviour in place.WhereMost are one line each in your server config, reverse proxy, CDN, or framework headers.
Starter Content-Security-Policy
We didn't see a Content-Security-Policy header on your site.
Here's a starter policy built from the 2
third-party
vendors we detected
(google-fonts, google-tag-manager).
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline' https://www.googletagmanager.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self' data: https://www.googletagmanager.com; font-src 'self' https://fonts.gstatic.com; frame-ancestors 'none'; base-uri 'self'; form-action 'self';
Content-Security-Policy-Report-Only first (as shown above),
walk through your site with DevTools Console open, and relax the policy until no CSP
violations fire. Only then rename the header to Content-Security-Policy to
enforce.
We probably don't cover everything. Vendors that only load behind auth, self-hosted scripts, custom analytics, and anything we haven't fingerprinted yet won't appear here. Inline scripts work because we've included
'unsafe-inline'; you
can tighten that later with nonces once the basic policy is stable. The Report-Only
walkthrough will flag anything we missed. That's the whole point of starting there.
Optional improvements
These don't change your StackScope score but cover SEO, agent-readiness, security-researcher discoverability, and compliance items worth addressing.
Security
- LOWAdd /.well-known/security.txtWhyLets security researchers report vulnerabilities responsibly through a published contact channel.WhereCreate
/.well-known/security.txtwith aContact:email andExpires:date.
Email security
- MEDIUMConfigure DKIM with your email providerNo DKIM record found at the common selectors we check.WhyDKIM signs your outbound mail with a cryptographic key receivers can verify. Without it, receivers can't tell your real mail from a spoof.WhereAsk your email provider for their DKIM setup. It's usually one TXT record at
{selector}._domainkey.{your-domain}. - LOWAdd MTA-STSNo MTA-STS DNS record published.WhyPrevents mail to your domain being downgraded to plaintext mid-flight by a network attacker. Most launches don't have this, so deploying it puts you a tier above generic email-security checks.WherePublish a TXT record at
_mta-sts.{your-domain}plus a policy file athttps://mta-sts.{your-domain}/.well-known/mta-sts.txt. - LOWAdd a TLS-RPT recordNo TLS-RPT record at
_smtp._tls.{domain}.WhyReceivers can tell you when STARTTLS handshakes to your mail server fail. Without it, silent TLS failures are invisible.WherePublish one TXT record at_smtp._tls.{your-domain}likev=TLSRPTv1; rua=mailto:[email protected].
Page basics & SEO
- LOWTrim your meta description to under 160 charactersCurrently 1740 characters: "Stella Chatbot is a WordPress chatbot plugin built to give website owners full control over how automated replies are delivered. It uses a practical FAQ-first approach: you define the chatbot name, avatar, categories, keywords, and answers from the admin panel, and the widget responds consistently on the frontend. Visitors can start from guided category suggestions, ask direct questions, and receive instant replies when keyword matches are found. This makes Stella Chatbot especially useful for support pages, service businesses, product sites, and any website that needs faster response handling without adding complex setup.The free version focuses on reliable core chatbot functionality for everyday use. You can manually manage up to 100 Q&A entries, assign unique keywords, organize content by category, set welcome messaging, and display category suggestions to help visitors navigate common topics. It is intentionally streamlined so non-technical admins can configure and run the bot quickly while still maintaining structured responses and clear fallback behavior when exact matches are not found.The pro version expands Stella Chatbot into a complete customer interaction system. It removes FAQ limits, adds advanced import workflows, enables AI fallback with provider/model selection (OpenAI ChatGPT, Anthropic Claude, Google Gemini, Groq, OpenRouter), supports lead capture, and includes session-based logging and analytics for performance tracking. Pro users can export chat data, tune AI behavior, and manage a more scalable chatbot operation suitable for higher traffic websites, sales funnels, and support teams. This gives businesses a single plugin path from basic FAQ automation to advanced AI-assisted conversations."WhyGoogle truncates around 155-160 characters on desktop SERPs (less on mobile), so anything past that won't appear in the snippet.WhereEdit your
<meta name="description">tag. Put the most click-worthy phrase first.
Agent / AI
- LOWDeclare a Content-Signal in robots.txtWhyStates how you'd like AI systems to use your content (training, search, agent input). Without it, AI crawlers fall back to whatever default policy each vendor applies.WhereAdd a
Content-Signal:line to yourrobots.txt. - LOWAdd Link response headersWhyLets agents discover your sitemap, privacy policy, and docs without parsing HTML, which most lightweight agents skip.WhereSet
Link:response headers in your server config or framework middleware.
If a tip looks wrong (for example it says "add a consent banner" and you already have one) the detection's the bug, not you. StackScope sees what's public from the outside: HTTP response, rendered HTML, cookies, and DNS. We can miss vendors that load behind consent, are self-hosted, or use an install shape we haven't fingerprinted yet. Email [email protected] and we'll look into it.
Copy into Cursor, Claude, or ChatGPT
This prompt includes the detected stack and only the fixes StackScope found. It asks the AI to make concrete file-level changes, not a vague website review.
Score-affecting basics only. Ask your AI to handle these first; come back for the optional hardening once they're done.
Everything: score-affecting fixes plus optional email security, agent metadata, and best-practice items. Longer prompt, more for an "all in one" agent run.
Using an autonomous agent?
Point the agent at this SKILL.md URL and ask it to follow the skill. The framing stops agents defaulting to an open-ended page review.
https://stackscope.dev/launch/mclcgrdg/skill.md
Share your score
Your score card renders automatically when you share the link.
Or embed a badge
Two badge options. Pick whichever fits your story.
Current score
Shows the latest score and updates within a few minutes of any recrawl. Best for ongoing display: if you fix something and recrawl, the badge reflects the new score automatically.
<a href="https://stackscope.dev/launch/mclcgrdg/stella-chatbot-wordpress-plugin"><img src="https://stackscope.dev/badge/mclcgrdg/current.svg" alt="StackScope score for Stella Chatbot Wordpress Plugin" height="24" /></a>
Launch score
Pinned to your launch-day snapshot and never changes. Marked with a small gold corner ribbon. Best for press kits, launch retrospectives, or anywhere you want a permanent record of how you shipped.
<a href="https://stackscope.dev/launch/mclcgrdg/stella-chatbot-wordpress-plugin"><img src="https://stackscope.dev/badge/mclcgrdg.svg" alt="StackScope launch score for Stella Chatbot Wordpress Plugin" height="24" /></a>
Using a Content-Security-Policy?
Both badges are <img> tags from our domain, so your CSP needs to allow them.
Add stackscope.dev to your img-src directive
(example: img-src 'self' stackscope.dev;). Without it, browsers silently
block the badge and visitors see a broken image.