WPSonar is a TUTTUU service · an Italian studio that builds software for small and medium businesses. A real person behind the system, no call center, no empty bots.
TUTTUU is an Italian software and AI studio focused on worldwide SMBs that need serious tools but without enterprise heaviness. We build products we use ourselves, every day.
WPSonar is one of them: it was born from the practical need to manage WordPress site maintenance without burning hours on repetitive tasks. AI is the engine, but final responsibility always stays human.
I started writing PHP in 2008, building WordPress sites for small Italian businesses · restaurants, professional studios, single-product e-commerce. The technical part was fun, but the service layer · "the site is down", "we got attacked", "Google penalized us" · was a burden that kept growing.
For years I applied the same recipe: monthly checklists, backup plugins, uptime alerts via email, weekly scans. Manual. Expensive in human time and fragile · because one moment of distraction was enough to break something.
"Build an autonomous system where AI does the boring work and humans step in only where judgment is required."
When Anthropic released Claude 3 in 2024, I realized that AI was no longer a gadget · it was an operational colleague. The difference between an agent applying safelist-driven security fixes and a junior developer is · cost, latency, and 24/7 availability. Same level of output, no burnout.
WPSonar is the result of that bet: automation up to 95% of repetitive work, human intervention for the 5% that requires judgment. No outsourcing to low-cost countries, no ignored checklists, no client who finds out about the problem from their own customers.
Every WPSonar client is a client who has my personal attention on the delicate cases. No middlemen, no generic account managers · write to care@tuttuu.it and either I reply or a colleague who knows your file does.
These are the principles fixed in our internal documentation · I codified them so I couldn't "forget" them under pressure.
If the problem is automatable (HSTS, CSP, .htaccess hardening, etc), the system applies the fix before emailing you. You receive a report of what was resolved, not a list of "tips" to paste into cPanel.
Never modify a file without a verified backup · a .MALWARE-{ts}.bak suffix is dropped beside it · if the automatic fix causes damage, rollback is atomic.
Every action the system takes on your site is recorded · never deleted. You can request the full export (CSV) at any time · zero black-box, every AI decision traceable.
No "retention call", no "let's review together". You go to your portal, click "cancel", finish the month, done. Your site credentials are auto-revoked 7 days after the last intervention.
AI isn't a layer of "magic" sitting on top of the system · it's the decision engine behind every audit, fix, and classification. With human verification on delicate cases and a strict safelist for autonomous actions.
Built on standard components, no vendor lock-in, everything logged and inspectable.
Claude (Anthropic) · GPT-4 (OpenAI via OpenRouter) · Llama (Groq) · fallback chain with quality check on every output.
The wpcare-bridge plugin with token + IP whitelist + audit log · runs fixes only for authorized actions.
HSTS, CSP, X-Frame-Options, XML-RPC disable, hide WP version, .htaccess hardening · idempotent fixes.
The ticket_actions_log table · every AI action tracked · exportable via API · never DELETE.
Authenticated encryption · key separated from DB backup · auto-revoke 7 days after last use.
No call center · write to me directly. I'll reply within 24 hours, or call you back if you prefer.