Checklist – Points to check before taking WordPress site live
A. Set up
1. Domain Name – Verify Domain name of the site is properly used in the URLs. The domain is purchased by Client.
2. Hosting – The Hosting of the projects should be done on authenticate hosting companies. The companies should have proper reviews and round the clock support.
3. WordPress version – Make sure the WordPress Version is up to date.
4. WordPress Themes – The used WordPress theme should be up to date and all the unwanted themes should be removed from the admin panels
5. WordPress plugins – The plugins used in the WordPress should be up to date and configured properly. All the unwanted plugin should be removed or deactivated..
6. Common Project Email ID – Use common Email id created for the project for each and every configuration and purchase for the project
7. SSL Certificate – Confirm the SSL certification if required
8. Social media integrations – Clients social media pages should be set up on the live site.
B. Development –
1. Deployment environment – Setup staging and live environment for WordPress deployment separately for enhancement project.
2. Check for 404 – Verify the URLs throughout the sites for broken links. And page should be set up for the 404 status.
3. URL navigations – Verify all the URLs on the live site should be proper. URLS redirecting to staging or development/local environment should be avoided. The external links should be opened in a new tab of the browser.
3. Down time notification – Maintenance page with proper message when site is down should be available
4. Performance – The page load time should not be more than 3 seconds
5. Code review – Confirm the code review must be done at least once before the live deployment
6. Email ID – The Client’s email id should be set on the live site from where ever the email notifications gets initiated.
7. Garbage data – Remove all the garbage and dummy data used for testing before deploy site from staging to live site
8. Forms on the site – Check if all the forms on the site are properly working
9. Scope of work achieved – Verify all the points from the scope of work should be covered.
10. Change requests – List down the change request and verify before deployment that points of change request are addressed.
11. Media – The images and videos used on the site are purchased and not having watermarks on it.
12. Functional flow – Validate the functional flow of the feature should be working with valid data.
13. Captcha – All the forms should have captcha and working properly.
14. Testing – The testing of the site should be done properly. a. UI testing b. Functional testing c. Responsive testing(If in scope) d. Cross browser testing e. Content validation (Check Logo,Navigation bar,Images/Videos,Designs,Text,Header/footer strips,Calls-to-action,Links,Forms,Maps,Contact info,Sidebars,Callouts,Popups,Social media,Widgets,Logins/portals, Favicon)
15. Timezone – Make sure time zone is updated properly
16. For specific sites – like E-commerce site – 1. Product listing page 2. Cart functionality 3. Checkout functionality 4. Payment integration 5.Notifications emails should be checked
C. Backups –
1. Database – Take the database backups for staging and live sites – Plugins are available to take the backups for WordPress like WP- DBManager etc.
2. Overall back up – Take a manual backup of the complete WordPress installation, including the WordPress database, all files, themes, plugins, media library, etc.
D. SEO –
1. Plugin for SEO – Use SEO plugin to optimize the SEO
2. URLs – URLs should be short and informative
3. Sitemap – Create a sitemap for the site
4. Google analytics – Connect google analytics (If required)
5. Meta data – All pages and posts should have unique meta title, descriptions and keywords
6. Alt tags – All images should have proper alt tags
E. Security –
1. The Wp- admin URL – The Admin URL should be customized that means the admin URL should not content – /wp-admin but some unique string
2. Database prefix – The database pre-fix should not be wp but should be something unique
3. Site scanning – Conduct regular scanning of WP site should be done for malware and vulnerabilities
4. Block multiple IP Ids – Restrict the multiple Ids accessing the server files.
5. Disable Directory Browsing – This means that all files and folders inside the root directory (sometimes called the home directory) of the webserver is enlist able and accessible by a visitor the access to the directory should be restricted
6. File specific access – Restrict file access in wp-content folder like theme, plugins and specific media files, but at the same time you can unblock selected files like JPG, PDF, DOCX, CSS and JS etc.
7. Restrict All Access to wp-includes including admin
8. WP-Admin access – Pre-declare the IPs which should have access to wp-admin side.
9. Run the scan for finding vulnerabilities in web applications using security tools like zap, securi etc.
10. Restrict public access to wp-config.php file and .htacess file
11. Set up timeout functionality for idle sessions
12. Password authentication – Verify that password field should have a combination of uppercase, lower case, alphanumeric values and special characters. The password should be display in encrypted form.
13. File upload – User should be able to upload only approve file types. User should not be able to upload .exe files
14. Click Jacking – Update the code to prevent click jacking on your .php file.
