Our 50+ point diagnostic is a comprehensive audit we perform on every new site. It’s designed to identify potential security vulnerabilities, performance bottlenecks, and maintenance issues so we have a clear baseline from day one.
We check everything from your server environment to your plugin, theme, and database health.
Here’s a detailed breakdown of what we review:
Server & Environment
- Test web server for security and recent version
- Check for most recent PHP version
- Check for most recent MySQL version
- Confirm proper file/folder permissions
- Confirm SSL Certificate is correctly installed with no issues
- Confirm or create a functional staging environment
- Review server and PHP error logs for active issues
WordPress Core & Database
- Test for most recent WordPress version
- Analyze WordPress installation size
- Check WordPress database size
- Confirm the dashboard file editor is disabled
- Review WordPress structures (media and content incorrectly stored)
Plugin & Theme Health
- Remove outdated plugins
- Remove unused plugins
- Test installed plugins for potential security vulnerabilities
- Implement and verify SiteCare’s off-site backup solution
- Remove any plugins duplicating the same functionality
- Document custom plugins
- Review the remaining required plugins for conflicts
- Confirm active licenses for premium plugins
- Confirm active licenses for premium themes
- Troubleshoot outdated themes
- Remove unused themes
- Document custom themes and last date of update
- Document any theme build files that require updates
- Confirm the use of child themes
Security & Hardening
- Audit site for malware and report any flags
- Document existing security plugins or required security settings
- Confirm WP REST API is restricted to authenticated users
- Confirm XML-RPC is restricted to authenticated users
- Confirm login attempts are limited to protect against brute force attacks
Performance & Optimization
- Check Core Web Vitals scores
- Confirm Content Delivery Network configuration
- Test caching configuration
- Check JavaScript implementation for optimization
- Check CSS for optimization
- Confirm images are properly optimized
Content, User, & SEO Audit
- Review and audit Custom Post Types
- Audit number of media files for optimization
- Audit number of posts
- Audit number of pages
- Remove unnecessary users
- Audit number of users with Administrator permissions
- Review users with custom permissions
- Document plugins used for SEO
- Confirm robots are not being blocked
- Review permalink structure
- Confirm sitemap generation and submission (e.g., via robots.txt)
- Verify Google Analytics or other analytics script installation
Functionality & Compliance Review
- Review ecommerce functionality
- Confirm most recent orders and statuses
- Document plugins used for forms
- Confirm plugin used for transaction emails
- Document custom login URLs
- Confirm use of WordPress Block Editor
- Document 3rd-party API integrations (e.g., CRM, email marketing, shipping)
- Check for presence of a Privacy Policy and cookie consent banner
- Run initial scan for major accessibility issues (e.g., missing image alt text, poor link text)
