This onboarding checklist outlines the comprehensive security and performance review we’ll conduct on your website. We’ll check everything from server software versions and file permissions to WordPress core and plugin updates, security configurations, and theme optimization. We’ll also dive into functionality like ecommerce, media files, and user management to ensure everything is working efficiently and securely. By systematically reviewing these areas, we’ll identify potential issues and ensure your website runs at its best.
Here’s an overview of our diagnostic:
- Test web server for security and recent version
- Check for most recent PHP version
- Check for most recent MySQL version
- Confirm proper file/folder permissions
- Confirm SSL Certificate is correctly installed with no issues
- Review WordPress structures (media and content incorrectly stored)
- Analyze WordPress installation size
- Check WordPress database size
- Test for most recent WordPress version
- Confirm the the dashboard file editor is disabled
- Remove outdated plugins
- Remove unused plugins
- Test installed plugins for potential security vulnerabilities
- Review existing backup functionality
- Remove any plugins duplicating the same functionality
- Document custom plugins
- Review the remaining required plugins for conflicts
- Document existing security plugins or required security settings
- Confirm active licenses for premium plugins
- Confirm active licenses for premium themes
- Troubleshoot outdated themes
- Remove unused themes
- Document custom themes and last date of update
- Document any theme build files that require updates.
- Confirm the use of child themes.
- Review and audit Custom Post Types
- Audit number of media files for optimization
- Audit number of posts
- Audit number of pages
- Remove unnecessary users
- Audit number of users with Administrator permissions.
- Review users with custom permissions.
- Document custom login URLs
- Review ecommerce functionality
- Confirm most recent orders and statuses
- Confirm images are properly optimized
- Audit site for malware and report any flags
- Check Core Web Vitals scores
- Confirm Content Delivery Network configuration
- Test caching configuration
- Check JavaScript implementation for optimization
- Check CSS for optimization
- Document plugins used for SEO
- Document plugins used for forms
- Confirm robots are not being blocked
- Review permalink structure
- Confirm plugin used for transaction emails
- Confirm use of WordPress Block Editor
- Confirm WP REST API is restricted to authenticated users
- Confirm XML-RPC is restricted to authenticated users
- Confirm login attempts are limited to protect against brute force attacks