What’s included in your 50+ point diagnostic checklist?

This onboarding checklist outlines the comprehensive security and performance review we’ll conduct on your website. We’ll check everything from server software versions and file permissions to WordPress core and plugin updates, security configurations, and theme optimization. We’ll also dive into functionality like ecommerce, media files, and user management to ensure everything is working efficiently and securely. By systematically reviewing these areas, we’ll identify potential issues and ensure your website runs at its best.

Here’s an overview of our diagnostic:

  1. Test web server for security and recent version
  2. Check for most recent PHP version
  3. Check for most recent MySQL version
  4. Confirm proper file/folder permissions
  5. Confirm SSL Certificate is correctly installed with no issues
  6. Review WordPress structures (media and content incorrectly stored)
  7. Analyze WordPress installation size
  8. Check WordPress database size
  9. Test for most recent WordPress version
  10. Confirm the the dashboard file editor is disabled
  11. Remove outdated plugins
  12. Remove unused plugins
  13. Test installed plugins for potential security vulnerabilities
  14. Review existing backup functionality
  15. Remove any plugins duplicating the same functionality
  16. Document custom plugins 
  17. Review the remaining required plugins for conflicts
  18. Document existing security plugins or required security settings
  19. Confirm active licenses for premium plugins
  20. Confirm active licenses for premium themes
  21. Troubleshoot outdated themes
  22. Remove unused themes
  23. Document custom themes and last date of update
  24. Document any theme build files that require updates.
  25. Confirm the use of child themes.
  26. Review and audit Custom Post Types
  27. Audit number of media files for optimization
  28. Audit number of posts 
  29. Audit number of pages
  30. Remove unnecessary users
  31. Audit number of users with Administrator permissions.
  32. Review users with custom permissions.
  33. Document custom login URLs
  34. Review ecommerce functionality
  35. Confirm most recent orders and statuses
  36. Confirm images are properly optimized
  37.  Audit site for malware and report any flags
  38. Check Core Web Vitals scores
  39. Confirm Content Delivery Network configuration
  40. Test caching configuration
  41. Check JavaScript implementation for optimization
  42. Check CSS for optimization
  43. Document plugins used for SEO
  44. Document plugins used for forms
  45. Confirm robots are not being blocked
  46. Review permalink structure
  47. Confirm plugin used for transaction emails
  48. Confirm use of WordPress Block Editor
  49. Confirm WP REST API is restricted to authenticated users
  50. Confirm XML-RPC is restricted to authenticated users
  51. Confirm login attempts are limited to protect against brute force attacks
Drew Barton Avatar
Founder & CEO

2 min read