What’s included in your 50+ point diagnostic checklist?

This onboarding checklist outlines the comprehensive security and performance review we’ll conduct on your website. We’ll check everything from server software versions and file permissions to WordPress core and plugin updates, security configurations, and theme optimization. We’ll also dive into functionality like ecommerce, media files, and user management to ensure everything is working efficiently and securely. By systematically reviewing these areas, we’ll identify potential issues and ensure your website runs at its best.

Here’s an overview of our diagnostic:

1. Test web server for security and recent version
2. Check for most recent PHP version
3. Check for most recent MySQL version
4. Confirm proper file/folder permissions
5. Confirm SSL Certificate is correctly installed with no issues
6. Review WordPress structures (media and content incorrectly stored)
7. Analyze WordPress installation size
8. Check WordPress database size
9. Test for most recent WordPress version
10. Confirm the the dashboard file editor is disabled
11. Remove outdated plugins
12. Remove unused plugins
13. Test installed plugins for potential security vulnerabilities
14. Review existing backup functionality
15. Remove any plugins duplicating the same functionality
16. Document custom plugins 
17. Review the remaining required plugins for conflicts
18. Document existing security plugins or required security settings
19. Confirm active licenses for premium plugins
20. Confirm active licenses for premium themes
21. Troubleshoot outdated themes
22. Remove unused themes
23. Document custom themes and last date of update
24. Document any theme build files that require updates.
25. Confirm the use of child themes.
26. Review and audit Custom Post Types
27. Audit number of media files for optimization
28. Audit number of posts 
29. Audit number of pages
30. Remove unnecessary users
31. Audit number of users with Administrator permissions.
32. Review users with custom permissions.
33. Document custom login URLs
34. Review ecommerce functionality
35. Confirm most recent orders and statuses
36. Confirm images are properly optimized
37.  Audit site for malware and report any flags
38. Check Core Web Vitals scores
39. Confirm Content Delivery Network configuration
40. Test caching configuration
41. Check JavaScript implementation for optimization
42. Check CSS for optimization
43. Document plugins used for SEO
44. Document plugins used for forms
45. Confirm robots are not being blocked
46. Review permalink structure
47. Confirm plugin used for transaction emails
48. Confirm use of WordPress Block Editor
49. Confirm WP REST API is restricted to authenticated users
50. Confirm XML-RPC is restricted to authenticated users
51. Confirm login attempts are limited to protect against brute force attacks