WP Audit Site

Quickly audit your WordPress website.

A helpful checklist to audit your website for formatting, WordPress specific optimization, accessibility, performance, and security.

Best used before a launch or on a schedule.

Other helpful WordPress resources

Make sure language_attributes() is set in HTML. This helps translation tools know what language your website is in, Google uses it to better rank your website, and it's helpful for folks using screen readers too.

Install an SEO plugin to make it easy to maintain and modify SEO information. Make sure you fill out all the open graph information and basic title, description, and image fields. Consider using one of the following plugins:

If you've got an SEO plugin installed and properly configured, you should be fine, but double check those tags with the meta tag checker and adjust accordingly.

  • Hey Meta – shows you how your site looks on social and what your basic meta tags have.
  • Facebook debugger – shows you exactly how your site appears on Facebook and lets you refresh Facebook's data if you've just changed it.
  • Twitter Card Validator – shows you exactly how your site appears on Twitter and lets you refresh Twitter's data if you've just changed it.

Make sure you don't have any broken links lingering on the site. A common culprit is changing slugs after a post has been published. Although WordPress auto-magically can catch a few of those, it's helpful to have a plugin that does even more:

  • Redirection – This plugin checks 404s, catches slug changes and sets automatic redirects, lets you add custom redirects, etc. It's a must-have.
  • W3C Link Checker – A non-WordPress solution to quickly check links on any page on your website.

Is your favicon set? Go to Appearance > Customize > Site Identity and set that Site Icon. It'll take care of your favicon and the app icon (in case someone saves your site to their iPhone/Android screen!).

Is your website responsive? It should be responsive! Use CSS Media queries in your code, make sure zoom is not disabled, and test your site in responsive mode with your browser Developer Tools

Did you turn off that setting WordPress General settings that discourages search engines to index the site? Not sure? Better double check!

Is your website using Gzip compression? Gzip is a way of smartly compressing data so your website loads faster. Modern browsers automatically request the Gzip version of your website first.

Most WordPress-friendly hosts already have Gzip turned on, but you should double check. If you don't have it turned on at the server level, you can use a plugin to do so:

Run your code through the HTML validator and make sure there aren't any glaring errors. Sometimes there will be errors you don't want to fix, and that's okay. Just be sure you're being intentional.

Optimizing your images, making sure they are as compressed as possible, and lazy loaded when appropriate makes a huge difference for your website speed.

  • WebP Image Support in WordPress 5.8+ – WebP is a newer image format that is far more performant and the great news it, WordPress supports it out of the box now. Click the link to learn more.
  • WebP Express – a handy plugin to convert your images to the WebP format.
  • Autoptimizer – great performance plugin with a fantastic Images section to help you lazy load, compress, and serve images from a CDN using ShortPixel.
  • Compress PNG – compress your pngs and jpegs with this handy online tool, it works fantastically.
  • TinyPNG – another fantastic online compression tool.
  • ImageOptim – Mac utility to quickly compress all image types offline.

Loading your webfonts fast and well is important. Keep those font file sizes low, only add the font styles you are using, use preconnect to load those font files quicker, and avoid the Flash of Unstyled Text and Flash of Invisible Text.

  • Preconnect fonts – how to get your fonts loading faster.
  • WebFont Loader – use this easy-to-use library to finetune the webfonts you're grabbing from different services.

You've heard it before and you'll hear it again. Use caching. There are lots of brilliant plugins out there that help. Great hosts usually provide caching of some kind as well, utilize that.

  • Autoptomize – this plugin does caching too, and does it well.
  • WP Rocket – another popular performance plugin that also does caching.

CDN = content delivery network. If you've got a big site or you want the fastest site possible, use a CDN. Your site will be cached all around the world and served to the viewer from the closest server.

  • CloudFlare – one of the most popular CDNs in the WordPress space, has a fantastic free tier.
  • Key CDN – a super affordable easy to use CDN.

Run your site through a speed test tool to check for any other glaring issues you may have missed.

If you configured an SEO plugin, you probably have one (or more). Go to yourdomain.com/sitemap.xml and make sure you have one!

Make sure you have a useful 404 template.

Helpful things to add: a search form, popular pages/articles, contact information.

There's no standard search template in WordPress, but you should create one. The ideal slug is /search so if someone needs to do a search, they can get there.

While we're on the topic, make sure search.php (the search results page) is also properly set up.

Simplest way to do this is to add the following:

body { filter: grayscale(100%); }

But there are tools to help you too!

Can you tab through everything and take the actions you want to take on your website? If you can't, fix it!

Adding this specifically, because it's often overlooked. I know we all hate the default checkboxes and radio buttons. It's totally okay to use pseudo classes to style a fancier version, but let's make sure they are keyboard accessible, yeah?

Yes, you can use borders instead of text-decoration: underline;.

"Underline your fucking links you sociopaths."— Heydon Pickering

Make sure you have a skip to content link that shows up when that link comes into focus.

Doesn't have to be super fancy. Check the source for the one on this page – super simple, takes 2 minutes to implement.

Make sure your images have alt attributes with helpful descriptions and maybe some context too.

Typically found in the footer, an accessibility statement is a fantastic way to communicate how folks can get help if they have problems using your site.

While not legally required for most websites (although if you're in the public sector, you almost certainly do need one!), having one demonstrates your commitment to accessibility and is a solid informational page to have on your website.

Lighthouse is Google's website checking tool; it tests performance, accessibility, etc. It's built into Chrome, if you don't use Chrome, PageSpeed Insights is Lighthouse in a Web UI.

If you forget your password, does your website correctly send the Rest your Password email? If you register a new user, does the website properly send the new user an email?

Different plugins and themes can sometimes create bugs and conflicts that prevent these basic emails from working. Make sure you and your users don't get locked out of the website by double checking these still work.

Every site should have website analytics turned on. Did you remember to add that to the site now that it's going live? Remember to assess what analytics tool is right the website and what other considerations you need to take into account so the website isn't breaking the law.

A lot of countries require websites to have privacy policies under various conditions. It's also just a good practice to have a place where you let people know how/why you are using your data and what they can do about it.

Every fresh install of WordPress comes with a sample privacy policy template, and there's a dedicated area in the Settings to indicate your Privacy Policy page; use it!

Using a tool to track your searchability is always a great idea. It's handy to know what keywords and phrases are leading people to your website. Combined with a good analytics tool, this gives you a lot of helpful data.

  • Google Search Console – pretty much the industry standard for free search tracking; limited to Google search.
  • Ahrefs – a pretty popular tool to track keywords and search metrics with.

Recently, Google Fonts was deemed illegal to use in a Germany court, because every time you load a font from Google Fonts, your website sends the IP address of your visitor back to Google without their explicit consent. This applies to any fonts you have hosted elsewhere (Typekit, etc). Consider locally hosting your fonts to avoid the situation entirely.

Delete all themes you aren't using, except for one default (twenty *) theme; comes in handy when you're debugging weird issues. Get rid of any plugins you don't need!

Keep all your themes and plugins updated. But make sure to backup first and ideally test your updates on a staging server first.

Use strong passwords! Advise your clients to use strong passwords too!