Quickly audit your WordPress website.
A helpful checklist to audit your website for formatting, WordPress specific optimization, accessibility, performance, and security.
Best used before a launch or on a schedule.
A helpful checklist to audit your website for formatting, WordPress specific optimization, accessibility, performance, and security.
Best used before a launch or on a schedule.
Make sure language_attributes()
is set in HTML. This helps translation tools know what
language your website is in, Google uses it to better rank your website, and it's helpful for folks
using screen readers too.
Install an SEO plugin to make it easy to maintain and modify SEO information. Make sure you fill out all the open graph information and basic title, description, and image fields. Consider using one of the following plugins:
If you've got an SEO plugin installed and properly configured, you should be fine, but double check those tags with the meta tag checker and adjust accordingly.
Make sure you don't have any broken links lingering on the site. A common culprit is changing slugs after a post has been published. Although WordPress auto-magically can catch a few of those, it's helpful to have a plugin that does even more:
Is your favicon set? Go to Appearance > Customize > Site Identity and set that Site Icon. It'll take care of your favicon and the app icon (in case someone saves your site to their iPhone/Android screen!).
Is your website responsive? It should be responsive! Use CSS Media queries in your code, make sure zoom is not disabled, and test your site in responsive mode with your browser Developer Tools
Did you turn off that setting WordPress General settings that discourages search engines to index the site? Not sure? Better double check!
Is your website using Gzip compression? Gzip is a way of smartly compressing data so your website loads faster. Modern browsers automatically request the Gzip version of your website first.
Most WordPress-friendly hosts already have Gzip turned on, but you should double check. If you don't have it turned on at the server level, you can use a plugin to do so:
Run your code through the HTML validator and make sure there aren't any glaring errors. Sometimes there will be errors you don't want to fix, and that's okay. Just be sure you're being intentional.
Optimizing your images, making sure they are as compressed as possible, and lazy loaded when appropriate makes a huge difference for your website speed.
Loading your webfonts fast and well is important. Keep those font file sizes low, only add
the font styles you are using, use preconnect
to load those font files
quicker, and avoid the Flash of Unstyled Text and
Flash of Invisible Text.
You've heard it before and you'll hear it again. Use caching. There are lots of brilliant plugins out there that help. Great hosts usually provide caching of some kind as well, utilize that.
CDN = content delivery network. If you've got a big site or you want the fastest site possible, use a CDN. Your site will be cached all around the world and served to the viewer from the closest server.
The more files you have and the bigger they are, the more HTTP requests you'll have. So minimize those files and get rid of anything unnecessary.
Run your site through a speed test tool to check for any other glaring issues you may have missed.
If you configured an SEO plugin, you probably have one (or more). Go to
yourdomain.com/sitemap.xml
and make sure you have one!
Make sure you have a useful 404 template.
Helpful things to add: a search form, popular pages/articles, contact information.
There's no standard search template in WordPress, but you should create one. The ideal slug
is /search
so if someone needs to do a search, they can get there.
While we're on the topic, make sure search.php
(the search results page) is also
properly set up.
Simplest way to do this is to add the following:
body { filter: grayscale(100%); }
But there are tools to help you too!
Can you tab through everything and take the actions you want to take on your website? If you can't, fix it!
Adding this specifically, because it's often overlooked. I know we all hate the default checkboxes and radio buttons. It's totally okay to use pseudo classes to style a fancier version, but let's make sure they are keyboard accessible, yeah?
Yes, you can use borders instead of text-decoration: underline;
.
"Underline your fucking links you sociopaths."— Heydon Pickering
Make sure you have a skip to content link that shows up when that link comes into focus.
Doesn't have to be super fancy. Check the source for the one on this page – super simple, takes 2 minutes to implement.
Make sure your images have alt
attributes with helpful descriptions and maybe some
context too.
Typically found in the footer, an accessibility statement is a fantastic way to communicate how folks can get help if they have problems using your site.
While not legally required for most websites (although if you're in the public sector, you almost certainly do need one!), having one demonstrates your commitment to accessibility and is a solid informational page to have on your website.
Lighthouse is Google's website checking tool; it tests performance, accessibility, etc. It's built into Chrome, if you don't use Chrome, PageSpeed Insights is Lighthouse in a Web UI.
If you forget your password, does your website correctly send the Rest your Password email? If you register a new user, does the website properly send the new user an email?
Different plugins and themes can sometimes create bugs and conflicts that prevent these basic emails from working. Make sure you and your users don't get locked out of the website by double checking these still work.
Are your forms properly capturing and submitting? Different plugins and themes can sometimes create bugs and conflicts that prevent forms from working. It happens more than you know. Make sure your getting the submissions from your users!
Every site should have website analytics turned on. Did you remember to add that to the site now that it's going live? Remember to assess what analytics tool is right the website and what other considerations you need to take into account so the website isn't breaking the law.
A lot of countries require websites to have privacy policies under various conditions. It's also just a good practice to have a place where you let people know how/why you are using your data and what they can do about it.
Every fresh install of WordPress comes with a sample privacy policy template, and there's a dedicated area in the Settings to indicate your Privacy Policy page; use it!
Using a tool to track your searchability is always a great idea. It's handy to know what keywords and phrases are leading people to your website. Combined with a good analytics tool, this gives you a lot of helpful data.
Recently, Google Fonts was deemed illegal to use in a Germany court, because every time you load a font from Google Fonts, your website sends the IP address of your visitor back to Google without their explicit consent. This applies to any fonts you have hosted elsewhere (Typekit, etc). Consider locally hosting your fonts to avoid the situation entirely.
Let's Encrypt exists! It's free! If your host doesn't support it, change hosts.
You should have regular backups of your website and regular off-site backups of your website. Backups on your normal server won't be of any help to you if your server crashes.
Keeping your WordPress installation updated is a big part of keeping your site safe!
Keep your site safe from a common brute force attack: don't use the username admin.
Delete all themes you aren't using, except for one default (twenty *) theme; comes in handy when you're debugging weird issues. Get rid of any plugins you don't need!
Keep all your themes and plugins updated. But make sure to backup first and ideally test your updates on a staging server first.
Use strong passwords! Advise your clients to use strong passwords too!
Super helpful, can stop lots of attacks in their tracks.
Depending on the complexity and sensitivity of your website, you may want to consider using a security plugin.