Deployment Checklist for WordPress
- Do a last check with W3C Validator to make sure that there is no important errors in your code.
- Check the console of your browser's developer tools to make sure that no javascript errors exist in your code.
- Do a last check of your site's responsiveness to make sure that it adapts properly on different devices.
- Review Cross-Browser Compatibility.
- If you need to be WCAG compliant, make sure that your site passes the tests of achecker and Wave.
- Make sure that your live site’s environment contains a recent version of PHP and MySQL, in compliance with WordPress’ recommendations.
- If you used a ridiculously easy password on your staging/local environment, make sure that you change it before going live. This applies for both the database and the Admin.
- Make sure that an SSL certificate is installed and your site is properly served from https.
- Run a database search and replace to replace all references of the staging/local URL with the live one. WP-CLI is your friend on that.
- Make sure that no PHP errors, warnings or notices appear when WP_DEBUG is on.
- Edit wp-config.php and set WP_DEBUG to false and WP_ENVIRONMENT_TYPE to "live".
- Go to Settings / Reading and make sure that you have turned off the setting “Discourage search engines from indexing this site” under “Search Engine Visibility”.
- Make sure that your site's title and tagline are properly set. You wouldn't want it to say "This is another WordPress blog" when you go live.
- Make sure that you have set the optimal permalink structure.
- Make sure that you have set the appropriate timezone and date/time format and that it matches the server's. Otherwise, scheduled posts and other events might not run on the correct time.
- Clean up any demo content and dummy data.
- Do a last content check to make sure that there are no spelling mistakes and all links lead to a valid destination. If you want to be thorough, make sure that your content follows as many of the tips on writing for the Web as possible.
- Make sure that you have added a favicon.
- Set up a print stylesheet.
- If you display email addresses, make sure that you obfuscate them with antispambot() to prevent spam.
- If you have comments or forms, it would be good to have some antispam protection like Akismet or reCAPTCHA.
- Make sure that you have a 404 page and that it looks as expected.
- Make sure that everything is updated to their most recent version, including WordPress core, plugins and themes.
- Make sure that no inactive or unnecessary plugins exist. If there are, remove them.
- Make sure that your site's folder is clean of unnecessary data (e.g. zip files, database dumps, import folders that are no longer needed).
- Double-check the site's folder permissions one last time.
- Run the WordPress site health check and make sure that there are no important issues.
- Make sure that all forms work as expected and that email notifications are being send to the correct recipients.
- Make sure that you have entered the correct (production) API keys for premium plugins, Google maps and any other third-party service.
- Verify that all images have been purchased and/or that you have the proper rights to use them on your website.
- Make sure that your site is secure. Install and configure a security plugin if you don't want to do everything manually.
- Make speed improvements, either directly on server or by installing and configuring some caching plugin. Test your site with PageSpeed Insights, Pingdom, GTmetrix, WebPageTest and make sure that you fix all the issues that are in your power to be fixed.
- Install and configure a GDPR plugin. In relation to that, make sure that all of your forms include a consent checkbox linking to the site's terms of use.
- Create an account for the client and make sure that you give them the appropriate privileges. Editor's role should be fine for most cases. If they need an Admin account, create it for them but warn them that they should avoid it for everyday use.
- Take some time to make the admin environment friendlier for the client: hide unnecessary options from the editors and keep only what they actually need to see.
- If you use some mechanism for automatic backups and updates, don't forget to set it up and configure.
- Convert your website into a Progressive Web App.
- Investigate if Google Analytics, Facebook Pixel or any other tracking code needs to be installed.
- Add the site to Google Console.