Wordpress Checklist

From Officience
Jump to: navigation, search

Setting

  • Setting up Permalinks
  • Activate Askimet
  • Deactivate comments
  • Add a Gravatar
  • Change default category from “Uncategorized” to something else (e.g. “News”)
  • Create archive-, tag-, and category-specific layouts/pages
  • Change the author of all posts, pages, and CPTs to be authored by the Client’s User(s), not your own Administrator User
  • Delete unnecessary / inactive users, as appropriate
  • Make sure all WordPress default posts, pages, and comments are trashed or permanently deleted
  • delete unnecessary Widgets from the Inactive Widgets area
  • Verify General Settings are as desired (e.g. www or non-www, new user registration, Timezone, etc.)
  • Delete WordPress default links and link categories

SEO

  • XML Sitemap support – submit your sitemap to Google and Bing and improve your SEO
 Ex: All in One SEO Pack, YOAST
  • Google Analytics support
  • Support for Custom Post Types on SEO
  • Automatically optimizes your titles for Google and other search engines
  • Generates META tags automatically
  • Avoids the typical duplicate content found on WordPress blogs
  • For beginners, you do not even have to look at the options, and it works out-of -the-box . Just install.
  • Install Analytics
 - If your website is running, it is necessary to know what your visitors interested and where they come from. To do this you need a software. The best known isGoogle Analytics.
  • Create a robots.txt file
  • Turn on WordPress’ “visible to search engines” setting

Security

  • Always use the latest version of WordPress
  • Do not use “admin” as a user, but choose a personal user name
  • check integration with third party software and services
  • If site has an SSL certificate, force SSL login/admin and resolve insecurely-loaded assets. If no SSL, consider adding a secure login alternative like Facebook.
  • Check that you have the latest version of all plugins
  • Check that your login is secured
 Install a two-factor authentication WordPress plugin like Clef or Duo Security.
 Install a brute force attack prevention plugin like BruteProtect.
 Check that you have strong passwords
 If you’re using passwords to log in to your WordPress installation, enable HTTPS on your site and force HTTPS logins at all times.
  • Check that you there’s no account named admin on your install
 If you have an admin account, create a new administration account and delete admin.
  • Check that you’re accessing your WordPress installation for development in a secure way
 Ensure that you always use SFTP or SSH to access your server remotely. Never use FTP.
  • Check that your database is secure
 Make sure you’re not using the default `wp_` table prefix.
  • Check that you have a secure .htaccess file
 1. Secure wp-includes by adding these lines to your .htaccess file.
 2. Secure your wp-config.php by adding these lines to your .htaccess file.
  • Check that you have disabled file editing
 Add the line `define(‘DISALLOW_FILE_EDIT’, true);` to your wp-config.php file.
  • Check file permissions
 wp-config.php
 Desired: 400
 Fallback: 440, 600, 640
 uploads folder
 Desired: 755
 Fallback: 766, 777 (not recommended)
 .htaccess files
 Desired: 400
 Fallback: 440, 444, 600, 640
  • Delete readme.html and install.php
  • Add blank index.php files where needed
 wp-includes
 wp-content
 wp-content/plugins
 wp-content/themes
 wp-content/uploads
  • Move wp-config.php file outside the web root folder
 The wp-config.php file is a very important configuration file. It contains a lot of sensitive information about your WordPress site, like your database information for example.
 WordPress will automatically look for this file in the folder above the WordPress root folder if it does not exist in the root folder. Moving this file out of the public_html folder 
 means the file will not be accessible from the Internet.
  • Create secret keys
 define('AUTH_KEY', 'put your unique phrase here');
 define('SECURE_AUTH_KEY', 'put your unique phrase here');
 define('LOGGED_IN_KEY', 'put your unique phrase here');
 define('NONCE_KEY', 'put your unique phrase here');

TEMPLATE

  • Browser testing
  • Device compatibility
  • Validate your code
 using the W3C's validato
  • Test site Search functionality
  • Verify favicon displays on IE (might need .ico version) and non-IE browsers
  • Delete unused themes, except a fallback like Twenty ____
  • Create essential pages
 Home Page, About page, Product page, Sigle
  • Verify the theme’s (not the server’s) 404 page works and is designed as desired
  • Make sure all images have captions and that they look good
  • Make sure video embeds work as desired

Plugin

  • Deactivate development plugins, like Action Map / CSS Map; testing code, scripts, and dummy content; and SSL testing plugins
  • Delete unnecessary plugins

Maintenance Mode

  • It is best to turn on Maintenance mode for 15 – 20 minutes that it may take you to make sure that everything is working properly.

Updating WordPress to Latest Version

  • Check Requirements
 PHP 5.2.4 or greater
 MySQL 5.0 or greater
 The mod_rewrite Apache module
  • Check & Update Themes & Plugins
  • Backup WordPress
  • Updating WordPress
Retrieved from "http://wiki.officience.com/index.php?title=Wordpress_Checklist&oldid=43"