Spinning up a WordPress site is very easy nowadays, and you can start publishing your blog posts within minutes with preconfigured hosting servers and quick deployment tools. But every site needs some basic requirements to be met if you are aiming for a well-established blogging platform.

In this exclusive site checklist, we are sharing the most important details you should take into consideration before moving forward with your publishing business. This site audit checklist will provide you with an in-depth analysis to inspect and address any possible issues with your site. This checklist is an outcome of 10+ years of experience in WordPress development.

Note. This checklist is still under development. It will include more than 50 key points and will be a one-stop resource for site owners to check their sites. Don’t forget to bookmark this checklist for future access.

Critical Failures

Homepage of the site loads without any errors. Your site must load without any errors on the Network tab. The response status code should be 200. It must not create any errors on the Console log.

Single post/page loads without any errors. Similar to the homepage test, your single post or page must load without any errors on both the Network tab and the Console log. Any single page or post must return a 200 or 301 response status code. Any errors above 400 (404 or 500 errors are common) must be resolved immediately.

Archive pages load without any errors. Similar to both items above, all your category or post tag archives must load without any errors. If you are running Woocommerce you should also check product archive pages for errors.

Sitemap.xml exists and is generated successfully. Your site must have a sitemap.xml or sitemap_index.xml and it must be generated successfully. You can easily check this by entering the sitemap.xml at the browser address bar. If you are getting a 404 error or any other issues, you must address this issue to get your site up.

wp-config Critical Items

WP_DEBUG must be false. WP_DEBUG is not meant for production. It can cause critical security issues on your site. Thus, WP_DEBUG must be false at any time. I generally use the following code on wp-config to set it to false.

define( 'WP_DEBUG', false );
define( 'WP_DEBUG_LOG', false ); 
define( 'WP_DEBUG_DISPLAY', false );



wp-config Recommendations

Set DISALLOW_FILE_EDIT to True. You must not allow file edits on the admin interface for any production site. This is a handy feature if you have a personal blog and like playing around with code. But it is dangerous to have that feature enabled on production sites. Because it can break your theme or plugins when you miss a semi-colon on your code.

Disable WordPress cron and set up a cron job on CPanel. If you don’t have CPanel on your hosting, this is not an easy task on your side. If you have it, however, you can disable wp-cron and add a cron job yourself to prevent cron job delays. In order to disable wp-cron you need to add the following code to your wp-config.

define( 'DISABLE_WP_CRON', true );

WordPress Settings

Permalink Structure. Check and set your permalink structure to “Post Name” or “/%postname%/”. This helps create clean and descriptive URLs for your pages and posts. Read More


Off-site SEO Steps

The site is added to Search engines. Your site must be added to Google Search Console and Bing Webmaster Tools. This way your site will be indexed by the most popular search engines. If you do not add your site to those tools, your site may still be indexed. But it will take longer for search engines to discover your site.

Sitemap is submitted to Search engines. You must also submit your correct sitemap address to search engines to help them find your content easily. Make sure you are submitting the root index and any extra sitemaps which are not discoverable by the root itself.


Performance Tips

Disable REST API. REST API is not used on the front end most of the time. It is generally used on the backend by plugins or editors like Gutenberg. But on the front end, you can disable this feature without any adverse effects.

Security Tips

Disable file editing on the admin interface. Disabling the file editing on the WordPress admin dashboard will make your site more secure. Use the following code in the wp-config.php file to disallow file edits.

define( 'DISALLOW_FILE_EDIT', true );