2020 WordPress In-Depth Pre-launch Checklist


Pre-Launch Checklist


Probably not, if you are a beginner and just starting out.

And probably not if you are a seasoned developer, designer, or agency.

But if you are somewhere between, you may find this checklist helpful.

Even if you are a seasoned veteran, it is possible you may still find something to add to your checklist.

My hope is with your help, this checklist will become a work-in-progress.

If you find any items missing (recognizing the ideal user for this list) please add your comments. Also, comment and let me know if anything is incorrect.

This list is from my experience and inspiration from other lists shared on the web.

You are more than welcome to “steal” any of this information.

In the spirit of transparency, some of the reference links may be affiliate links. I may receive a small commission if you buy something, but it will not cost you extra.  In some cases, you may actually get a better price. My goal is to help educate you with free content even if you are unable to afford my products and services.  These small commissions allow me to create more helpful content.

So here is the checklist. Each item is in a section but it may actually belong to many sections.

Note, if you click on a checkbox, more resources or explanations will appear.

1) Content

Yes you probably checked the spelling as you went along. 

But just to be sure, you can test your entire site at one time. Use this free online tool.

Also don’t forget to delete default posts, pages, comments, and image placeholders.

Note: The site spell checker will also catch any Lorem ipsum.  

Make the 404 page helpful or even funny. Have a CTA (Call to Action). Link to something useful or even a site search at the very least.

Don’t let your user see a page like this:

Ugly 404 page

A more useful 404 from Lego’s website looks like this:

Lego 404 page

Note: To see your favorite website’s 404 just type in something like https://lego.com/qeoiruuqeroi which is a page you know doesn’t exist and you will see all kinds of custom 404 pages.

A Gravatar is a Globally Recognized Avatar from Gravatar servers. WordPress has built-in support for Gravatar. You will need a wordpress.com account to set this up. Just go to https://gravatar.com/.  You can setup multiple emails using the same or different Gravatars.

When a WordPress author or commenter creates content, their Avatar/Gravatar is displayed based on the email they use. (but their email is not shown)

2) Design

Make sure you have the proper attribution required by the license or owner of the image.  For more details see How to Add Image Credits in WordPress and Best Practices for attribution

Each image requirements may be different depending on the source and license requirements.  Seek the help of a qualified internet attorney when in doubt.

Having a search bar is a good standard practice in most cases.  Being above the fold makes it easily for users.

Remember, unless something has changed, the WordPress local search function does not search the content of local PDF files.  There is a premium plugin I have used called SearchWP which will add this capability and index all PDFs unless of course they were scanned to PDF. 

Using the Chrome browser, access the Inspect tool. To the right at the top of the screen there is a little icon that toggles between portrait and landscape mode. 

Toggle between landscape and portrait mode

A better and more fun way to test is to go to BestBuy (or some other electronics store) and test your site on all the available device types. Plus, it leaves your page/site up for the next person to discover. 

Learn more about favicons.  See the following example of some of my favicons shown in the Chrome browser.  Most modern themes allow you to set the favicon in the WordPress dashboard Apperance>Customerizer under Site Identity.

Be sure it is obvious which social icons are used to follow you vs the icons to share your content.

Make sure your desktop menu does not get restricted or overlapped before you break to the hamburger menu.  Depending on the theme and/or page builder you are using, check to see if you can change in the theme customizer or create CSS @media statements in the customizer’s “Additional CSS” section or your child theme if you are already using one.

3) Functionality

Completely check all forms including confirmation and notification emails and webpages.   

I like to intentionally make mistakes in the form fields like an email without an “@” and see if the form is rejected, etc.  Also, make sure the data/information is collected as expected.

I’m not an ecommerce expert, but I would make sure data entry and transactions as well as notifications and confirmations are working as intended.

If you are using a free plugin like Download Monitor make sure the download counts are recorded properly.  You may also want to set the counters to zero after your test and before you launch.

Out of the box, WordPress uses the PHP mailer. For better email deliverability, consider using the free  plugin WP Mail SMTP and then signup for a free level to fit your needs at Send In Blue , Mailgun, or SendGrid which I have used and recommend.

You could also use Google G Suite to handle your branded email for $6/month for a basic setup.

You will need access to your DNS server records to make the necessary setup changes for any of these options.

You may decide you really don’t need to waste current (or future) real estate in your primary menu with an actual “Home” pick.  Just make sure your logo takes you home.

4) Backup & Security

Our favorite free plugin is Updraft Plus.

Note: One key difference between free backup plugins and premium backup solutions is that most of the premium backup solutions encrypt the backup file before storage and transfer.  If you have HIPAA or other critical/sensitive data requirements, make sure you satisfy all the requirements for storing data, transferring and backing up data.

Popular off-site backup locations are email, DropBox, Google Drive, Amazon D3, etc.

In addition to checking your security plugin setup, a free security audit check list is available from Wordfence.

The free Wordfence security plugin now includes Two-factor authentication if configured.

Consider using Lastpass free addition or another password manager to help with long passwords.

It doesn’t help if you have a backup and don’t know how to restore it. (unless you get outside help)

If you are using the popular and free Updraft Plus here is how.

Notification may be by email, text, or some other pre-configured choice.

If you use the free JetPack plugin, it can monitor and alert you when your site is down.

For other choices check these out.

Do you have mixed content? Check 100 pages for free. Make sure you are not using a free plugin that dynamically changes your links from http to https every time a page is requested. 

Use something like the free plugin Better Search Replace to replace “http://mydomain.com” with “https://mydomain.com”.  Don’t make the mistake I made the first time and did a replacement of “http” with “https” and ended up with a bunch of “httpss” links.

If you are using a CDN like Cloudflare make sure you have a Full (strict) connection

Make sure all of your SSL certificates are set to auto-renew at both your host and CDN.

By default when you create a new user in WordPress the username will be the default “Nickname” and “Display name publicly” unless you change it.

You don’t what to expose your usernames, so make sure you set “Display name publicly”  to something suitable for your site. 

5) Performance/Speed

End of life for version 7.1 was December 2019.  After December 2019 only PHP version 7.2 or higher are “technically” supported.  Make sure your server/host is not running on an unsupported version of PHP. 

You can keep the test results as links or screen captures. Note the speed score for Google PageSpeed Insights is now based on the lab data analyzed by Lighthouse. Don’t get hung up on the scores/grades so much, but use the data to help decrease your page load time.

There are many places you can setup caching and other performance enhancements including WordPress plugins and CDNs.  Make sure you did not duplicate features like minification (removing spaces and comments in code) and combining similar file types (CSS, JS, HTML) in multiple places like plugins and CDN, etc.

Make sure your site is a ‘true’ https site and does not use automatic plugins that dynamically rewrite HTTP to HTTPS links to eliminate Mixed Content, etc.  Do a search and replace using a simple plugin like Better Search Replace to permanently replace unsecured links and increase the performance of your site.

Also, note that some caching plugins are not allowed on some managed hosting sites.

If you are using a CDN like Cloudflare, make sure you are not in bypass when you launch but in “proxied” status and not exposing you actual website IP address.

Cloudflare Proxy Status Icons

For reference see How to Optimize Images for Web Performance 

Although there are automated solutions (services and plugins) for optimizing images, I prefer to manually use GIMP and/or TinyPNG for compressing images.  Both are free. There are many paid solutions like Adobe Photoshop which are popular with web and graphic designers. 

Always scale the image first for your design/pages and then compress. Use a performance tester like GTMetrix to see if you have done a good job with compression (and scaling).

6) SEO & Marketing

There are many ways to include your Google UA code on your pages. A simple way is to use the popular and free MonsterInsights plugin and add your UA code. To make sure a page includes the code, just do a “find /search” on the page html source code in your browser and search for “UA-“ 

Instead of MonsterInsights you may want to use the new Google Site Kit instead.  Site Kit brings summaries of Google Analytics, Search Console and other tools and makes them available in the WordPress dashboard without impacting performance of your site on the front-end.

Also, if your business has a significant number of employees, you can set up additional Goggle Analytics views that filter out employee’s actions by using IP address ranges or other methods. This way your results are not skewed by your company activities.

To setup local site search, if this is important to integrate with your Google Analytics data, go to Admin in GA then View Setting and configure the following.  

Google Analytics Site Search SettingsWhen you do a search on a WordPress site for say “laptop”, you will notice the query parameters is “s”.  For example:  mydomain.com/?s=laptop

Go to Google Search Console and navigate to “Sitemaps” to update your sitemap.  If you have free Yoast SEO it has the option to create xml. 

In most cases, you will use the name of the post (or page). Note that each page and post must have a unique slug/name when using this format.

Have you included meta descriptions that Google can display in search results?

Dont’ forget to setup breadcrumbs.  Yoast SEO can do this.

Don’t use a file name like img1234.jpg

Use something more readable (and searchable) like laptop-photo.jpg

Note: Once an image is uploaded to WordPress you can not change its name (at least not easily as of 5.3 or without a plugin)

This allows the image to display when a post or page is shared on social and also on post archive pages if the theme supports. Some WordPress themes may not use the featured image capability.

“Alt text” is displayed when an image doesn’t load. 

Alt Text Example when Image is not available

Browsers do not display the “alt” text when hovering over an image.  That requires the “Image Title Attribute”

Alt tags help display and explain images in search results.  They also help improve accessibility (screen readers).

WordPress doesn’t search PDF files locally.  If there is value to having the PDFs locally searchable, you will need a premium plugin like SearchWP.  To my knowledge, there are no “free” plugins that will index the PDFs locally.

Typically Google includes your PDF files in search results but WordPress does not.

Try the new free SEO Analyzer  . The tool may take a while depending on the number of pages, but the results and actions to take are very complete.  The tool may take a while depending on the number of pages, but the results and actions to take are very complete.

 You can also run Google Lighthouse and review the SEO portion of the report.

Explain the benefits of the your lead magnet and ask for only first name and email if possible. 

To set up redirects, you can use 

  • a free plugin like Redirection
  • modify your .htaccess file, or 
  • configure a redirect using a host provided tool like “Redirects” in cPanel.

If you uncheck this box, the search engines like Google can index your site. If you are using a plugin like SEO Yoast, it will warn you that this box is checked. 

Uncheck Search Engine Visibility

7) Final Setup & Cleanup

Remember you can always reinstall plugins and other themes if needed for testing or adding new features.  The good news (or bad news) is that most plugins retain your settings in the WordPress database even when they are deleted. 

If your web host does not provide a staging site, consider creating a subdomain like test.mydomain.com.  You can then use a plugin like Duplicator to copy your site to the testing subdomain.  You can also manually copy/move the site if you are bold. 

You may also want to consider a local development/testing site on your Mac or PC.  A good freemium choice for the Mac or PC is DesktopServer.  It is free for up to three sites.  For the PC only, I like the free tool Laragon which is fast and simple.

Use a free service like Online Broken Link Checker or many others. Don’t use plugins like Broken Link Checker or other similar plugins that use a lot of server resources. Most Managed WordPress host like WPEngine disallow these plugins.

Once your site is up and running you can use Google Search Console to find any 404 errors (broken or “dead” links). 

Use something like Akismet or maybe Antispam Bee if you are allowing comments on your blog posts.

The best way to ensure rock-solid GDPR, CCPA, and other legal compliance for your site is always to consult legal counsel who specializes in the web.  I am not a qualified resource for legal advice. 

To be clear, I am not a lawyer and nothing here should be considered legal advice.  You should seek the counsel of a qualified internet attorney.

That said, here is what I have personally concluded:  

  1. If you do business in the EU regardless of your location (US included), you must comply with the GDPR regulations.
  2. Having users access your site, say in the US, does not establish your intent to do business in the EU.
  3. If you are collecting “personally identifiable” information from a “Natural Persons” living in the EU, they are protected by GDPR.

Note: To be considered “Identifiable” we currently may not know the identity of the individual.  If we later use data collected by cookies and tracking data and associate that information with a user who provides data via a form, etc. then this data now becomes protected under GDPR if they live in the EU.

Privacy Policies specify what personal data you collect from your users.  It is mandatory if you are collecting data that is personally identify to an individual.  The data is legally protected.

We recommend you seek assistance from a qualified internet attorney regarding the content of your privacy policy.  I am not an attorney (although I thought about it years ago).

A few useful references are as follows:

Use a tool like the WAVE Website Accessibility Evaluation Tool to see how well you meet the WCAG2 Accessibility Guideline.  This will probably always be a work in progress.

Payment Card Industry Data Security Standard (PCI DSS) will help prevent credit card fraud. The requirements for accepting or processing payments can impact the host or plan you select.  A dedicated IP address is required for PCI compliance.

9) Documentation

Images may come in handy later if you decide to rescale or update.  Store locally on your computer or in the cloud. 

Make sure you have saved in a secure place (like a password manager), logins and passwords to:

  1. Website Host
  2. SFTP
  3. WordPress.com
  4. Premium Plugin Support/Licenses
  5. Premium Themes Support/Licenses.
  6. Backup Storage Host
  7. CDN
  8. Marketing Email Service Provider
  9. Domain Registrar
  10. DNS Server
  11. Etc.

1 thought on “2020 WordPress In-Depth Pre-launch Checklist”

  1. Meetup Group:
    Please give me your feedback using comments on this checklist. Comments are unmoderated at this point so they should show immediately. I am looking for comments on content basically and not design on this checklist. The target audience for this list is everyday users and site owners.
    Although it is not intended for developers, designers, and agencies, you still may find some value and make comments useful to non-developers and non-designers.
    Some possible comments might relate to:
    1. Anything important to this audience I may have overlooked.
    2. Anything listed that you think is not important.
    3. Any missing items.
    4. Any resources you would recommend I add, especially if they are free. (there are a few details missing at this point and I plan to discuss WPRocket a little since it is a great performance tool and can simplify things even though it is a premium plugin)
    5. Also if you disagree with anything I have mentioned or it is technically incorrect, please let me know.
    Note: These comments will NOT be made public outside our Meetup group.

    I’m looking forward to some real consturctive and useful feedback.
    You are certainly welcome to add any of these items to your company or personal pre-launch checklist.

Leave a Comment

Your email address will not be published. Required fields are marked *