Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...

Section 1: Basic WordPress Audit


ItemHow to find
Tools

Version Control

Go to the webroot and run "git version"

WP-CLI

Try running wp cli in the webroot; if it exists, "wp --info"
Directory Structure

Files Directory Size

Run "du -h wp-content/uploads"; this gives you total size at the bottom along with size on other directories/files. May be

Database Size

Run "mysqldump -uusername -ppassword databasename > db_backup.sql" then "du -h db_backup.sql"

or

Run the following query that lists the sizes of all the available databases.

Code Block
SELECT table_schema AS "Database", 
ROUND(SUM(data_length + index_length) / 1024 / 1024, 2) AS "Size (MB)" 
FROM information_schema.TABLES 
GROUP BY table_schema;


Other “Files Directories”

See if any other large files exist in the codebase; particularly in the root of the codebase.

Codebase Structure

Are there non-standard directories? Is all custom code in wp-content/themes/themename (or appropriate multisite

directories)?
Are styles and libraries organized properly and extendable?

Multisite

Check for subdomains or subdirectories
 Codebase

Plugin Codebase Quality

How many plugins are in use? (the fewer the better, typically)
Are they up to date?
Any custom plugins? Are they coded using best practices?
Are the plugins in use well maintained/updated for security frequently? Do they have high ratings? Many installs?
Are they compatible with latest version of WP?
Run WordFence plugin if possible. Make sure to check the boxes in options to scan themes and plugins as well

Theme Codebase Quality

Is the theme up to date?
Was the Parent theme built by a well-respected developer? (If 3rd Party, Many installs, high ratings, well maintained)
Run
WordFence plugin if possible. Make sure to check the boxes in options to scan themes and plugins as well.

Uses Child Theme

Is the site using a child theme of the enabled theme?

Custom Codebase Quality

Check custom codebase for WordPress Best Practices 
Do templates contain complex PHP? PHP coding standards
Is JS written properly? JavaScript coding standards
Is the site responsive?
Are images sized correctly?
is the Code legible? Will various developers be able to read it?
Are there any patches? Are the patches well documented?
Are they using Custom post types? How many? Are they being used properly/Is it clear how each is used? Are they
using a Plugin, such as Advanced Custom Fields or something else for this? 
Are they making use of taxonomies? (post type name > categories). 

CMS configurations

Has the admin dashboard menu been customized? Would cleanup improve ease of use for content editors?

Has the WYSIWYG been customized? Are they using a Page Builder of some kind (not preferred, but often
included with paid themes)

Are there any obvious improvements that could be made to the content editor experience?

Security


Site UsersCheck site users. Are there many site administrators? 
Is there an "admin" user? (if so recommend this user be deleted with content assigned elsewhere)
Do they have different user roles setup?
Restricted AccessAny password-protected areas of the site?
Are login forms secure?
Security PluginsAny security plugins installed?
WordFence, Sucuri, iThemes Security, All In One WP Security & Firewall might be good options
Update StatusAre plugins, themes, WP core up to date?
PHP version

Are they using PHP 7+? 

Code Block
php --version


SEO
https

Is SSL installed?
Does site default to https (check site Settings > General for WP Address and Site Address)
Are they getting mixed media errors?

Header tagsAre they written properly? Are they in the proper order?
Social sharingUsing proper tags and setup for social sharing?
Broken linksCan use Broken Link Checker Plugin to check on broken links
Google AnalyticsIs GA installed?
Take a look at Analytics account setup
PluginsYoast SEO is a popular and easy to use Plugin for adding metatags, etc.
A11y

If you turn off CSS is the site legible?
Are images using alt tags properly?
Is color contrast correct?
Can you use a keyboard to navigate the site?
Can you use a text browser (Lynx)?

Performance
Server ResponseThis will vary between requests; for a quick idea, load the page in question with the Network tab open and
the browser cache disabled and see how long it takes for the initial request of the HTML document to be
returned.
Google Page Speed

What's the PageSpeed Insights score for the URL you're investigating? Use the mobile speed and the desktop
speed (mobile/desktop) in the audit.

Image Optimization

Is the site effectively using image styles to make sure that images are an appropriate size? Bonus points if they
have a system in place to handle responsive images.

Load testingBlazemeter is an option for load testing. Pantheon guide to testing with Blazemeter.
CDNCheck for CDN if it would be helpful
CachingAny caching plugins in use? W3 Total Cache and others can sometimes be appropriate but other times cause more
trouble than they're worth. Check caching options offered by the host.

Front-End performance

A lot of drain can happen on the front end, and this can vary per browser. Lots of calls to external JS or iFrames can really slow things down.

A speed test is the best place to start:

http://www.webpagetest.org/


Yslow is a browser extension you can install that can provide stats and recommendations for performance improvements.

Deeper Technical Audit

Status
colourYellow
titleDraft - Material Needs Work

Some clients who have specific concerns or have a technical background may require further research. Here are some resources that may assist in preparing audits for them:

Resources

Google Network Tab Docs

Example Audits

...

The client may not understand the technical nuance of the website creation service we do at Kalamuna and the website hosting. They may erroneously view Kalamuna as being responsible for their web server issues. 

WordPress Code Structure

WordPress offers a lot of flexibility with how themes and plugins are structured code-wise. This is both positive and negative. This flexibility can allow a WordPress site to technically function and work while being very fragile and difficult to extend (adjust or add new features). On the contrary, a WordPress theme or plugin can have excellent architecture which makes adding or adjusting features and functionality easy. It is very important to determine what kind of project Kalamuna is taking on as early as possible. There are many plugins available that can allow a novice website editor to make structural and styling changes directly from the WordPress admin. These types of plugin can result in fragile and confusing architecture. If a WordPress website has any of the following plugins installed (this is not a complete list, but a list of some of the more popular plugins) it should be viewed as a red flag:

  • Custom Post Type UI
  • WCK Custom Post Types and Custom Fields Creator
  • Pods
  • Toolset Types/Views
  • Custom Post Type Maker