Table of Contents |
---|
...
Section 1: Basic WordPress Audit
Item | How to find | ||
Tools | |||
Version Control | Go to the webroot and run "git version" | ||
WP-CLI | Try running wp cli in the webroot; if it exists, "wp --info" | ||
Directory Structure | |||
Files Directory Size | Run "du -h wp-content/uploads"; this gives you total size at the bottom along with size on other directories/files. May be | ||
Database Size | Run "mysqldump -uusername -ppassword databasename > db_backup.sql" then "du -h db_backup.sql" or Run the following query that lists the sizes of all the available databases.
| ||
Other “Files Directories” | See if any other large files exist in the codebase; particularly in the root of the codebase. | ||
Codebase Structure | Are there non-standard directories? Is all custom code in wp-content/themes/themename (or appropriate multisite directories)? | ||
Multisite | Check for subdomains or subdirectories | ||
Codebase | |||
Plugin Codebase Quality | How many plugins are in use? (the fewer the better, typically) | ||
Theme Codebase Quality | Is the theme up to date? | ||
Uses Child Theme | Is the site using a child theme of the enabled theme? | ||
Custom Codebase Quality | Check custom codebase for WordPress Best Practices | ||
CMS configurations | Has the admin dashboard menu been customized? Would cleanup improve ease of use for content editors? Has the WYSIWYG been customized? Are they using a Page Builder of some kind (not preferred, but often | ||
Security | |||
---|---|---|---|
Site Users | Check site users. Are there many site administrators? Is there an "admin" user? (if so recommend this user be deleted with content assigned elsewhere) Do they have different user roles setup? | ||
Restricted Access | Any password-protected areas of the site? Are login forms secure? | ||
Security Plugins | Any security plugins installed? WordFence, Sucuri, iThemes Security, All In One WP Security & Firewall might be good options | ||
Update Status | Are plugins, themes, WP core up to date? | ||
PHP version | Are they using PHP 7+?
| ||
SEO | |||
https | Is SSL installed? | ||
Header tags | Are they written properly? Are they in the proper order? | ||
Social sharing | Using proper tags and setup for social sharing? | ||
Broken links | Can use Broken Link Checker Plugin to check on broken links | ||
Google Analytics | Is GA installed? Take a look at Analytics account setup | ||
Plugins | Yoast SEO is a popular and easy to use Plugin for adding metatags, etc. | ||
A11y | |||
If you turn off CSS is the site legible? | |||
Performance | |||
Server Response | This will vary between requests; for a quick idea, load the page in question with the Network tab open and the browser cache disabled and see how long it takes for the initial request of the HTML document to be returned. | ||
Google Page Speed | What's the PageSpeed Insights score for the URL you're investigating? Use the mobile speed and the desktop | ||
Image Optimization | Is the site effectively using image styles to make sure that images are an appropriate size? Bonus points if they | ||
Load testing | Blazemeter is an option for load testing. Pantheon guide to testing with Blazemeter. | ||
CDN | Check for CDN if it would be helpful | ||
Caching | Any caching plugins in use? W3 Total Cache and others can sometimes be appropriate but other times cause more trouble than they're worth. Check caching options offered by the host. |
Front-End performance
A lot of drain can happen on the front end, and this can vary per browser. Lots of calls to external JS or iFrames can really slow things down.
A speed test is the best place to start:
Yslow is a browser extension you can install that can provide stats and recommendations for performance improvements.
Deeper Technical Audit
Status | ||||
---|---|---|---|---|
|
Some clients who have specific concerns or have a technical background may require further research. Here are some resources that may assist in preparing audits for them:
- Benchmarking with AB and Siege
- Google PageSpeed
- Basic Performance Audit Template
- Performance + Code Audit Template
Resources
Example Audits
...
The client may not understand the technical nuance of the website creation service we do at Kalamuna and the website hosting. They may erroneously view Kalamuna as being responsible for their web server issues.
WordPress Code Structure
WordPress offers a lot of flexibility with how themes and plugins are structured code-wise. This is both positive and negative. This flexibility can allow a WordPress site to technically function and work while being very fragile and difficult to extend (adjust or add new features). On the contrary, a WordPress theme or plugin can have excellent architecture which makes adding or adjusting features and functionality easy. It is very important to determine what kind of project Kalamuna is taking on as early as possible. There are many plugins available that can allow a novice website editor to make structural and styling changes directly from the WordPress admin. These types of plugin can result in fragile and confusing architecture. If a WordPress website has any of the following plugins installed (this is not a complete list, but a list of some of the more popular plugins) it should be viewed as a red flag:
- Custom Post Type UI
- WCK Custom Post Types and Custom Fields Creator
- Pods
- Toolset Types/Views
- Custom Post Type Maker