Baseline Tech Specs
The basic audit template covers some basic technical stats so we can get a bird eye view of how well the site is put together. There are some tools and plugins that can help us preform the audit, but much is done by manual code review. We want to have a basic understanding of the client's website so we can come up with quick and informed plans for improvements.
When we rank something red or yellow we need explanations of what these ratings mean in the Notes section. We will also need to change our default recommendations if, for instance, a multisite is a good solution for a client's needs.
Site Audit Template is HERE
Section 1: Basic WordPress Audit
| Item | How to find |
| Tools | |
Version Control | Go to the webroot and run "git version" |
WP-CLI | Try running wp cli in the webroot; if it exists, "wp --info" |
| Directory Structure | |
Files Directory Size | Run "du -h wp-content/uploads"; this gives you total size at the bottom along with size on other directories/files. May be |
Database Size | Run "mysqldump -uusername -ppassword databasename > db_backup.sql" then "du -h db_backup.sql" or Run the following query that lists the sizes of all the available databases. SELECT table_schema AS "Database", ROUND(SUM(data_length + index_length) / 1024 / 1024, 2) AS "Size (MB)" FROM information_schema.TABLES GROUP BY table_schema; |
Other “Files Directories” | See if any other large files exist in the codebase; particularly in the root of the codebase. |
Codebase Structure | Are there non-standard directories? Is all custom code in wp-content/themes/themename (or appropriate multisite directories)? |
Multisite | Check for subdomains or subdirectories |
| Codebase | |
Plugin Codebase Quality | How many plugins are in use? (the fewer the better, typically) |
Theme Codebase Quality | Is the theme up to date? |
Uses Child Theme | Is the site using a child theme of the enabled theme? |
| Custom Codebase Quality | Check custom codebase for WordPress Best Practices |
Security | |
|---|---|
| Site Users | Check site users. Are there many site administrators? Is there an "admin" user? (if so recommend this user be deleted with content assigned elsewhere) |
| Security Plugins | Any security plugins installed? WordFence, Sucuri, iThemes Security, All In One WP Security & Firewall might be good options |
| Update Status | Are plugins, themes, WP core up to date? |
| SEO | |
| https | Is SSL installed? |
| Header tags | Are they written properly? Are they in the proper order? |
| Social sharing | Using proper tags and setup for social sharing? |
| Broken links | Can use Broken Link Checker Plugin to check on broken links |
| Google Analytics | Is GA installed? Take a look at Analytics account setup |
| Plugins | Yoast SEO is a popular and easy to use Plugin for adding metatags, etc. |
| A11y | |
If you turn off CSS is the site legible? | |
| Performance | |
| Caching | Any caching plugins in use? W3 Total Cache and others can sometimes be appropriate but other times cause more trouble than they're worth. Check caching options offered by the host. |
| CDN | Check for CDN if it would be helpful |
| Server Response | This will vary between requests; for a quick idea, load the page in question with the Network tab open and the browser cache disabled and see how long it takes for the initial request of the HTML document to be returned. |
| Google Page Speed | What's the PageSpeed Insights score for the URL you're investigating? Use the mobile speed and the desktop |
| Image Optimization | Is the site effectively using image styles to make sure that images are an appropriate size? Bonus points if they |
Front-End performance
A lot of drain can happen on the front end, and this can vary per browser. Lots of calls to external JS or iFrames can really slow things down.
A speed test is the best place to start:
Deeper Technical Audit
DRAFT - MATERIAL NEEDS WORK
Some clients who have specific concerns or have a technical background may require further research. Here are some resources that may assist in preparing audits for them:
- Benchmarking with AB and Siege
- Google PageSpeed
- Basic Performance Audit Template
- Performance + Code Audit Template
Resources
Section 2: Custom Code Review
Server Audit:
| Item | How To Find |
| Basic | |
| Web Server | Check the admin/reports/status for Web Server. If Apache, run this to get exact version: /usr/local/apache/bin/httpd -v If Nginx, run: nginx -v |
Database | mysql --version |
PHP Version | php --version |
PHP Memory Limit | php -r "phpinfo();" | grep "memory_limit" |
| Security | |
SSH Access | Examine the hosting service; most services do have this. |
SSH Key | Make sure they are using SSH keys for accounts instead of or in addition to a password. |
| Performance | |
Reverse Proxy | Ex: Varnish. On some Linux Distros you can see if varnish exists by running service --status-all On CentOS and other similar Linux Distros, you can check /usr/sbin for services. Or Run: /usr/sbin/varnishd -V Otherwise, may have to examine the service plan. |
Key-Value Store | Ex: Memcache/Redis: service --status-all Also, you can check the modules page and see if memcache / redis is installed and configured properly. |
Apache Solr | service --status-all OR examine Drupal search settings (should have Apachesolr module and/or Search API) drush pml --no-core --type=module --status=enabled | grep solr |
OpCode Cache | Ex: APC.: service --status-all Also running php -v will give you something like: # php -v PHP 5.5.23 (cli) (built: Apr 2 2015 16:21:21) Copyright (c) 1997-2015 The PHP Group Zend Engine v2.5.0, Copyright (c) 1998-2015 Zend Technologies with the ionCube PHP Loader v4.6.1, Copyright (c) 2002-2014, by ionCube Ltd., and with Zend OPcache v7.0.4-dev, Copyright (c) 1999-2015, by Zend Technologies The last line will tell you the APC/OPCache |