Before start
- Screenshots and PageSpeed / GTMetic old ratings
WordPress Environment
- Comment Spam Protector
- Client users are created
- Contact Details entered
- Gravity Forms Setup Properly (reply-to, errors, key, honeypot)
- Has Plugin: Yoast SEO, Monster Insights, Login Lockdown, Security
- WP Install hardened
Custom Theme
- Website Match Design Completely
- IE and Firefox & Webkit
- Has opengraph w/ image(s)
- Has Apple-touch-icon and favicon
- iPhone Clickthrough
- Tablet Clickthrough
- Sub-pages drop down styles
- 404 Page
- Search AOK
Code & Quality Check, A+ Extra\’s
- @TODOs clear, code is clean and doc
- no js errors on use script, or css warnings
- Has readme.txt robots.txt sitemap.xml
- Google Insights > 85%
- GTmetrix.com / Yslow score > A
- remove any cache breakers like ?v=time()
- google fonts src included and non-local usage
Hardening & Customizing WordPress
- login-logo.png
- /wp-content/ is writable without being 0777
- Use SFTP when connecting
- wp_ isn’t database prefix
- /phpsecurity/ check
- .HTACCESS: order allow,deny deny from all
- .HTACCESS: IndexIgnore / , Block the include-only files
- .HTACCESS: 5G BLACKLIST/FIREWALL
- DNS Zone Created, wild card and www A records included
- MX Records Added to Zone
- Site added to apache /sites-available/
- Site exempt from sendmail.mc
- Verified server still sends mail from self
- Set Primary domain in WordPress Domain Mapping
- Add Lets Encrypt SSL, force SSL
- After Screenshots
- Website backed up and dev server/sql cleaned
- Print Passwords for backup
- Setup and install Google Analytics number
- Optional: Twitter Card Submitted
- Webmaster tools
- Created .zip Export / backup
- Deleted DNS Zone
- Ensured not on registar, if is, set forwards there
- Deleted from Apache sudo a2dissite /etc/apache2/sites-available/{.conf}
- Removed domain map record
- Removed from WordPress
- Deleted WordPress Users
- Removed any htaccess rewrites/exceptions
- Removed theme and upload dirs