Before launching a new WordPress site, run through this checklist to ensure everything is properly configured. A single InspectWP scan can verify most of these items automatically.
Security
- SSL certificate installed and working
- HTTP redirects to HTTPS (301)
- Security headers configured (HSTS, X-Frame-Options, CSP, etc.)
- WordPress, plugins, and themes fully updated
- Default "admin" username changed
- Strong passwords on all accounts
- XML-RPC disabled if not needed
- REST API user endpoint restricted
- File editing disabled in admin
- debug.log not publicly accessible
SEO
- XML sitemap created and submitted to Google Search Console
- robots.txt configured (not blocking important content)
- "Discourage search engines" is UNCHECKED in Settings → Reading
- Meta descriptions set for all important pages
- One H1 tag per page with proper heading hierarchy
- Canonical tags present
- JSON-LD structured data added
- Open Graph tags for social sharing
- Permalinks set to a SEO-friendly structure
Performance
- Caching plugin installed and configured
- Gzip or Brotli compression enabled
- Images optimized (compressed, WebP, lazy loading)
- HTTP/2 enabled
- No unnecessary plugins installed
- Core Web Vitals passing (LCP, INP, CLS)
GDPR & Privacy
- Cookie consent banner installed
- Google Fonts hosted locally
- Gravatar disabled or consent-based
- Privacy policy page published
- Imprint / Legal notice (required in Germany/Austria)
- No external resources loading without consent
Functionality
- All links working (no 404s)
- Contact forms sending emails correctly
- Mobile responsive design tested
- Cross-browser testing (Chrome, Firefox, Safari)
- Backup solution configured
- Analytics set up (with consent)
Run an InspectWP Scan
Before going live, run a comprehensive InspectWP scan on your site. It checks security headers, SSL, WordPress configuration, SEO meta tags, performance metrics, GDPR compliance, and much more in a single scan — giving you a complete overview of your site's health.