How to do a WordPress audit in 26 steps

WordPress audit checklist

Have you just taken over an existing WordPress site from your developer or even another business?

If the site has not been built correctly, you might find some significant holes and errors that can really affect the impact your site makes on your users. Broken navigation or poor site security, for example, can kill your credibility and waste the traffic coming to your website.

One simple way to get your site into ship-shape is to do an audit. Just like a car service, you can check each part of your website to see what’s causing that rattling noise. An audit will help you uncover the issues with your site so you can fix them and move onto building your online platform.

And it doesn’t need to be difficult, too.

To help, I’ve listed out my own list that I use when auditing a WordPress site covering security, analytics, plugins, page speed, forms, content and usability.


It is fairly common knowledge that WordPress sites can have their security breach by malware and hackings. Here are some basic security issues you can check:

1. SSL

Having an SSL certified website means that information being transferred to your website is secured by encryption. It is best practice and even good for SEO.

Check that your site is setup on HTTPS (SSL) by looking at the domain URL or for the green lock symbol next to the URL in your browser.

2. Security Plugin

Check that you have a security plugin like WordFence installed. Many security plugins are free, and help protect against basic DDOS attacks as well as send you alerts when somebody is trying to log into your website or change files.

3. Backup Plugin

When something has gone wrong with your site, the easiest way to fix it is to restore a recent backup. Backing up your site is easy. Get a plugin like UpDraft which can backup your site to the cloud (like Google drive, for free).

4. Review User Accounts

Have a look in your user section. Make sure there are no odd accounts that you don’t remember creating.

5. Password Change

When was the last time you changed your password? Changing your passwords every now and then is an easy way to help keep your assets secure.


Analytics tools provide you with the essential metrics and dashboards to let you know how your site is performing. They are all free, too.

6. Google Search Console

Google Search Console (a.k.a. Webmaster Tools) is less well known than its sibling, Google Analytics, but it is just as important. GSC tells you how your website is performing and understood by Google from an SEO point of view.

7. Bing Webmaster Tools

For the same reason as using GSC, you’ll want to have Bing Webmaster Tools setup. Thankfully, Bing will let you create an account with your Gmail…

Make sure it is installed and you have submitted a sitemap.

8. Google Analytics

Google Analytics is fairly well known and easy to install. If your site doesn’t have it, create a Google Analytics account then download and use the plugin MonsterInsights to set it up.

Essential Plugins

Plugins exist to make your site more powerful in that it can do more. Just make sure you have the good ones, and don’t have any more than necessary.

9. SEO Plugin

To help make your content SEO optimised, check that you have an easy SEO plugin installed. They’re free, too. I like to use Yoast SEO but AllInOneSEO is also popular.

10. Discussion Plugin

Like me, you may have seen more than a few sites where the comment section looks like a depository of spam. Use a discussion plugin like Disqus that requires users to have account, somewhere like Google, Twitter, etc, in order to comment.

11. Schema Markup

Schema Markup is extra information tagged on your website and pages that help search engines understand what your content is about.

12. Link Checker / Redirection Plugin

Broken links are bad for users and bad for SEO. Use an automated link checker and redirection plugin to help avoid this, or fix any holes that appear.

Page Speed

Page speed is a major factor for the usability of your website and it is one of the many elements that affect your SEO.

13. Pingdom & Google PageSpeed Insights

Check your website using Pingdom and Google PageSpeed Insights. These sites will give you a report breaking down how fast your website is loading and where the bottlenecks are, as well as some recommended fixes.

14. Caching Plugin

Caching plugins help improve the speed of your website. If you have one installed, test your website speed with and without it to make sure it actually improves your score. I have found mixed results.

15. Image Optimisation Plugin

Super large images can cause your site to load slowly, so check that your images have been compressed or that you have an image optimisation plugin installed. If you want to compress each image manually (for greater control over the quality) check out this lovely panda website.

Contact forms

16. Test Forms

Contact forms are the primary method for users to contact you. Make sure they’re working properly. Send a test message through each of the forms on your website.
Ideally you’ll have an auto responder email in place or the user is directed to a ‘thank you’ page after submitting it. If you don’t, people will be confused whether their message actually went through or not.

17. Contact Form Plugin

Using a contact form can help save you from getting your email easily harvested for spammers. You might still get spam from the contact form itself, but at least your email won’t be floating around the web.

I like to use the plugin NinjaForms of Contact Forms 7.


Content is the meat of your site and the fuel for your messages.

18. Privacy Policy

Having a Privacy Policy is best practice. You should have one for compliance (most countries are getting quite strict about this) and it is good for your readers to know that you take their privacy seriously.

Instead of writing one from scratch, you can use a service like TermsFeed to generate one. It takes about 30 seconds and is usually free, depending on how complex your needs are.

Don’t forget to adjust your Privacy Policy if you use a generation service.

19. Terms of Use

Terms of Use is a policy about controlling what people can do on your site and how they can use it. For example, if you ever wanted to ban a user from accessing your site, you would probably want to reference a document like the Terms of Use to say why.

This is also where you would explain that you have copyright over all your content.

Again, if your needs are simple you can use a service like TermsFeed to generate and adapt a policy fairly quickly.

20. Copyright Date

†Check that your copyright date in the footer is the current year.

21. Heading / Content Tags

Using H1, H2 tags in your content and copy helps users read your content and Google to understand it. Make sure they are used well throughout the site and consistently.

22. Font Consistency

Check to see that only two or three fonts have been used consistently through the website. This will help make sure your content is easy to understand and ‘looks right’.

23. Favicon

Favicon is the little logo or icon of your website that shows up when your website is bookmarked. It’s not a big thing but a nice touch that keeps your website looking professional.


24. Responsive Design

For many sites, mobile visitors make up around 60% – 70% of traffic, so having a mobile friendly website is key. Ideally, your website will be responsive to the screen size (meaning that elements adjust to how big the window frame is).

An easy way to ensure this for WordPress sites is to just install a mobile responsive theme.

If you have a mobile friendly theme in place – check that it actually works correctly on mobile. No broken or jumbled elements.

25. Mobile Menus

Check your navigation menus on mobile. Depending on your theme or setup, sometimes these can be less than workable and kill your mobile usability as a result.

26. Cross Browser Compatibility

While nobody really likes Internet Explorer, you’ll need to check that your website works mostly correctly on this brower and the others.

It is difficult to make your website always 100% perfect on each platform, so just make sure it has no major flaws.


Most people have paid quite a decent amount of money (or time) on their website so making sure it works correctly will help you get the most benefit out your site long term.

Start with checking each area, using my checklist as a guide. Of course every professional is different, so you may want add extra areas to check depending on your needs. For example, real estate agents might have IDX integration that needs to be checked. Whereas lawyers might want to check that your client document portal is working smoothly.

By taking the time to audit your website you should have a safe, reliable and stable platform to build your business on. If you’re looking for help with WordPress, feel free to reach out.

Leave a Comment