Sabuj Kundu 14th Aug 2025

Launch days are busy. Use this practical checklist (security, speed, SEO, analytics, email deliverability, eCommerce & more) to go live without surprises.

Need help launching? Codeboxr can handle end-to-end WordPress launches—performance, security, SEO, analytics, and QA. Get in touch →

1) Hosting & Foundation

  • PHP version (8.1+), OPcache enabled, adequate memory_limit (256MB+).
  • Database server tuned; persistent connections and proper collation/charset (utf8mb4).
  • Staging site in place; confirm search engine visibility is disabled on staging.
  • Enforce HTTPS: valid SSL cert; update WordPress Address & Site Address to https://.
  • Correct file permissions (755 dirs, 644 files) and ownership.
  • wp-config.php: salts/keys, table prefix, DISALLOW_FILE_EDIT=true, WP_DEBUG=false.
  • Server-level caching (e.g., FastCGI/Redis) planned and compatible with your WP cache plugin.
  • Cron strategy: real cron vs wp-cron.php; disable default if using server cron.
  • Backups: daily files + database; offsite storage; test a full restore.

2) Security & Hardening

  • Enforce strong admin passwords and least-privilege user roles.
  • 2FA for admin/editor accounts.
  • Limit login attempts; enable CAPTCHA on critical forms.
  • Disable XML-RPC if not required; protect wp-login.php (rate-limit/IP allowlist).
  • Security headers (HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy).
  • WAF/CDN rules in place (e.g., Cloudflare) and origin IP locked where possible.
  • Remove unused themes/plugins; keep core, themes, plugins updated.
  • Disable directory listing; protect wp-admin via HTTPS only.
  • Uptime + malware monitoring configured; incident response plan documented.

3) Performance & Caching

  • Page cache + object cache (Redis/Memcached) configured; preload critical pages.
  • Minify + combine where safe; defer non-critical JS; CSS critical path for above-the-fold.
  • Image optimization (WebP/AVIF), lazy-loading, correct dimension attributes.
  • CDN for static assets and media; proper cache-control headers.
  • Test Core Web Vitals (LCP, CLS, INP) on real devices + Lighthouse lab tests.
  • Remove render-blocking assets; audit unused CSS/JS (especially page builders).
  • Database optimization (autoloaded options, transients, postmeta bloat).

4) SEO & Indexing

  • Disable “Discourage search engines” on production.
  • Finalize permalinks; set redirects for legacy URLs; add 410 for intentionally removed content.
  • Submit XML sitemap to Google Search Console & Bing Webmaster Tools.
  • Robots.txt rules verified; no accidental disallow on production.
  • Title/meta descriptions written for key pages; Open Graph & Twitter Cards in place.
  • Canonicals set; pagination/archives configured; index/noindex rules audited.
  • Structured data (Organization, Breadcrumb, WebPage, Article, Product/LocalBusiness as needed).
  • 404 page helpful and branded; search on 404 enabled.
  • Internal linking and anchor text updated; orphan pages handled.

5) Analytics, Tagging & Monitoring

  • GA4 installed via Google Tag Manager (server-side if applicable).
  • Conversion events set (leads, purchases, downloads, form submits).
  • Search Console & Bing verified; HTML sitemap (optional) created.
  • Heatmaps/session replay (e.g., Hotjar) if allowed by policy.
  • Uptime monitoring + performance alerts; error logging (PHP, JS) and alerting.

6) Content Quality, UX & Accessibility

Content & Media

  • Spelling/grammar, brand tone, and readability checks.
  • Final URLs in nav, footer, CTAs, and buttons verified.
  • Images have alt text; captions where helpful; compression verified.
  • Favicon + app icons + social share image tested.
  • Timezone, date formats, and localization confirmed.

UX & Accessibility

  • Keyboard navigation and focus states visible.
  • Color contrast meets WCAG; text size scalable.
  • ARIA landmarks/labels used correctly; skip-to-content present.
  • Forms have labels, error states, and success messages.
  • Mobile nav, tap targets, and sticky headers tested.

7) Forms, Email Deliverability & SMTP

  • All forms submit, validate, and store entries (spam protection enabled).
  • Transactional emails routed via SMTP/API (SPF, DKIM, DMARC set at DNS).
  • Test notifications to multiple recipients; reply-to and from-name configured.
  • Email logs enabled for troubleshooting.

Tip: For reliable deliverability, try Comfort Email SMTP, Logger & Email API (by Codeboxr). It’s a lightweight alternative to bulky SMTP plugins.

8) WooCommerce / Payments (if applicable)

  • Currency, taxes, shipping zones/methods, and store address set.
  • Payment gateway in Live mode (e.g., Stripe keys); webhooks configured & tested.
  • Test orders end-to-end (cart → checkout → email receipts → fulfillment).
  • Inventory, product schema, and structured data validated.
  • Transactional email templates branded and accurate.
  • Terms/Privacy/Refund policy linked in checkout.

9) Legal, Privacy & Compliance

  • Privacy Policy, Terms, Cookie Policy, Refund/Shipping (if store) pages published.
  • Consent banner aligned with your data collection (GA4, pixels, heatmaps, etc.).
  • DPA with processors if required; contact form disclaimers where needed.
  • Accessibility statement (if in scope); language switcher tested for multilingual sites.

10) Go-Live Operations & Post-Launch

  • DNS cutover planned with low TTL; verify A/AAAA/CNAME, MX, SPF/DKIM/DMARC.
  • Switch off maintenance mode; purge all caches (server, plugin, CDN).
  • Remove staging references, test absolute URLs, update internal links.
  • Verify 301 redirects and track 404s; import any disavow file if applicable.
  • Take a fresh full backup post-launch and archive a “v1.0” snapshot.
  • Create an editor’s manual: how to add posts, media, menus, and updates safely.
  • Set monthly maintenance (updates, backups, optimization, monitoring).
  • Announce the launch (social, newsletter); set up feedback collection.
Developer extras (optional but recommended)
  • Environments: WP_ENV or similar constant; debug logging to file only.
  • Deployment strategy (Git/CI/CD) with build steps for assets.
  • Error tracking (Sentry/Rollbar) for PHP & JS.
  • Performance budget + monitoring on Core Web Vitals.

Need to build a Website or Application?

Since 2011, Codeboxr has been transforming client visions into powerful, user-friendly web experiences. We specialize in building bespoke web applications that drive growth and engagement.

Our deep expertise in modern technologies like Laravel and Flutter allows us to create robust, scalable solutions from the ground up. As WordPress veterans, we also excel at crafting high-performance websites and developing advanced custom plugins that extend functionality perfectly to your needs.

Let’s build the advanced web solution your business demands.