Make sure language_attributes() is set in HTML. This helps translation tools know what language your website is in, Google uses it to better rank your website, and it's helpful for folks using screen readers too.
Install an SEO plugin to make it easy to maintain and modify SEO information. Make sure you fill out all the open graph information and basic title, description, and image fields. Consider using one of the following plugins:
If you've got an SEO plugin installed and properly configured, you should be fine, but double check those tags with the meta tag checker and adjust accordingly.
Make sure you don't have any broken links lingering on the site. A common culprit is changing slugs after a post has been published. Although WordPress auto-magically can catch a few of those, it's helpful to have a plugin that does even more:
Is your favicon set? Go to Appearance > Customize > Site Identity and set that Site Icon. It'll take care of your favicon and the app icon (in case someone saves your site to their iPhone/Android screen!).
Is your website responsive? It should be responsive! Use CSS Media queries in your code, make sure zoom is not disabled, and test your site in responsive mode with your browser Developer Tools
Did you turn off that setting WordPress General settings that discourages search engines to index the site? Not sure? Better double check!
Is your website using Gzip compression? Gzip is a way of smartly compressing data so your website loads faster. Modern browsers automatically request the Gzip version of your website first.
Run your code through the HTML validator and make sure there aren't any glaring errors. Sometimes there will be errors you don't want to fix, and that's okay. Just be sure you're being intentional.
Optimizing your images, making sure they are as compressed as possible, and lazy loaded when appropriate makes a huge difference for your website speed.
Loading your webfonts fast and well is important. Keep those font file sizes low, only add the font styles you are using, use preconnect to load those font files quicker, and avoid the Flash of Unstyled Text and Flash of Invisible Text.
You've heard it before and you'll hear it again. Use caching. There are lots of brilliant plugins out there that help. Great hosts usually provide caching of some kind as well, utilize that.
CDN = content delivery network. If you've got a big site or you want the fastest site possible, use a CDN. Your site will be cached all around the world and served to the viewer from the closest server.
The more files you have and the bigger they are, the more HTTP requests you'll have. So minimize those files and get rid of anything unnecessary.
Run your site through a speed test tool to check for any other glaring issues you may have missed.
If you configured an SEO plugin, you probably have one (or more). Go to yourdomain.com/sitemap.xml and make sure you have one!
Make sure you have a useful 404 template.
There's no standard search template in WordPress, but you should create one. The ideal slug is /search so if someone needs to do a search, they can get there.
Simplest way to do this is to add the following:
Can you tab through everything and take the actions you want to take on your website? If you can't, fix it!
Adding this specifically, because it's often overlooked. I know we all hate the default checkboxes and radio buttons. It's totally okay to use pseudo classes to style a fancier version, but let's make sure they are keyboard accessible, yeah?
Yes, you can use borders instead of text-decoration: underline;.
Make sure you have a skip to content link that shows up when that link comes into focus.
Make sure your images have alt attributes with helpful descriptions and maybe some context too.
Typically found in the footer, an accessibility statement is a fantastic way to communicate how folks can get help if they have problems using your site.
Lighthouse is Google's website checking tool; it tests performance, accessibility, etc. It's built into Chrome, if you don't use Chrome, PageSpeed Insights is Lighthouse in a Web UI.
If you forget your password, does your website correctly send the Rest your Password email? If you register a new user, does the website properly send the new user an email?
Are your forms properly capturing and submitting? Different plugins and themes can sometimes create bugs and conflicts that prevent forms from working. It happens more than you know. Make sure your getting the submissions from your users!
Every site should have website analytics turned on. Did you remember to add that to the site now that it's going live? Remember to assess what analytics tool is right the website and what other considerations you need to take into account so the website isn't breaking the law.
A lot of countries require websites to have privacy policies under various conditions. It's also just a good practice to have a place where you let people know how/why you are using your data and what they can do about it.
Using a tool to track your searchability is always a great idea. It's handy to know what keywords and phrases are leading people to your website. Combined with a good analytics tool, this gives you a lot of helpful data.
Recently, Google Fonts was deemed illegal to use in a Germany court, because every time you load a font from Google Fonts, your website sends the IP address of your visitor back to Google without their explicit consent. This applies to any fonts you have hosted elsewhere (Typekit, etc). Consider locally hosting your fonts to avoid the situation entirely.
Let's Encrypt exists! It's free! If your host doesn't support it, change hosts.
You should have regular backups of your website and regular off-site backups of your website. Backups on your normal server won't be of any help to you if your server crashes.
Keeping your WordPress installation updated is a big part of keeping your site safe!
Keep your site safe from a common brute force attack: don't use the username admin.
Delete all themes you aren't using, except for one default (twenty *) theme; comes in handy when you're debugging weird issues. Get rid of any plugins you don't need!
Keep all your themes and plugins updated. But make sure to backup first and ideally test your updates on a staging server first.
Use strong passwords! Advise your clients to use strong passwords too!
Super helpful, can stop lots of attacks in their tracks.
Depending on the complexity and sensitivity of your website, you may want to consider using a security plugin.