header tail

how to do a WordPress website audit (with easy-to-follow checklist)

home / how to do a WordPress website audit (with easy-to-follow checklist)

An audit is a great way to ensure your WordPress site is performing effectively and meeting your company’s goals.

We offer detailed website audits covering everything from code quality, usability, and server configuration to speed, user experience and accessibility, but there are also plenty of simple WordPress audit checks you can do yourself…

why you need a WordPress audit

Is your WordPress website performing at its best?

Conducting a WordPress audit allows you to check how your website is functioning across key criteria, so that you can improve things and make sure you’re achieving the best possible online results for your company.

Our ultimate WordPress optimisation guide covers everything you need to know to get your WordPress site up-to-date, secure and perfoming brilliantly, but in this blog we focus specifically on what to check in a WordPress website audit.

WordPress website audit checklist

1. Check software & plugin versions

Both WordPress itself and any plugins/themes you use need regular updates to fix bugs, patch security issues, and maintain performance. It’s for these reasons that checking and updating your software version is task one on our WordPress audit checklist!

You can find out whether you’re using the latest version of WordPress in ‘Updates’ in the left-hand menu of your dashboard. This page also shows whether your plugins and themes are up-to-date.

If needed, updating to the latest WordPress and plugin software versions is simple. Just click the relevant ‘update’ button(s). Make sure to back-up your site first, just in case anything goes wrong!

2. Check site speed

Speed is a vital component of website performance, with faster sites having better user experience and more conversions. Speed also contributes to search engine performance, with slower sites penalised and appearing lower down on search results pages.

You can check the speed of your WordPress website using Google PageSpeed. You’ll be given scores for desktop and mobile of between 0 and 100 – aim for scores above 90 for optimal performance.

Once you’ve checked your scores, head over to our blog where we’ve got loads of tips to improve your WordPress website speed.

3. Check blogs & content

By adding new blogs and content to your site, you signal to both users and search engines that your website is active, interesting and worth browsing. In the ‘Posts’ section of your WordPress dashboard, you can see when you latest blogs were published, and if any further articles are scheduled.

How often you should post new content depends on your organisational capacity and goals; you may want to add blogs daily, weekly or monthly. Whatever your aim, we recommend creating a content plan and scheduling posts in advance. Checking your latest content and content strategy should therefore be included as part of your WordPress audit.

It’s also important to keep an eye out for comments on your site. WordPress comments are automatically held in moderation, so check the ‘Comments’ section of your dashboard to see how many comments are currently needing to be checked and published/deleted.

For more tips on optimising your WordPress content, read our Ultimate WordPress Guide.

4. Check WordPress security

It’s vital to scan your WordPress site regularly to check for malware, viruses and suspicious code. Having a hacked or infected site can cause massive problems – both financially and in terms of reputational impact.

We recommend installing the Wordfence plugin, which includes website security hardening, a firewall to block malicious traffic, and a scanner that checks for malware. To scan your site for any security issues, simply go to Wordfence > Scan and click ‘Start new scan’.

If there are any problems, Wordfence will suggest how to fix them and get your site secure again. We’ve also got lots of great advice for optimising WordPress security on our blog.

5. Check for broken links

A broken link is a link to a webpage that doesn’t work. It’s frustrating for users – who will be directed to a 404 error message and may then choose to exit your website – and it’s also a negative signal to search engines.

You should check regularly for broken links with an online tool such as Dr Link Check. If you have any, you can then go to the relevant page and update or remove the link.

We recommend conducting broken link maintenance at least every few months, or more often if you create a lot of content. You may find it helpful to install the WordPress Redirection plugin, so you can set up redirects for any old/changed URLs.

It’s also a good idea to create a friendly 404 error page to keep users happy when they encounter a broken link. If you don’t already have a 404 page, you can create one for your WordPress website with the 404page plugin.

6. Check functionality

Your WordPress audit should include checking your website’s design and functionality. This can be done simply and easily by looking through your site and testing any interactive features, such as buttons and contact forms.

Giving your site this type of ‘once-over’ will highlight if there are any code, formatting, design or operational issues that need to be investigated and/or fixed. For more details on getting your WordPress site performing optimally, read our Ultimate WordPress Maintenance Guide or contact your WordPress agency.

7. Review analytics

You can track your site’s analytics simply and easily with a Google Analytics plugin such as MonsterInsights. Once installed, just go to Insights > Reports in your WordPress back-end to see your site data.

As part of your site audit, you should review your analytics and consider what’s working well and what isn’t. For example, which are the most popular website pages, and which are the least popular?

Once you have this information, you can then make data-driven edits on your WordPress website to optimise performance.

8. Check SEO performance

It’s a good idea to give your site an SEO health check as part of your WordPress audit. You can do this using the free Ubersuggest SEO analyser or with various other, similar online tools.

On Ubersuggest, just type in your URL, select your language/country and click ‘Search’. A report will be generated showing your organic traffic levels, domain score and number of organic keywords – it’s worth recording this as part of your audit and then trying to improve your SEO stats over time.

If you go to the ‘Site Audit’ section in the left-hand menu, you’ll then see a more detailed SEO health-check for your site. This includes a list of issues needing attention, such as pages with low word-counts and poorly-formatted URLs.

To improve your site’s search engine performance, fix these issues and also read our Ultimate WordPress Maintenance Guide which includes loads more WordPress SEO tips.

9. Check mobile compatibility

There are two great tests you can use to check how your site functions across different screen sizes and devices – the Responsive Test and Google’s Mobile-Friendly Test. Together, these give a great insight into how your WordPress site appears on smaller screen sizes and whether you’re meeting mobile browsers’ needs.

If necessary, you can then improve your site’s mobile compatibility using the advice in our WordPress Optimisation Guide.

10. Check your database

The more you update your site, the more your database becomes clogged-up with old content, deleted comments, unused plugins and more. It’s therefore worth looking through your database to see what is there and check for surplus items as part of your WordPress audit.

To keep your database tidy, you can schedule automatic database clean-ups with a plugin such as WP-Sweep. It’s also a good idea to go through your plugins regularly (in ‘Plugins’ on theWordPress dashboard) and delete any that are no longer needed.

11. Check backups

It’s vital to back-up your website regularly, so that if you get hacked, infected with ransomware or encounter any other major problem(s), you can get your site online again quickly.

As part of your audit, you should check and verify your site backups. Make sure that all relevant data is being stored, that backup copies are being saved securely in different locations, and that files are not corrupted. This will ensure you have the best chance of being able to reinstate your site if disaster ever happens.

It’s also worth checking your backup schedule – as the more regularly you backup, the less data you’ll lose if you need to revert to a backup version. Check backups are being made frequently enough for your needs, and also that backups are scheduled to take place during low traffic periods when they’ll have least impact on site speed and user experience.

Site backups are often included as part of your WordPress agency’s services or hosting package. Alternatively, they can be easily managed with a backup plugin such as BackupBuddy.

12. Check user accounts & passwords

WordPress allows you to add different types of users to your site, each with different permissions to make edits and changes.

As user profiles can pose a security risk, it’s a good idea to review your site users as part of your audit and check that people have only the level of permissions required. This can be done the ‘Users’ section of your WordPress dashboard.

It’s also a good idea to update and make a note of user passwords as part of your audit. Make sure to choose strong passwords, including a random combination of letters, numbers and symbols.

13. Check accessibility

With a fifth of the population experiencing a long-term disability and UK law stating that services (including websites) must be accessible for everyone, it’s vital to check how accessible your site is.

As part of your audit, we recommend evaluating your website’s accessibility with Wave or another, similar tool. If your site needs improvements to increase accessibility, ask your WordPress agency for advice.

14. Review admin tasks

Finally, your audit should include a review of the general, less frequent admin tasks required as part of website management and maintenance. We suggest checking:

  • Domain renewal: Most websites require regular domain name renewal, so make sure this is on your audit checklist. Domain renewal can be done either directly with your domain provider or through your WordPress support agency.
  • Disaster recovery: A disaster recovery plan details exactly what you would do if your site crashed or encountered a security problem. Make sure your plan is up-to-date with the latest legal requirements, website details and organisational procedures.
  • Hosting provider: Most hosting packages renew annually, so it’s a good idea to review whether your current hosting provider is meeting your needs. Factors to consider include speed, security, reliability, hosting type and cost.
  • SSL certificate: To keep your site secure, your SSL (Secure Sockets Layer) certificate needs to be renewed every two years. This can be done via your hosting provider or Let’s Encrypt.


Phew – your WordPress audit is complete!

This will give you a great overview of how your WordPress site is functioning and any areas that need improvement or maintenance. To action these, read our ultimate WordPress optimisation guide, where we explain everything you need to know about improving and optimising your WordPress website.

Alternatively, if you’d like expert WordPress website management or a more detailed audit of your website’s current performance, please get in touch and we’ll be happy to help.