Our post-launch checklist is roughly divided into areas of website performance and website security. Each of these two categories includes a series of tasks that we go through, in order, to ensure that every aspect of your newly launched website is functioning as expected.
Uptime Monitoring
Speed Monitoring
SEO + Analytics
CDN
Server optimization
- Caching
- Image optimization
- Mobile site optimization
- Lazy loading configuration
- Combining and minifying code files (such as html and javascript)
- Compression
Backups
Updates
Firewall
Site and Server Configuration
- Auditing and securing logins and admin accounts
- Updating the SSL certificate
- Updating the PHP version
- Setting file and directory permissions
- Setting up ReCaptcha to avoid spam on forms
Security Monitoring
Performance
Performance, in our minds, covers all the factors that are going to affect your site’s uptime and loading speed, as well as (potentially) your search engine rankings.
After you’ve launched your site, how will you know if something goes wrong? You don’t have the time to manually check every five minutes, and neither do we. That’s why we implement a monitoring bot that checks for us, and alerts us of slow page loads and http errors.
Moving forward, we can adjust how frequently an uptime monitor checks your site, depending on your needs and level of traffic, and this is something that can be reevaluated throughout the life of your site.
When we launch your site, we’ve seen it in a development environment, and we have a decent idea of how it’s going to perform. But we still need some actual data from the live environment to confirm that it is working properly for the end user.
To gather this data, we set up performance data monitoring (like uptime monitoring), as well Google PageSpeed — this extension gives us insight into how Google thinks the page is performing, which can affect your ranking.
Page load times can vary between desktop and mobile, so we make sure we’re monitoring for both.
Your site might be up 99.99 percent of the time, but how do you know how well it’s showing up in search results? Is what you built actually benefiting your business?
We’re going to leave the more strategic SEO activities to the digital marketing experts of the world. Our responsibility is strictly to ensure there are no redirect issues or broken links in your site. These aren’t security issues. And they won’t slow down your site’s speed or load time. But we have seen time and again that this is where low-quality agencies and freelancers often fail. Broken links and redirect errors can absolutely destroy a website’s rankings. A new site might look amazing. But it’s all for naught if the site drops off the rankings and isn’t getting any traffic. And it’s hard for an SEO person to try and recover these rankings later. This is why we take on this responsibility and make sure these elements are configured at launch.
To help with SEO, we enable redirect monitoring and 404 error monitoring to make sure that users aren’t landing on error pages. We also check Google Analytics and Google Search Console for any errors or issues that Google’s crawlers have reported.
Once your site is live and the IP address has been updated, we enable a firewall with a Content Delivery Network (CDN) to distribute user traffic across multiple servers. This takes the load off your origin server and prevents traffic bottlenecks, which helps keep page load times reliably fast. It also helps to combat DDoS attacks and other potential cyberthreats. If you want to learn more about CDNs, have a look at CloudFlare. Their integration with WordPress and various WordPress webhosts is outstanding.
This is probably the most important post-launch task. What are you doing post-launch to show that your server is optimized and running as efficiently as possible? There are a handful of things we do to help speed things up on the server side, including:
We may delve deeper into some of these in future articles.
Security
Having a site that loads quickly and performs well is only one side of the site launch coin. You also need to make sure that your information — and your customer’s information — is secure.
In case something goes wrong during launch, can the site be restored to a previous backup?
We set up backups right away, and we test them to make sure that we can restore the site immediately should something go wrong. We also configure automatic backups to occur on a regular basis going forward, and we make sure those backups are stored securely offsite. Backups aren’t just important during development — a bug can arise at any time in a live site, and it’s important to be prepared with a recent, functional backup.
We always make sure we have a clear plan for updates following launch and moving forward. While it’s possible to configure automatic updates for things like your WordPress core and plugins, we don’t recommend it unless you also have a plan for checking everything right when a release take place.
Installing updates manually ensures that someone has eyes on your site as soon as an update goes live. That way if an issue does arise with a core, plugin, or theme update, we can restore the site to a very recent backup without losing any data, and then take a closer look and troubleshoot the issue.
Once the site is launched, how are you protecting the site from malicious traffic?
We set up a firewall within the site, as well as another firewall at the CDN level, to ensure multiple layers of security. These firewalls have to be configured precisely and in concert to ensure that they don’t get overzealous and block legitimate traffic, so we need to be able to see them working in a live environment to confirm that they’re set up correctly. We want to be able to customize a firewall to deal with specific threats and also have logs so that we can adapt the firewall settings as-needed to handle certain scenarios or patterns of traffic that a specific website may face.
There are a number of settings that need to be configured on both the server and the site to ensure maximum security. Things like:
Ensuring that all of the above is configured once the site goes live helps protect your site from malicious users, bugs, and issues of human error. Most of these factors will be monitored and tweaked or updated throughout your site’s lifetime.
Finally, we need to make sure that the site will be monitored regularly post-launch. In addition to uptime and performance monitoring tools, we set up daily security scans, as well as external scanning services to cover all our bases.
These plugins monitor for malware, changed files, and suspicious content, and are configured to alert us immediately of any unauthorized change.
Ongoing Support
And that’s it! If you’ve made it this far, your site is launched and should be running smoothly. After this point, we’ll monitor your site actively for a couple more days to ensure that all the settings are working as they should, and that no further formatting issues arise. And hopefully, you’ll consider signing up for a plan with us to secure and maintain the site in the long term.
Web technology and cybersecurity practices are constantly evolving, so it’s impossible to completely prevent all issues. And the internet itself is constantly changing, as are policies, regulations, and laws relating to privacy, personal information, and security. It never ends. But you can rest assured that your website gets off on the right foot, and has the systems and people in place to keep it performing beautifully for years to come.