Your website health checklist
The complete checklist we run through to assess and maintain a healthy website — covering security, performance, content, and functionality.
This is the full checklist we use when assessing the health of a website. It covers every major area: security, performance, content, functionality, and accessibility. Use it to understand what we're checking, and as a reference for your own periodic reviews.
Quick summary
A healthy website is secure, fast, accurate, and working for every visitor. This checklist covers all of those areas. We run through the technical parts automatically as part of your care plan. The content sections are something you can review yourself monthly.
Security
- All software is up to date (WordPress core, plugins, themes)
- No outdated or end-of-life software is running
- SSL certificate is active and not expiring within 30 days
- Site is not on any security blacklists (Google, antivirus databases)
- No unauthorized admin users exist on the WordPress dashboard
- Login page has brute-force protection active
- Two-factor authentication is enabled on admin accounts
- Daily backups are completing successfully
- Most recent backup has been verified (can be restored)
- No malware or suspicious code detected in security scans
Performance
- Homepage loads in under 3 seconds (test on a mobile connection)
- No large uncompressed images are present on key pages
- Caching is active on the server
- No unnecessary plugins are installed (especially deactivated but not deleted)
- No JavaScript or CSS errors visible in browser console
Functionality
- All navigation menu links work correctly
- Footer links are accurate and working
- Contact form delivers to the correct email address
- Order or booking forms work correctly end-to-end
- Search function works (if applicable)
- Any integrations (CRM, mailing list, chat widget) are connecting
- No broken links detected in automated scan
- Videos and embeds load correctly
Content accuracy
- Business name, address, phone, and email are correct throughout
- Business hours are current
- All services and products listed are current and accurate
- Prices are accurate and consistent
- Staff and team bios reflect the current team
- No expired promotions, events, or offers are showing
- Blog and news content is not misleadingly outdated
- Copyright year in footer is current
Trust & credibility
- Browser shows a padlock icon (HTTPS is active)
- No "Not secure" warning appears on any page
- Reviews and testimonials are recent (within the last 12 months where possible)
- Social media profile links are accurate and profiles are active
- Google Business Profile information matches the website
Accessibility basics
- All images have meaningful alt text
- Heading structure is logical (H1 → H2 → H3, no levels skipped)
- Text is readable against its background (sufficient color contrast)
- Links describe their destination (no "click here" links)
- Forms have labeled fields
- Site can be navigated using a keyboard alone
Backups & recovery
- Daily backup is configured and running
- Backups are stored offsite (not only on the hosting server)
- Backup retention covers at least 30 days
- Most recent backup has been tested (can be restored successfully)
- We know where the restore process is documented
How to use this checklist
We run the technical rows automatically as part of your care plan. For the content and trust rows, we recommend you do a self-review monthly — it takes about 20 minutes.
Use the simpler What to check on your site monthly guide for your monthly review. This full checklist is useful for a quarterly deep-dive or for reviewing a site that hasn't had regular care.
If you find anything on this list that needs attention, log it in ClickUp or email support@chykalophia.com.
Common questions
Related guides
- What to check on your site monthly
- Software updates explained
- How backups work
- Security monitoring explained
- Pre-launch checklist for a big update
Need a hand?