The Ultimate WordPress Launch Checklist: 25 Things Before Going Live

Launching a WordPress site without a checklist is how you end up discovering broken contact forms two weeks after going live, or realizing your Google Analytics was tracking nothing the whole time. This checklist covers the 25 things that actually matter before you hit publish – organized by priority so nothing falls through the gaps.

---

Before You Start: The Pre-Launch Mindset

A WordPress site is never truly “done” – but there’s a clear line between “not ready to launch” and “ready to launch but will keep improving.” This checklist is about crossing that line with confidence. Work through it top to bottom before going live and you’ll avoid the most common post-launch scrambles.

---

Section 1: Content and Pages (Items 1-5)

1. All Core Pages Are Published and Linked

Verify these pages exist, are published (not draft), and are accessible via navigation: Home, About, Contact, Privacy Policy, and Terms of Service (if applicable). Check each one in a private browser window to confirm they load correctly when not logged in as an administrator.

2. Privacy Policy Is Legally Compliant

WordPress generates a basic privacy policy template at Settings → Privacy. This is a starting point, not a finished document. Your privacy policy must accurately describe what data you collect, why you collect it, and how it’s used. If you use Google Analytics, contact forms, or any third-party service that processes user data, these must be disclosed. Consider having a lawyer review it for GDPR compliance if you serve European visitors.

3. Contact Form Is Tested and Confirmed Working

Fill out your contact form and verify you receive the email. Check your spam folder. Contact forms are frequently misconfigured for email delivery, and a broken contact form means you’re silently losing every inquiry that comes in. If your hosting uses shared mail servers, configure SMTP with a dedicated service (WP Mail SMTP with SendGrid, Mailgun, or similar) to ensure reliable email delivery.

4. 404 Error Page Is Customized

Every site gets 404 errors. How you handle them matters. Your 404 page should include a search box, links to your main categories or most popular content, and a friendly message. A default WordPress 404 page provides no navigation and causes visitors to bounce. Most themes allow customization in the Customizer or with the block editor.

5. All Images Have Alt Text

Alt text is required for accessibility (screen readers) and helps with image SEO. Go through every image on your core pages and confirm alt text is filled in. The WordPress media library allows bulk editing of alt text. For post thumbnails and header images added via the Customizer, add alt text in each image’s media library entry.

---

Section 2: Technical SEO (Items 6-10)

6. Search Engine Visibility Is Enabled

WordPress has a setting at Settings → Reading called “Discourage search engines from indexing this site.” This is enabled by default on development sites to prevent indexing while building. Before launch, confirm this checkbox is UNCHECKED. Forgetting this is more common than you’d think, and the consequences (no search traffic, no indexing) are severe.

7. XML Sitemap Is Active and Submitted

WordPress generates an XML sitemap automatically at yourdomain.com/wp-sitemap.xml. If you have an SEO plugin like RankMath or Yoast, they generate their own enhanced sitemap. Confirm the sitemap is accessible, then submit it to Google Search Console and Bing Webmaster Tools. This accelerates indexing of your new content.

8. Permalink Structure Is Set Correctly

Go to Settings → Permalinks and confirm your URL structure. The “Post name” option (/sample-post/) is the recommended structure for SEO. Avoid the default numeric structure (?p=123) which provides no SEO value. Important: change your permalink structure before launch – changing it after going live with existing content creates redirect chains that are messy to fix.

9. SEO Plugin Is Configured with Site-Wide Settings

If using RankMath or Yoast SEO, complete the setup wizard. At minimum: set your site name, knowledge graph information (person or organization), default meta descriptions for post types and archives, and verify social sharing titles and images are configured. These defaults apply to any page or post that hasn’t had individual SEO metadata entered manually.

10. No “Noindex” Tags on Public Pages

Check that your key pages aren’t accidentally set to noindex. In RankMath, open the post/page editor sidebar and look for the SEO tab – verify “No Index” is not enabled. In Yoast, the same setting appears as “Allow search engines to show this post in search results.” Also check your SEO plugin’s global settings to ensure categories, tags, and archives that should be indexed are not set to noindex site-wide.

---

Section 3: Performance (Items 11-14)

11. Caching Plugin Is Installed and Active

WordPress generates pages dynamically from a database on every request by default. A caching plugin saves a static HTML version so subsequent requests are served much faster. WP Super Cache (free), W3 Total Cache (free), or WP Rocket (premium) are the most common choices. If your managed host provides server-level caching, you may not need a plugin – confirm with your host.

12. Images Are Optimized Before Upload

Large unoptimized images are the most common cause of slow WordPress sites. Install a plugin like Imagify, ShortPixel, or Smush to automatically compress images on upload. Set your compression level to lossy or glossy (not lossless) for web use – the quality difference is invisible to most visitors but the file size reduction is significant. Also enable WebP conversion, which produces smaller files than JPEG with equal quality in modern browsers.

13. Google PageSpeed Score Is Acceptable

Run your homepage through Google PageSpeed Insights (pagespeed.web.dev). You’re aiming for green (90+) on both mobile and desktop. Check the Opportunities section for quick wins: render-blocking resources, images without dimensions, unused JavaScript. Don’t try to fix everything before launch, but resolve any “high impact” issues flagged in red.

14. A CDN Is Configured (If Applicable)

For sites expecting visitors from multiple countries, a CDN (Content Delivery Network) is important. Cloudflare’s free plan provides CDN, DDoS protection, and DNS management for any site. For managed WordPress hosts like Kinsta or WP Engine, CDN may be included. If you’re not on a managed host, set up Cloudflare before launch – it takes about 30 minutes and provides immediate performance and security benefits.

---

Section 4: Security (Items 15-18)

15. SSL Certificate Is Active

Your site should load at https:// with a valid green padlock. Modern browsers mark http:// sites as “Not Secure,” which destroys visitor trust immediately. Most hosts provide free SSL via Let’s Encrypt. Confirm your SSL certificate is active, that your site redirects http to https, and that all internal links, image URLs, and scripts use https URLs (not http). Mixed content (https page loading http assets) still triggers security warnings.

16. WordPress Admin Username Is Not “admin”

Automated brute force attacks target the “admin” username first because it’s the WordPress default. If your admin account still uses this username, create a new administrator account with a different username, log in with the new account, and delete the old “admin” account. Assign any content authored under the old account to the new account when prompted.

17. Strong Admin Password and 2FA Are Enabled

Your WordPress admin password should be at minimum 16 characters with mixed case, numbers, and symbols. Use a password manager to generate and store it – you don’t need to remember it. Enable two-factor authentication with a plugin like Two Factor or WP 2FA. Two-factor dramatically reduces the risk of account takeover even if your password is compromised.

18. Unnecessary Plugins and Themes Are Deleted

Inactive plugins are still an attack surface if they contain vulnerabilities. Deactivated plugins receive fewer updates than active ones and are often ignored by site owners. Delete every plugin and theme you’re not actively using. For themes, keep your active theme and one default WordPress theme (for troubleshooting) and delete the rest.

---

Section 5: Analytics and Tracking (Items 19-21)

19. Google Analytics Is Installed and Verified Working

Use Site Kit by Google or the MonsterInsights plugin to connect Google Analytics 4 to WordPress. After installation, visit your site from a non-admin browser session or private window and verify traffic appears in the GA4 real-time report within 5 minutes. Most theme-level GA implementations inadvertently block tracking for logged-in users – use a private window to simulate a real visitor.

20. Google Search Console Is Connected

Add your site to Google Search Console and verify ownership. Verify both the http and https versions, and the www and non-www versions if relevant. Submit your XML sitemap. GSC is free and provides the most accurate data about how your site performs in Google search – no paid SEO tool comes close to the data quality GSC provides for your own site.

21. Conversion Tracking Is Set Up (If Applicable)

If your site has goals beyond traffic (contact form submissions, email sign-ups, WooCommerce purchases), set up goal tracking in GA4. For contact forms, create a GA4 event for form submission. For email sign-ups, track list subscription events. For WooCommerce, enable the GA4 e-commerce integration in MonsterInsights or the native GA4 WooCommerce integration. Raw pageview data without conversion tracking tells you almost nothing actionable.

---

Section 6: Final Pre-Launch Checks (Items 22-25)

22. All Links Are Working (No Broken Links)

Run your site through a broken link checker. The Broken Link Checker plugin scans your entire site and flags 404 links. Alternatively, run your URLs through a free tool like W3C Link Checker or Screaming Frog (free for up to 500 URLs). Fix or remove any broken links before launch – they’re bad for user experience and provide a negative signal to search engines.

23. Site Is Tested on Mobile Devices

Over 60% of web traffic is mobile in most niches. Test your site on at least an iPhone and an Android device (or use Chrome DevTools’ device emulation). Check: navigation menu opens and closes correctly, images don’t overflow the viewport, text is readable without zooming, buttons are large enough to tap, and forms work correctly on mobile keyboards. Pay particular attention to your contact form on mobile – keyboard types can cause issues with certain field configurations.

24. Automated Backups Are Configured

Before going live, confirm daily automated backups are running and storing to an off-site location (Google Drive, Amazon S3, Dropbox). Run a manual backup before launch day – this creates a clean pre-launch snapshot you can restore to if something goes wrong immediately after launch. Store this backup separately and label it clearly as the pre-launch baseline.

25. Launch Announcement Is Prepared

Prepare your launch announcement before you flip the switch, not after. This includes: your first newsletter to any early subscribers, social media posts for your channels, any press outreach or partner announcements you’ve planned. Having these ready means you can focus on monitoring the site after launch rather than scrambling to create content while checking your server logs.

Launching with 90% of this list done is infinitely better than not launching while you perfect every detail. Ship, monitor, improve.

---

Common Questions About WordPress Site Launch

How do I test my WordPress site before going live?

The most thorough approach is to build your site on a staging environment and test it fully before pointing your domain to the live server. Most managed hosts provide one-click staging environments. Test every form submission, every purchase flow if running WooCommerce, every contact button, and every page at mobile viewport widths. Pay particular attention to things that require server-side interaction: contact forms depend on your hosting mail configuration, checkout depends on your payment gateway test credentials, and login flows depend on your authentication setup. Staging tests catch these integration issues before they affect real visitors.

What SEO settings do I need to configure before launch?

Before launch, confirm three SEO settings in particular. First, verify that WordPress is set to allow search engines to index your site (Settings – Reading – uncheck “Discourage search engines”). Development sites are often set to block indexing and this setting gets left enabled accidentally. Second, install and configure an XML sitemap plugin or use your SEO plugin’s sitemap feature, then submit the sitemap URL to Google Search Console. Third, configure your primary domain in Google Search Console (with or without www) and set up 301 redirects from any variant domains to your canonical URL. These three steps prevent the most common post-launch SEO problems.

Do I need a maintenance page during launch?

If you’re migrating an existing site rather than launching from scratch, a maintenance page during the DNS propagation window is useful. DNS changes take 0 to 48 hours to propagate, during which some visitors see your old server and some see your new server. A maintenance page on the new server prevents visitors from seeing a half-migrated state or broken functionality. Plugins like SeedProd or WP Maintenance Mode can put up a clean maintenance page quickly. For new sites launching for the first time, there’s no existing traffic to protect, so a maintenance page is optional rather than necessary.

WordPress Backup WordPress Launch WordPress Performance wordpress security WordPress Tips

Last modified: April 6, 2026