The Website Audit Checklist for Developers


If you're a website developer, it's important for you to have a thorough website audit process in place. Not only to protect you when you take over a website from another developer but also to use this as a value-add product that you can charge for.

In this post, I'm giving you the ultimate guide to website auditing. I'll explain when to conduct an audit, the tools you need and the complete checklist to be able to create your own website template to reuse for each client.

The Importance of a Website Audit

A website audit can be seen as a wedge product, whereby you give the client something small so that you then have the foot in the door. You then earn their trust and build the relationship by over-delivering and then ask them what else they need and how you can help their business.

When you inherit a site from another developer a website audit is imperative to ensure that there are no major issues before you send over your plans and pricing. But it isn't just about auditing the PHP code and thinking about how you can protect yourself – you also need also to deliver some sort of report to give value to the client so you can get paid for it. 

It's pretty simple really, you just need to dig into the client's website and web hosting account and look for opportunities to optimise. It doesn’t take too much time on your part since you have tools like website scanners and optimisation plugins to offload most of the work to.

Tools to Use for Website Auditing

  • Auditing: I use My Web Audit to scan and generate a fully comprehensive audit report.
  • Maintenance: ManageWP is simple to use for automated maintenance reports
  • SEO: There are many tools available such as SEMRush and Moz or if you'd prefer a freemium, check out Neil Patel's site Ubersuggest. 

Should You Charge for a Website Audit?

Using this checklist below you will be able to deliver a truly valuable tune-up service, so you can charge well for it and then convince those clients to sign up for the year-long maintenance support product.

You can set this up as a systemised process with a set price and even teach people in your team to conduct the audits. Or you can offer this as part of your care plan package once every six months or can be something you sell to the client to get them onto the care plan.

On a similar note, you can sell website audits on an annual or semi-annual basis. These probably wouldn’t be for WordPress maintenance clients who understand the value of keeping security and performance in check. These audits would be for the clients who need a little more persuasion.

The Website Audit Checklist

The following is the checklist that I use in my business, Renegade Empire.  It's a review of how the website was built and what steps should be taken to improve security and performance.

1. WordPress & Plugins

It's important that the client is with a web hosting provider that automatically updates WordPress to the latest version or that they have a webmaster that does this for them. Let the client know that 80% of all WordPress updates are security patches to keep WordPress safe from hackers.

2. Web Hosting

You may need to ask for more information about their web hosting plan, who they contact for support and the login information. You also may want to make a better recommendation.

3. Email Hosting

Find out who they're using and perhaps recommend that they use a dedicated email hosting service such a Google Apps or Office365 for improved reliability and less resource usage on their web server.

4. Plugins

Plugins are an integral part of WordPress and directly affect performance. Since all plugins are by 3rd parties, it is important that their website only has plugins that are necessary to the website's functionality.

Here you want to:

  • Review all plugins with your web team to understand how they are used and create documentation for future reference
  • Document licenses, costs and renewal dates for all premium plugins
  • Delete unused plugins

4. Theme Review

Check the following:

  • Theme name and version
  • Active license and support
  • Support contact detail
  • History of the theme and if there have been any issues

5. Theme Customisations

Themes can be customised by a developer to add functionality that is not in the original theme. Customisations should always be carried out on a child theme, which is a way to perform customisations without affecting the original theme. Documentation should be included so future developers can understand the customisations.


  • That they are using a child theme
  • The location of documentation

Note on installed themes: The theme folder should be cleaned up to have only one active theme and one fallback theme. In this case, the WordPress default theme serves the purpose of the fallback theme. In the event that the installed WordPress theme gets deleted or something goes wrong, then WordPress automatically falls back to the default theme.

Note on theme updates: Theme updates can include changes to how the website will display. Due to this, recommend to the client that you test new theme versions on a development copy of their website before deciding on integrating any of the changes to the live site. This is additional to standard maintenance.

6. Security

Make sure that the site has an active SSL certificate. In the client report, explain the following:

SSL certificates encrypt website traffic for increased security for you and your website visitors. Google also uses this as part of its ranking algorithm and sites without SSL certificates may be penalised.

Then take a security scan and report on these results:

1. [No Malware / Malware] found
2. [plugin issues – action needed]
3. [other issues – action needed]

Finally, recommend that they scan for security issues daily and implement a software maintenance plan.

7. Backups

Check whether they have a backup schedule and if not then make the following recommendation:

Backups are essential in case there is an issue with your website files, database or hosting and something needs to be restored. At a minimum, the website should have a daily backup plan and the backup should be stored offsite.

8. Performance

Report on:

  • Loading time
  • Google Pagespeed grade
  • Yahoo Yslow grade

Note: Websites should load in less than 3 seconds. Even a 1-second delay in loading time can mean thousands in lost revenue for e-commerce stores.

9. Broken Links

Broken links are links to web pages that do not exist. This is a bad experience for your visitors which can result in high bounce rates and search engine penalties.

Report on the number of broken links and recommend the ongoing maintenance plan to scan and fix links regularly.

10. Google Results

Take a screenshot of the clients listing in Google and make any recommendations to improve this.

11. Google Places

Businesses with a physical address can use an optimised Google Places listing to boost their visibility in search engines and rank highly even if the business website does not. Check the following:

  • Is the business on Google Places?
  • Is accurate business information listed?
  • Are customer reviews listed?
  • Are relevant, high-quality photos listed?

12. Mobile Optimisation

Check that the website is mobile friendly and send the client the link to a mobile-friendly test from Google.

13. Keyword Rankings

Using a tool such as SEMRush or Moz, you can create a report to include in your audit. Then you can list your recommendations such as:

1. Increase exposure in search engines and website traffic by improving your ranking for relevant keywords with high search volume.
2. Create and share interesting articles to attract your ideal customer to your website.
3. Capture visitor contact details by creating a free, irresistible offer in exchange for their email address.

Wrap Up

It's hard to sell someone on a problem that they don’t realise they have. So the audit leads them to the point that they don’t have a backup plan because perhaps they didn’t know they needed to pay attention to this stuff.

Use the checklist to make your own template, and write up a process so that others in your team can easily do this for you. Oh and if you haven't already grabbed your free proposal template, make sure you click below! It's a game-changer – I promise!

Share this post on Social

Picture of Simon Kelly

Simon Kelly

Tell us where to send your Prospectus

Now is the time to double down on growing your digital agency.

A Free Training Series For Web Designers and Digital Marketers

Learn how to get clients.
Deliver amazing projects.
Create recurring revenues.

Download our Proposal Template Package

Start winning better projects with bigger budgets now.


High Ticket Sales Funnels

Three things you need to know before you can start scaling your business with automated high ticket sales funnels

Join the discussion!

The Agency Hour Podcast: Guest Application