Site Audit Checklist is composed around the lean testing philosophy. I did a lot of exploratory testing, but my mind tends to wander and drift. So, I have written down a few simple things that I should check every time. The list is a perpetual work in progress; it’s not exhaustive, and it doesn’t replace your own research and knowledge.


Simple Checks

If you are in a hurry, check these.

Check the general functionality/appearance of the site on multiple devices and browsers (Desktop, Android, IOS / Chrome, Safari, Firefox, Edge).

  • Click on buttons and links.
  • Submit form from the Contact page.
  • For desktop: resize the browser window and see how it behaves for different resolutions (manually or from the developer tools).
  • Test the galleries with images.
  • Spot anything that might be wrong with the design of the page (fonts, margins, etc).

Check other common errors:

  • Broken SSL.
  • Broken URLs (including in-page anchors).
  • Missing ALT/Title tags.
  • Images that are loading too slow.
  • Console errors in browser’ developer tools. Especially the red colored notices.

If the pages are live:

  • Check if URLs are pointing to the staging site.
  • Check if there are other remaining artifacts from the development stage.
  • Verify if the details from the About and Contact pages are updated.
  • Performance tests for different locations and conditions (network speed, blocked resources).

Content related issues.

  • Do you have Terms Of Service, Privacy Policy and About Us pages?
  • Are there mixed languages in the text?
  • Is text visible and readable on desktop and on mobile?
  • Can visitors communicate with you? Can you receive feedback from them?

General Look

First, second, and third impression.

  • Look at your site with “fresh eyes”. You might want to open it in a different browser or device than usual. Then, come back to the browser you are using it. Imagine that you are first time visitor.
  • Can you identify the site’s goal in the first few seconds after you see it?
  • Where are the main buttons? Is navigation clear?
  • How is the contrast of the text? Is it easy to read?
  • Are images too pixelated?
  • Do you feel that the content is properly aligned? (Creative misalignment is fine unless it confuses the visitor.)
  • Are there any obvious grammar mistakes on your site? Do your texts follow basic punctuation rules, such as not having a space before a period?
  • Humor is fine, but ask yourself if your content might be offensive for someone.

Functionality

Do things work on your site?

  • Internal/External links
  • Buttons
  • Forms
  • Menu/s
  • Internal links. Do they open in the same tab? There are very few cases when it’s OK to open a page from your site in a new tab. In most situations, users are annoyed by this.
  • External links. Do they open in a different tab? This is subjective, I consider that users should remain on your site even if they click on outgoing links.
  • Do you have broken links? You might use a tool for this. Also, check them in Google Search Console.
  • Buttons. In my opinion, all buttons should keep the users on your site. The only reasonable excuse to open button links in a new tab is when users are taken to an app or service that you offer to them.
  • Forms. Check if users can submit them and that they get to you. Also, can users send a form even if the mandatory fields weren’t completed? Have you implemented validation to fields like email?
  • Do the menus open as you wanted? How does the mouse-over menu work? Are they functioning properly in desktop, tablet, and mobile media views?

SEO

How hidden is your site from Google and the general public?

  • SEO basic standards: URLs should be descriptive and easily readable. Meta titles should have no more than 60 characters. Also, meta descriptions should have no more than 155 characters. Use headings judiciously. Research keywords, but also keep the end user in mind and think about how it will look for your site.
  • Proper use of the headings is essential. One H1 per page. Use headings to structure your content. This way, you will satisfy both the users and the search engines.
  • Schema markup of your content makes it easier to be read by search engines. You might consider using it.
  • Know your visitors. Do you have any form of traffic analysis, like Google Analytics?
  • Check for orphan pages. You might have outdated pages that are still indexed by Google. There are multiple ways to remove them, but if you don’t know them, the simplest way is to just delete them.

Performance

Is your site too slow? Can you do something to make it faster?

  • Subjective performance is the most important. Open your site, and see if how it moves. Try from different locations by using a VPN.
  • Test performance with different tools. Google’ Pagespeed Insights is the starting point if you don’t know other. Take the results with a grain of salt.
  • If you don’t have issues with using Google services, link your site with Google Search Console.
  • Do you use a CDN for serving your site in a proper way to visitors from different parts of the world?

Artifacts

You built it, but have you cleaned the site?

  • Development artifacts don’t make a good impression. Do you have remaining comments in source that don’t look professional?
  • Text editing artifacts. You changed a few words in the text, and forgot to delete the old part, or to check if subject-verb agreement still works. This is a very common mistake.
  • Consistent naming for the Services/Apps/Tools that you offer. Do they have the same name everywhere they appear on your site? If you change your service name, be sure to do the change in all places.

Basic Security

Minimal things you can do to make your site a bit safer.

  • SSL. Always use SSL. It is minimal protection for your website visitors. Most hosting providers offer free versions. If the site is for a larger business, you can purchase a premium version.
  • Backups. The most important thing is to make frequent backups and potentially save them locally. This protects you from accidental damage and helps you restore your site online if you encounter a security issue.
  • Updates. Theme, plugin, and program providers will issue updates when there are security issues. It is important to install these updates. Obviously, do this after making a backup (in case there are conflicts with other existing products or something does not work correctly).
  • Forms. Test forms for injection and code sanitation. Be sure that code cannot be introduced and executed.
  • Security Plugin. Make sure to use a security plugin. None guarantee absolute security, especially in the free version, but it’s better than nothing. I find Sucuri easy to use.
  • Also, read about different firewall solutions. Some of them are easy to implement or are already activated by your hosting, other are more advanced and premium. You have to do a bit of research to find your preferred solution.
  • Safe marketplace. Download plugins and add-ons only from secure sources. For example, for WordPress, get them from WordPress.org.
  • Static Site if Possible. If your site is small and does not change frequently, consider serving it as a static site.
  • Strong Passwords. Strong passwords mean at least 12 characters that are hard to guess. Choosing and maintaining your passwords is a topic in itself. You can use a password manager, but ensure you select a reputable one.
  • Inform yourself. There are security solution providers that frequently aggregate reports about vulnerabilities. In the WordPress world, one such provider is Wordfence.
  • Privacy. It’s important to have a privacy policy and disclose the tools you are using for monitoring visitors.
  • Do not share too much private information. Businesses need to be transparent and provide enough details about themselves, but disclosing too much private information is not acceptable either.

(Please note that these are only a few directions, and the list is not exhaustive. You need to do your research and read about security yourself. I am not a specialist in this domain, and these are just some basic things I pay attention to.)