Software Engineering
| Environment considerations | Plan two more sub domains as part of website development qa.<domain> and preview.<domain> |
| Selection of Database | If AWS, then highly recommended to use RDS If no cloud provider, then also recommended to have DB moved out to another machine |
| Platform best practices | Update all plugins / use latest WordPress version Use latest version of PHP Install only pre-approved plugins [ and always from marketplace] Optimize images Check that theme supports lazy loading For videos, host on YouTube or Vimeo, and then use plugins to embed them If it is a content heavy site, then do not allow multiple revisions of a post Don’t use pingbacks and trackbacks Avoid long posts, split them if required |
| Devops Deployment Automation | Ensure Jenkins pipeline for auto deployment from GitHub repo Follow same principles as App dev for branching ( master / release / feature branches) Pipeline to be built for qa, preview and prod regions |
| Performance best practices | Run authenticated or unauthenticated PEN tests based on all feature sets of the site Run single user speed test Run longevity test with single user Run load test with multi user scenario Delete unused plugins Install cache plugins Minify all scripts Setup Page cache, DB cache prior to launch of website Use CDN for static content Always render through Gzip If there are scheduled jobs / cron jobs, for data sync, then push it to nonbusiness hours Review all external script and see if they are really required – justify use of alle external scripts All comments cane restricted and/or paginated All screens to render in less than 3 seconds All APIs (including third party, if any) to render in less than 1 second |
| Quality assurance practices | For Responsive testing, use company authorized tools Ensure cross browser certification Ensure landscape / portrait mode tests Plan for zero console logging |
| Marketing capability | Landing pages capability should be part of the theme selection All CTA to be leading to structured data collection |
Project Management
| Execution structure | For large enterprise websites, execute as follows Get menus structure baselined Get page templates baselines for all menus Create dummy pages and dummy images on pages Fill all pages with relatable content from Chatgpt Then work to enrich real content |
| Demonstration scope | Define personas who will be using the website – End user, Admin, Marketing team, content team, etc. For each persona, please for work related use cases |
| Agile development to the core | Every menu can be setup as an Epic Every submenu / CTA leading to a page can be created as a story Plan for 1 week sprint only |
| Website completion dashboard | Project score card to be defined based on page completion (Page completion = Layout, Content, CTA, color, theme, images, 3 rounds of reviews) |
Infrastructure
| Deployment topology | Web, App, DB to be differentiated – separate hosting – for all Enterprise websites Avoid redirects wherever possible |
| 99.99 setup | Plan for load balancing in Active-Active mode Ensure all nodes have a redundancy built in Review for the availability of infra as part of hosting provider capabilities |
| Scalability | Elasticity of infra to be part of the setup – especially on memory and CPU |
Security & Compliance
| Software hardening | Ensure Zero vulnerabilities Upgrade to latest versions of all plugins / and also WordPress Disable root directory listings SSL enabled |
| Infra hardening | Only 443 to be opened; all other ports closed Disable outgoing TCP invocations Enable DB access only from App IP Enable DB access only thru jump box |
| Geographic security | Put hard restrictions on country IP addresses where you don’t expect your users to be |
| User management | Admin access to be 2FA controlled Content authors to be differentiated from Admin access Tighten the password policy for Users |
| Data Collection | for any data collection forms, use Captcha ensure JavaScript validations for all input fields ensure server-side validation filter for all input fields |
Maintenance & Operations
| DB Backup | Ensure DB backup is enabled as per the std backup policy |
| Machine backup | AMI snapshots frequency to be setup as per the std AMI policy |
| Level 1 Operations | Setup a Production monitoring Bot for constant monitoring of uptime and alert escalations For all Static content changes, ensure CDN, Cache refresh as part of daily ops Setup Newrelic / or Zabbix / or any other prod monitoring platform for Infra and Software Alerts based on SLAs |
Third party integrations
| CRM | Plan CRM integration upfront, all data collection forms to be sending data into CRM |
| Google analytics | Define unique UA Ids under one account for the website -QA, Preview, Prod All UA IDs to be environment driven |
| CDN | All static content to be CDN enabled |
| Cloudflare | Primary domain to be routed via Web firewall for security, Cloudflare basic subscription to be put in place |
| Chat bot | Ensure Chatbot availability timings are well defined All content data to be pushed to CRM All contact to be pushed to CRM |