WordPress Development Best Practices

Software Engineering  

Environment considerations Plan two more sub domains as part of website development  qa.<domain> and preview.<domain> 
Selection of Database If AWS, then highly recommended to use RDS If no cloud provider, then also recommended to have DB moved out to another machine 
Platform best practices  Update all plugins / use latest WordPress version  Use latest version of PHP  Install only pre-approved plugins [ and always from marketplace] Optimize images  Check that theme supports lazy loading  For videos, host on YouTube or Vimeo, and then use plugins to embed them If it is a content heavy site, then do not allow multiple revisions of a post Don’t use pingbacks and trackbacks  Avoid long posts, split them if required 
Devops Deployment Automation Ensure Jenkins pipeline for auto deployment from GitHub repo  Follow same principles as App dev for branching ( master / release / feature branches) Pipeline to be built for qa, preview and prod regions  
Performance best practices Run authenticated or unauthenticated PEN tests based on all feature sets of the site Run single user speed test  Run longevity test with single user   Run load test with multi user scenario Delete unused plugins  Install cache plugins  Minify all scripts  Setup Page cache, DB cache prior to launch of website Use CDN for static content  Always render through Gzip  If there are scheduled jobs / cron jobs, for data sync, then push it to nonbusiness hours  Review all external script and see if they are really required – justify use of alle external scripts  All comments cane restricted and/or paginated All screens to render in less than 3 seconds  All APIs (including third party, if any) to render in less than 1 second  
Quality assurance practices For Responsive testing, use company authorized tools Ensure cross browser certification  Ensure landscape / portrait mode tests  Plan for zero console logging  
Marketing capability  Landing pages capability should be part of the theme selection All CTA to be leading to structured data collection  

Project Management  

Execution structure For large enterprise websites, execute as follows  Get menus structure baselined  Get page templates baselines for all menus  Create dummy pages and dummy images on pages  Fill all pages with relatable content from Chatgpt  Then work to enrich real content  
Demonstration scope Define personas who will be using the website – End user, Admin, Marketing team, content team, etc. For each persona, please for work related use cases  
Agile development to the core Every menu can be setup as an Epic  Every submenu / CTA leading to a page can be created as a story  Plan for 1 week sprint only  
Website completion dashboard Project score card to be defined based on page completion (Page completion = Layout, Content, CTA, color, theme, images, 3 rounds of reviews) 


Deployment topology Web, App, DB to be differentiated – separate hosting – for all Enterprise websites  Avoid redirects wherever possible 
99.99 setup  Plan for load balancing in Active-Active mode  Ensure all nodes have a redundancy built in Review for the availability of infra as part of hosting provider capabilities 
Scalability Elasticity of infra to be part of the setup – especially on memory and CPU 

Security & Compliance  

Software hardening Ensure Zero vulnerabilities Upgrade to latest versions of all plugins / and also WordPress   Disable root directory listings SSL enabled  
Infra hardening Only 443 to be opened; all other ports closed Disable outgoing TCP invocations Enable DB access only from App IP Enable DB access only thru jump box  
Geographic security Put hard restrictions on country IP addresses where you don’t expect your users to be  
User management Admin access to be 2FA controlled Content authors to be differentiated from Admin access Tighten the password policy for Users 
Data Collection for any data collection forms, use Captcha  ensure JavaScript validations for all input fields ensure server-side validation filter for all input fields  

Maintenance & Operations 

DB Backup Ensure DB backup is enabled as per the std backup policy  
Machine backup AMI snapshots frequency to be setup as per the std AMI policy  
Level 1 Operations Setup a Production monitoring Bot for constant monitoring of uptime and alert escalations  For all Static content changes, ensure CDN, Cache refresh as part of daily ops Setup Newrelic / or Zabbix / or any other prod monitoring platform for Infra and Software Alerts based on SLAs 

Third party integrations  

CRM Plan CRM integration upfront, all data collection forms to be sending data into CRM 
Google analytics  Define unique UA Ids under one account for the website -QA, Preview, Prod All UA IDs to be environment driven  
CDN All static content to be CDN enabled 
Cloudflare  Primary domain to be routed via Web firewall for security, Cloudflare basic subscription to be put in place  
Chat bot Ensure Chatbot availability timings are well defined  All content data to be pushed to CRM All contact to be pushed to CRM