You have spent days building the site. The pages look good, the fonts are right, the logo is in place. You click publish and tell the client it is live.
Then three days later they message you — the contact form is not sending emails, images are loading slowly on mobile, and Google Search Console is throwing errors you have never seen before.
It happens more than most developers want to admit. Not because they are careless, but because going live feels like the finish line when it is actually the starting line. There are things that only matter once a real user is sitting in front of the site, and a lot of them are easy to miss when you are deep in the build.
This is a checklist of the things that genuinely get overlooked — not the obvious ones like testing your navigation, but the ones that come back to bite you a week after launch.
Your Permalink Structure Needs to Be Set Before Anything Gets Indexed
This one catches people badly because it feels like a minor setting. Go to Settings → Permalinks and make sure you are using Post Name or a custom structure before the site goes live. If you change permalink structure after Google has already indexed your URLs, every link pointing to those pages breaks. You end up with 404s everywhere and have to set up redirects manually to recover.
Set it once before launch and leave it alone.
SSL Is On But Is It Actually Working Everywhere
Installing an SSL certificate is not the same as having a fully secure site. Mixed content errors happen when some elements on the page — images, scripts, stylesheets — are still loading over HTTP while the rest of the page is HTTPS.
Check the browser address bar. If there is a padlock with a warning triangle instead of a clean lock, something is loading insecurely. A plugin like Really Simple SSL handles most of this automatically but it is worth manually checking key pages, especially ones that have embedded media or external scripts.
Caching Without Thinking About It Creates Problems Later
Caching plugins make a real difference to load speed but they need to be configured properly. Out of the box settings on most caching plugins are not optimised for every site. If you are running WooCommerce, cart and checkout pages need to be excluded from caching. If you have a logged-in user experience, that needs separate handling.
The other thing people miss is browser caching headers. Setting appropriate cache expiry for static assets like images and fonts means returning visitors load the site much faster. Most caching plugins handle this but you need to actually go in and configure it rather than just activating the plugin and assuming it works.
Image Sizes Are Probably Larger Than They Need to Be
This is one of the most common issues on WordPress sites and also one of the easiest to fix before launch. Images uploaded at 4MB are not suitable for web. Most WordPress themes do not compress images automatically unless you install something specifically for that purpose.
Run the site through Google PageSpeed Insights before going live and look at what it flags under image optimisation. Tools like Imagify or ShortPixel handle compression and can convert images to WebP format automatically. The difference in load time is significant, especially on mobile connections.
Speaking of mobile — check every page on an actual phone, not just using browser developer tools. Responsive design sometimes breaks in ways that only show up on a real device.
Your Forms Are Not Actually Sending Emails
WordPress uses the PHP mail function by default to send emails. Most hosting environments either have this disabled or have it flagged by spam filters, which means contact form submissions, order confirmations and password reset emails never arrive.
Install WP Mail SMTP and connect it to a proper sending service — Gmail, SendGrid, Mailgun or your hosting provider's SMTP. Send a test email before launch. This takes about fifteen minutes and saves enormous headaches later.
Basic SEO Setup Takes Ten Minutes and Most People Skip It
Yoast or Rank Math should be installed and configured before launch. The specific things that matter most at this stage are setting your site title and tagline, writing a homepage meta description, making sure your XML sitemap is generated and submitting it to Google Search Console.
Also check Settings → Reading and make sure the option that says "Discourage search engines from indexing this site" is turned off. It gets left on from development mode more often than you would think.
Security Is Not Just Installing a Plugin
WordPress sites get targeted constantly. The basics take no time at all and they genuinely matter. Change the default admin username if it is still admin. Use a strong password and a password manager. Install a security plugin like Wordfence or Sucuri and run an initial scan. Enable two-factor authentication on the admin account.
Limit login attempts. The default WordPress login page allows unlimited attempts which makes brute force attacks easy. Loginizer or any security plugin handles this.
One more thing — keep a record of all your plugin and theme versions at launch. When something breaks after an update you will want to know exactly what changed.
Backups Need to Be Automatic From Day One
Not from the day something goes wrong. From day one.
UpdraftPlus is free and takes about five minutes to set up. Connect it to Google Drive or Dropbox and set automatic weekly backups for low-traffic sites, daily for anything with regular content updates or eCommerce. A backup sitting on the same server as the site is not a proper backup — store it somewhere external.
Check What Google Actually Sees
Before you call the project done, go to Google Search Console and use the URL Inspection tool on your homepage. This shows you exactly how Google crawls and renders your page. You might find that JavaScript-heavy elements are not being seen, or that certain content is being blocked by your robots.txt file.
Fix these before launch. They are much harder to deal with once the site has been indexed incorrectly.
Maintenance Does Not End at Launch
A WordPress site needs ongoing attention. Plugin updates, theme updates, WordPress core updates — these need to be monitored regularly. An outdated plugin is one of the most common ways WordPress sites get compromised. Security patches get released and if nobody is applying them, the vulnerability stays open.
Uptime monitoring is worth setting up too. Free tools like UptimeRobot send you an email the moment your site goes down. Without it you might not know for hours.
If ongoing maintenance is not something you want to manage yourself — or something your client cannot handle alone — having someone handle plugin updates, security checks, backups and performance monitoring on a regular basis is worth looking into. Wally Web Maintenance handles WordPress maintenance for businesses that need it done properly without adding it to their own workload.
Going live is not the end of the job. The sites that stay healthy long-term are the ones where someone is paying attention after launch — checking that everything is working, keeping things updated and catching problems before users do.
Run through this list before your next launch. Most of it takes under an hour total. The time you spend on it now is a fraction of the time you will spend fixing things after the fact.
Top comments (0)