Today, we are going to take a closer look at a checklist for onboarding WordPress website care clients.
At the end of the article, you will find a link to download a PDF version of the checklist.
If you don’t already have an onboarding checklist for your website care clients, this article is for you.
1. Add the client to your customer portal and/or CRM
Add your client to your client portal and/or client relationship management system. This task should be at the top of your list.
Some people have a client portal that they use to manage clients. There are various ways to set one of those up using Restrict Content Pro, the Customer Portal Premium plugin, or any host of other systems on the market.
If you are using a CRM as well, add them to that. You can use something like GroundHogg to add your customer to your communication system at the start, which will save you time in the future.
2. Set up client communication protocols
To go along with the first task, once you have added your client to your CRM, set up your communication protocols.
By client communication protocols, I mean your communication automations. Once you have onboard your new client, you will likely have a set of instructions about how working with you works. This can be handled with automations.
More info
3. Immediately take a backup
You are about to make changes and clean up the website, better take a backup. What? There is no backup plugin installed? You know what to do. Grab your favorite backup plugin and take the first backup. Make sure you have access to the backup to restore.
4. Make sure WordPress core is up to date
Many vulnerabilities to a WordPress website are not being up to date (source?). Start updating by updating WordPress. Naturally, you will need all plugins to be compatible with the latest WordPress update.
5 Common WordPress Security Issues
5. Run a malware check/cleanup
When you onboard your new client’s website, it is a great idea to make sure it isn’t infected with malware. You can do this with a malware scan.
You can run a malware scan several ways. In fact, Sebastian has an article explaining different options to scan before removing any malicious code.
One option is Sucuri, and MainWP has an extension for doing just that.
There are several other WordPress plugins that include a scanner.
6. Check the WordPress Site Health
The WordPress Site Health tool is a nice place to evaluate your WordPress website. The tool will even give you a quick at-glance look at the entire system including the PHP being ran, the directories and sizes, the version of WordPress you are using, the number of users you have, the active and inactive themes and plugins, server information and so much more.
Site health will also give you a sign of things that should be improved.
7. Do a user Role audit: review user permissions
A user role audit is critical at this point. Who has an account, what are their roles, what do they have permissions for? Chances are most of them have more permissions they need. I know some web care consultants only grant full admin rights to themselves and maybe one other person.
You don’t want staff members indiscriminately installing plugins and adding vulnerabilities to the website that you are trying to protect. You may consider writing that into your contract.
8. Change all admin passwords.
Taking over your client’s new website, it is time to change the passwords. After all, you want them to all be secure. You need to ensure that no one is using “abc123” as their password, especially for an admin account.
9. Do a plugins audit
You have a new website in your care, but what plugins are they using? Are they necessary? What plugins are inactive?
To answer these questions, you will need to do a plugin audit. This task can not be automated. You will have to go through the list one by one.
The first thing to do is make a list of plugins on the website.
You can use something like the wp plugin list command to output a list of plugins on the website.
Or, you can just copy the information into a document. Either way, you might benefit from having a list to give you an overview.
Below are a couple of good resources for a plugin audit:
How to Audit and Clean Up WordPress Plugins
10. Remove old admin accounts
While you are changing those admin passwords, when you see an admin that is no longer part of the picture, go ahead and remove them.
MainWP user Chris Bourne explained to me that this eliminates any issues with former employees who may want to do harm.
When you remove the admin account, you will need to find an account to assign any content to.
11. Review the wp-config file for rogue settings
Checking your WP-Config file is something that MainWP user Chris Bourne explained as important. Check the file looking for any kind of rogue code. Create a new one if you need to.
12. Do checks on performance and speed
In the July 2022 toolbox, I mentioned web.dev and PageSpeed Insights. These tools, which are maintained by Google, are a great place to check for these issues.
Toolbox: Running your web care business with Groundhogg, Zencastr and more
You may also choose to use a third-party tool such as GTMetrix.
13. Communicate to the client the backup and update schedule
MainWP user Rob Cairns suggested this task. Many web care consultants will run reports, but he suggests communicating with your client about when backups and updates are scheduled. You can do this through your CRM or your email software.
You likely run updates on a schedule, so communicate that schedule to your client.
14. Survey security issues, make optimizations
By this point, you will have probably run various tests to gather an idea of the security of the website. Here is where you can install your favorite security plugin and optimize the site to be more secure.
15. Set up Regular communication with the client
Set a communication schedule for your client moving forward. Perhaps it is automated to let them know when you have made updates. You can also give them insights into security issues with a regular email newsletter.
16. Do a database sweep & clean for unused tables, etc.
Run a scan of the database looking for orphaned tables and other issues. You can use something like WP Sweep or a number of other fantastic database cleaning plugins.
Wrapping it up
The list I have here is not exhaustive. I am aware there may be things I haven’t thought of that are on your list.
If you don’t have a list, this is a great starting point! You will probably add your tasks as you continue as a WordPress Web Care Consultant.
Download the Checklist in PDF here.
It is critical that when we onboard a new client, that we go through a process to ensure the site is clean, protected, and ready to help our clients in their business.
The good news is that almost all the tasks on this list can be performed using your MainWP Dashboard.
MainWP has an extension to help with most of these tasks. If you haven’t tried it, today is the day!
