This plugin hasn’t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

Site Checklist


Site Checklist is born out of frustration we had while manually checking sites for various points. This plugin will do the hard work for you.

Current checks

This plugins checks if:

  • Database prefix is wp_
  • User with the name ‘admin’ exists
  • Upload folder is writeable
  • Comments are turned off
  • Permalinks are configured
  • Inactive themes are found
  • Inactive plugins are found
  • The standard post and page exists
  • The plugin ‘What the File’ is installed
  • The plugin ‘Yoast SEO’ is installed
  • wp-config-sample.php exists
  • Unique authentication keys are setup
  • Site is turned public
  • A custom 404 template exists
  • A print.css file exists
  • A style.min.css exists
  • Administrators use one of the 1000 weakest passwords
  • XMLRPC is turned off
  • DISALLOW_FILE_EDIT is defined
  • The JSON API is turned off

And also:

  • Retrieves PageSpeed insight scores from Google
  • Generates page with the most used HTML elements for you to check
  • Can generate screenshots of your site on different screens and devices using Browserstack.


  • Checklist page after running the checks.
  • Generated screenshots using Browserstack
  • Settings page


Installation Instructions
  1. Upload the plugin files to the /wp-content/plugins/site-checklist directory, or install the plugin through the WordPress plugins screen directly.
  2. Activate the plugin through the ‘Plugins’ screen in WordPress
  3. Go to Tools->Checklist and start the checks
  4. Optional: Fill in your Browserstack credentials and generate screenshots

Contributors & Developers

“Site Checklist” is open source software. The following people have contributed to this plugin.


Translate “Site Checklist” into your language.

Interested in development?

Browse the code, check out the SVN repository, or subscribe to the development log by RSS.



  • Bugfix


  • Bugfix


  • Adds filter to result page
  • Bugfixes


  • Checks if XMLRPC is turned off
  • Checks if DISALLOW_FILE_EDIT is defined
  • Checks if the JSON API is turned off
  • Shows result of the checklist after running


  • Bugfixes
  • Checks if administrators use one of the 1000 weakest passwords


  • Added plugin assets


  • Initial plugin release