How to Setup Google Analytics Tracking on a WordPress Website

Setting up Google Analytics is a critical step to understanding how visitors are finding and interacting with a WordPress website. There are many other analytics solutions available besides just Google Analytics, but it’s a great free tool many can and should use when getting started with tracking website analytics.

All that’s needed to setup Google Analytics on a WordPress site is access to the backend of the WordPress site and a Google account. Once the initial setup is complete it’s easy to test to see if it’s properly tracking and proceed to setting up more advanced features in Google Analytics.

How to Setup Google Analytics with WordPress

The first step is to visit https://analytics.google.com and ensure you are logged into the account you want to setup as owner of the WordPress site in Google Analytics.

Once properly logged into the right Google account you want to use, in the bottom left corner you’ll see a gear icon for “Admin” and you’ll want to click that. Next, find a blue button that says “+Create Account” and begin the account and property setup process.

For the Account Name just input the name of the website, it’s not all that important. There are some other settings on that page but you can just hit “Next” and continue onto the next step.

For the Property Name just name it the same as above, it’s not all that important for a basic setup. Note the “advanced options” you may want to create a Universal Analytics property by turning that on if you want to associate this property with a Google Search Console property. Then go ahead and click “next” again.

The “About Your Business” is also not all that important. Usually just select the size of the business and check ALL the boxes. And click “Create” and accept the terms.

Now you want to setup the “Data Stream” which is basically the tracking code that feeds into the Google Analytics account. The Stream Name isn’t all that important either. This will give you the “Measurement ID” or your Google Site tag (gtag.js) that you want to add to your WordPress website.

How to add Google Analytics Tracking Code to WordPress

Where you add the Code is going to be different on every website. Sometimes in the theme options for the theme the site is using. Sometimes Appearance -> Theme Options. Or Sometimes you’ll want to add the Google Analytics tracking code via a plugin which you can search for on the plugin repository.

How to Test Google Analytics is Tracking Correctly

After installing a GA tracking code on a WordPress website, you’ll want to test to ensure it’s tracking visitors. This can be done by navigating to Reports -> Realtime in Google analytics. Then, open an “incognito” or “private” browser window and visit the WordPress site… After about a minute you should see the live traffic pop up in your realtime report. This means you’ve installed the tracking correctly.

That’s it! If you’d like to learn more Analytics items like this be sure to check out the WordPress Analytics Checklist we offer for free.

How to Add a WordPress Website to Google Search Console

One of the more important first steps to improving how Google displays a WordPress website is ensuring it’s properly added to Google Search Console. Google Search Console is a free tool that can help you identify issues and improve a website’s performance in Google search results.

This is a fairly easy to do process and not one with big consequences if you happen to mess something up. The biggest thing is ensuring you have the proper access and credentials to verify the website with Google, otherwise you’ll need to find those before the site can be added to Google search console.

To add a WordPress site to Google Search Console you’ll need:

  1. A Google Account
  2. Access to the Domain Registrar or Hosting Account where the DNS Settings

For the Google Account, you’ll want to use the one you typically manage other things for the website with. The Google Account or Gmail that you are signed in with when adding a site to Google Search Console will become the “Property Owner” in search console, from there you can add other additional Google Accounts or Gmails that you want to manage the property on Google Search Console if you wish.

For the DNS settings, this is how you will verify ownership of the website. Sometimes the DNS settings for a domain name are accessed through where you bought the domain name, the registrar, like GoDaddy for example if the website is also hosted there as well. But sometimes the DNS settings are controlled where the website is hosted, which might be different to where there website domain name is registered. For example, the domain name might have been purchased from GoDaddy but hosted on Bluehost, so the nameservers are pointed at Bluehost, where the DNS settings are controlled.

There are multiple ways to verify a WordPress website with Google Search Console but we’ll focus on using the most common DNS verification method but here are the others:

Here you can find information on all these methods and this whole process from Google: https://support.google.com/webmasters/answer/9008080

How to Add a Site to Google Search Console

First, ensure you are logged into the Google Account you want to give ownership to the site in Google Search Console.

Next, visit https://search.google.com/search-console/about and Start the process.

You’ll want to add a website which is detailed by Google here: https://support.google.com/webmasters/answer/34592

Once you add a website, you’ll need to complete verification as we described above in this article. Be patient in this process as if you add a DNS entry it can take a few hours or more for propagation so that Google can confirm the new DNS TXT record.

After you’ve successfully verified the website with Google Search Console, it may take some time for data to appear, so be patient with this as well.

Additional Resources

The following website provide additional helpful information if you continue to have issues with this process.

  1. Official WordPress Search Console Help Article
  2. How-to Article by WP Engine on Adding a Website to Search Console
  3. Yoast Article on how to Add a WordPress site to Search Console
  4. WPBeginner Article on how to Add a WordPress site to Google Search Console

Hopefully this information and the linked additional resources get you through the process smoothly so you can get on to improving a WordPress website’s performance in Google search results. For more WordPress SEO tips be sure to check out the free SEO Checklist.

Identify WordPress Google Indexing Issues with a site: Search

To help with identifying Google indexing issues with a WordPress website it’s useful to try the site:websiteurl.com search in Google. This will show you how Google is currently viewing and displaying any WordPress site in Google. This trick will help you root out many issues to help any WordPress site display properly in the Google search result pages.

The following video covers this process which will be explained in more detail below.

How to perform a site: query in Google

You can see in the image above how to search Google to display results from a certain website only. Simple type site: followed by the website you’d like to see how Google is indexing. This will end up displaying results as you see below:

From this point you can begin diagnosing any indexing issues that might be present in the Google search results pages. The video covers a lot of potential issues as well.

Potential issues identified by this type of search in Google

  • Duplicate Content
  • Meta Title Issues
  • Meta Description Issues
  • WordPress Permalink Settings
  • WordPress SEO Plugin Settings
  • WordPress Archive Pages – Date, Categories, Tags, Author
  • More…

This is one of the first tactics used to begin understanding how Google is currently viewing and displaying a WordPress website when trying to improve SEO. It’s easy and free to do and can lead to great actionable insights.

WordPress SEO Audit Checklist

WordPress is great for Search Engine Optimization and enabling success in the search engines. This checklist helps identify items that out of the box WordPress does not address and makes sure you are taking the right steps to ensure success with SEO and WordPress. SEO is an industry with a wide rang of professionals from actual experts to self-proclaimed experts. It’s useful to have a base understanding of how SEO works and be timid of those claiming to be experts making sure you feel good about any work you hire out that it’s from a reputable professional that’ll get the results you are looking for. Most importantly SEO takes time and any results you can expect to take at least 1-3 months, so remember it’s a marathon not a sprint, although there are some foundational items you need to have right.

Each checklist item is numbered in correspondence with the Master Checklist with a short summary and a link to more detailed information if available.

Master Checklist Table of Contents

  1. WordPress Website Analytics Setup Checklist
  2. WordPress Website Security Audit Checklist
  3. WordPress Performance Site Speed Optimization Audit Checklist
  4. WordPress SEO Audit Checklist [you are here]

WordPress SEO Checklist

4.1 Website has been added to Google Search Console (GSC)

If SEO means optimizing for Search Engines, then Google is the elephant in the room. Google Search Console (GSC) it’s Google’s free tool that gives you insights into how Google is viewing a WordPress website. It’s critical to ensure you’ve added and verified your site with GSC as a first step when launching your site or beginning optimizations. Learn More

4.2 Add Google Analytics as an “Associated Service” in GSC.

This allows Google Search Console and Google Analytics to share information, giving you and Google a better picture of your WordPress website. This is not a critical step if you happen to use a different analytics solution other than Google Analytics and don’t have the tracking code installed on your site. It’s more of one of those things that you know is not hurting you if done, regardless of how much it helps your WordPress site’s search engine performance.

4.3 Properly setup and submitted your Sitemap(s) to GSC.

Sitemaps have long been the way to tell Google how you want it to view and crawl a WordPress website. Google Search Console has a specific place to upload your sitemap by defining the URL where it lives. Google will tell you if the sitemap is Valid or not and after a few days will show you any error, warning or excluded pages. This is very helpful for ensuring the WordPress posts and pages you want indexed in Google and and those you do not want to be found in Google are not.

4.4 Check the ‘Coverage’ section of GSC.

Similar to the Sitemaps section the Coverage section will tell you how Google is viewing a WordPress site. It’ll point out any important crawl error that need to be addressed and enable those to be fixed. This is a powerful tool for WordPress sites not performing as they should in organic search results or even older sites that have a legacy of disregard for proper SEO best practices.

4.5 Check the ‘Performance’ section of GSC.

Use this section to gain and understanding of a WordPress website’s performance in Google over time. Get familiar with which queries searchers are using tofind your site, which pages their finding, visitor demographics, average click through rates CTR, and average SERP ranking position.

4.6 Review the rest of the areas of GSC for issues.

Google continues to improve upon Google Search Console, since sunsetting Google Webmaster Tools. If you are attempting to SEO a WordPress site, then you should be very familiar with ALL sections of the dashboard. Some GSC tools like Core Web VItal require a minimum amount of traffic so sometimes it’s not all that helpful on newer sites. And with anything Google you shouldn’t expect realtime results but rather be willing to check back on how things are progressing over days, weeks and months.

4.7 Consider using Bing Webmaster Tools in addition to GSC.

Bing Webmaster Tools is a powerful free tool you should be using as well. Although traffic from Bing will always be significantly less than from Google, the tool is still helpful for optimizing your WordPress site for search engines. Microsoft (Bing) has put a lot of resources into developing their alternative solution to Google and importing your GSC WordPress sites into Bing Webmaster Tools is easy to do.

4.8 Do a site:http://websiteurl.com search in Google to identify potential indexing issues.

This is a great trick for checking out how Google is displaying any WordPress website to searchers on the search engine results page. It limits your Google search to only the website url you put after the site: so you can see how Google is displaying the various pages of your site. Many indexing issues can be identified and resolved using this method. Learn More

4.9 SEO plugin is professionally configured.

SEO is not something that is learned overnight. Most SEO plugins have a ton of toggles and options for various configurations. Getting these settings set correctly can be make or break for SEO results and this is an area where consulting with a expert in WordPress SEO could really be a wise investment.

4.10 Search engines are not discouraged from the WordPress site (Settings -> Reading).

If a WordPress site is not index in Google, meaning unable to be found in the Google search results then the site might be discouraging search engine. This is a setting in WordPress that often is turned on during development of a website, but should be disabled at launch.

4.11 All images have defined ‘alt’ attribute.

This is a classic SEO requirement to include a descriptive alt attribute to every image on your site. Not only is this good for accessibility, but it’s also great for SEO as the alt attributes often contain keywords. There are tools available to identify images on your site with missing alt attributes and these should be filled in as descriptive as possible.

4.12 Theme utilizes Schema Markup.

Schema Markup is a structured data vocabulary that search engines understand that can be built into a WordPress theme or page. These standardized data point can enable Google to show rich snippets search results such as prices for example. Embracing schema markup on a WordPress site can have many SEO benefits.

4.13 The content on the website is unique and not copied or duplicate.

Google does not appreciate duplicate content. This is why you can just go duplicate (steal) another website’s copy/design and rank well in search engines. Ensure that you have original content on your WordPress site and it will perform better in Google. Remember that Google wants to display the best result for searcher, not a copy of the same thing.

4.14 Permalinks are configured correctly.

With WordPress it’s important to pay close attention to your permalink structure. Post Dates and Post Numbers are less relevant to Google thank Post Names for example which are very descriptive. Keeping an orderly link hierarchy with clean and descriptive permalinks from the start will help avoid pesky redirection in the future.

4.15 Use a redirection plugin and monitor for 404s (broken links).

Every WordPress site ends up needing to use redirections when pages and posts are deleted, changed, or for a multitude of other reasons. Some redirection plugins can also monitor for broken links allowing a WordPress admin to snuff out any issues, perhaps after a website launch. Make sure you are finding and fixing 404s on your site as they make for a poor user experience which is bad for SEO.

4.16 Website speed is not an issue.

Make sure you site is fast enough. Every page too, not just the homepage. You might not need the fastest site in the World but make sure it’s fast enough for your users and mobile users especially. PageSpeed became a ranking factor long ago for Google, so ensure you’ve paid close attention to your website’s speed.

4.17 Every Page’s SEO Title is within width constraints.

It’s not a character limit but rather a width constraint that limits the SEO Title of a page in WordPress. Make sure your posts and pages have well defined SEO Titles that allow a searcher to have an easy description of the page. Don’t have SEO Titles that are too long and result in a … in the search engine results pages.

4.18 All pages have a defined Meta Description that is proper length.

Similar to the SEO Title, make sure you are following best practices with the Meta Description for every page and post in WordPress. Meta Descriptions are a great SEO opportunity in WordPress to make sure to use and deliberately set. Google does not always display the set Meta Description but rather with sometimes substitute content from the page if more relevant to the searcher’s query.

4.19 Properly utilize Heading H1 – H6 tags to add hierarchy to content.

Proper headings are as useful to Google as proper SEO Titles and Meta Descriptions and they are easy to use in WordPress correctly. Think about newspaper and how the hierarchy of information is separated by different sized headings. Google and the user want to be able to scan the content and proper headings are good for UX and in turn SEO.

4.20 If Tags are used they are used for users not Google.

Stop stuffing Keywords and especially in WordPress Tags. This will not help your SEO in WordPress to just stuff all the keywords you can into Tags in your WordPress posts. It can even cause great problems if you do this and have tags set to be indexed in Google creating duplicate content problems. Use tags only to allow users to better sort posts and do not try to SEO game the WordPress Tags.

4.21 Use Bing Webmaster Tool Robots.txt Tester: https://www.bing.com/webmasters/robotstxttester

The old Google Webmaster Tools used to have this tool now it’s best found over at Bing Webmaster Tools. If you having prolonged indexing problems with a WordPress page or entire site, this tool can help you make sure there are no issues with your robots.txt file that could be the cause.

4.22 Website is responsive and mobile friendly. 

This is one of the most important items on the WordPress SEO checklist – that the WordPress site is optimized for mobile users. This is increasingly important for SEO. Invest all you can in making sure the mobile experience on any WordPress site is proper as possible. For SEO, a WordPress site not only needs to be fast on mobile but the UI/UX must be top notch as well for Google to display in the search results.

4.23 Audit internal linking and interlink older posts.

Having a well-thought-out internal linking plan should a a part of your WordPress SEO plan. There are many tools, free and premium, that can help with your internal linking structure. Having proper internal linking on a WordPress site is a powerful contributor to a solid WordPress SEO plan.

L

4.24 Easily found social media sharing buttons.

Backlinks are critical to a WordPress websites success with SEO. Social media mentions and links are as good as any these days for telling search engines what content to serve. Make it easy for website visitors to share the content on any WordPress site so that rankings can be improved. Place social sharing buttons prominently at the start and/or end of blog posts, pages or even pinned to the sidebar.

4.25 Active monitoring of which content is getting the more organic traffic.

Content is another critical part of SEO in WordPress, perhaps one of the most important. Closely monitor which content is getting the most of the right kind of visitors to your site and promote and do more of what’s working. Organic traffic from proper SEO in WordPress can be very powerful and make sure you stay centered around creating quality content that your ideal audience finds resourceful.

Got a WordPress SEO checklist item that we didn’t cover here? Please leave a reply in the comments below.

Make sure to download the master checklist and audit all the other areas of any WordPress website.

WordPress Performance Site Speed Optimization Audit Checklist

Speeding up any WordPress site can be a challenge to shave off as much loading time as possible. Experts with WordPress website optimization are often paid top dollar if they have a proven track record of speeding up complex WordPress sites, but often worth every penny. WordPress performance optimization is not a one size fits all but that each site is different and needs to be optimized accordingly. This list of items will help to make sure all is consider when looking to optimize any WordPress site for speed.

Each checklist item below is numbered in correspondence with the Master Checklist with a short summary and a link to more detailed information if available.

Master Checklist Table of Contents

  1. WordPress Website Analytics Setup Checklist
  2. WordPress Website Security Audit Checklist
  3. WordPress Performance Site Speed Optimization Audit Checklist [you are here]
  4. WordPress SEO Audit Checklist

WordPress Site Speed Checklist

3.1 Test the site with https://gtmetrix.com

There are lots of tools to test WordPress website speed, but GTmetrix is a popular solution among WordPress developers. You should be using multiple tools for measuring site speed and making sure you are not putting all your eggs in one basket as many tools discover items others miss. GTmetrix’s free solution offers a benchmark for you to begin optimizing your WordPress website speed.


3.2 Test the site with https://tools.pingdom.com/

Another great performance optimization tool that has a free website performance benchmarking tool trusted by developers. Use this tool in combination with other performance optimization scanners to evaluate your WordPress website’s performance. This tool will provide


3.3 Test the site with http://www.webpagetest.org

Use WPT as another free tool to investigate a WordPress website’s performance. Each tool helps highlight anything that might be hindering website performance that you can resolved and know it’s not hurting you even if it doesn’t help.


3.4 Test the site with https://developers.google.com/speed/pagespeed/insights

Another great free tool from Google to make a WordPress site fast on all devices. It should be a goal to satisfy Google’s PageSpeed Insights tool as much as you are able, but perfect 100 scores can sometimes take a lot to achieve depending on how your site is built and where it is hosted.

3.5 Utilize a caching plugin.

Caching a WordPress websites is one of the best ways to speed it up and often most effective. There are many trusted solutions for caching solutions both free and premium. Caching a site can result in issues if not managed or setup properly but it’s worth the trouble when your site is properly cached and performing best.

3.6 Confirm your caching plugin is professionally setup as per the specific requirements of the website and server.

Some are more simple and some are more complex when it comes to setup and configuration and often the best results can be achieved hiring a specialist to configure settings for a particular WordPress site on a particular sever. Every website is different and so are the server configurations they live on and it’s a pretty steep learning curve and sometimes best to find a reputable professional, otherwise be prepared for a lot of trial and error testing.

3.7 Utilize a CDN (Content Delivery Network)

Have WordPress use a CDN to serve website files and content from the nearest server to the site visitor geographically. This not only massively speeds up the website for the visitor but also frees up the burden on the server to constantly be serving all the assets. Particularly useful for WordPress sites with a global audience and a CDN also has security benefits that prevent vulnerabilities.

3.8 Confirm the CDN is professionally setup as per the specific requirements of your website and server.

You can typically setup a basic CDN setup yourself even if you are not a professional. That said, this is another item that a professional can help fine tune and really optimize for you. Lots of variables to considers as to what CDN you use and what gets served from the CDN and what comes from your server directly. This gets more complicated with eCommerce sites as well.

3.9 Ensure ALL your images are properly compressed and optimized for web and devices.

By default WordPress does not compress or optimize your uploaded media like images. Jetpack plugin can help with this, or a number of other free and premium image optimization solutions are available. Make sure you optimize all the images on your site pages and blogs and serve them in the proper formats and no larger than they need to be.

3.10 Use an image optimization plugin to ensure future images uploaded are optimized.

Once you’ve optimize all the images on a WordPress site you need to make sure that newly uploaded or updated images also get properly optimized as time goes on. There are many free and premium solutions to handle this available to WordPress site managers. Images are often to blame for the majority of what slows down a WordPress site since they are often the largest asset your website needs to serve.

3.11 Audit your plugins to make sure all active plugins are still required and removed depreciated.

It’s common for WordPress sites to have active plugins that are not needed. Audit and take inventory of your plugins and deactivate and delete those that are not needed. This can often speed up a WordPress site, or remove something unneeded that was slowing it down previously. A professional WordPress developer can help you take inventory of WordPress plugins on any site if you are not sure.

3.12 Jetpack users make sure to deactivate unused modules in settings.

The Jetpack WordPress plugin is very robust and contains a lot of features for WordPress that are not available out of the box without the plugin in WordPress. In Jetpack settings you can disable features offered by the plugin that are not needed on a given WordPress site. Keep this in mind for other plugins, and themes as well and only load what you use.

3.13 Implement minification where possible, often part of caching setup.

Minification combines files together so your server or CDN only need the least amount of files possible while eliminating duplicate code. Minification has the potential to easily break the functionality of a WordPress site so this should be handled with extra care, ideally in the hands of a professionally with WordPress speed optimization expertise.

3.14 Optimize the WordPress database if the site is aged.

Years and years of development on a WordPress site can leave its mark with bloated databases, that contain unnecessary large and unneeded tables. There are free and premium plugins that can clean up and optimize a WordPress database but this is extremely risky if you do not know what you are doing. Be sure to have multiple database backups in place before any optimization and consider hiring a professional.

3.15 Ensure hosting company is the fastest option within budget.

Not every WordPress site requires a high power server or expensive hosting plan. And not all WordPress websites need to be the fastest site possible, rather just fast enough. Ensure that your host is delivering the value you need in terms of site speed and be willing to re-consider your host loyalty in favor of another host who puts priority of ensuring WordPress websites run fast on their servers.

3.16 Themes, plugins and WordPress are all running latest versions.

Outdated themes, plugins or WordPress core can cause conflicts or have bugs that slow down a WordPress website. Often updates include performance enhancements that you’ll want when released as typically they’ll only help your WordPress site perform better. Developers are constantly finding better ways to code the same thing and you want to reap those benefits they include in those sometimes pesky updates.

3.17 Use a ‘Waterfall’ tool to analyze each important page for slow loading elements.

Many of the tools and solution for benchmarking a WordPress website’s speed provide a “waterfall” view of how the site loads. These are very helpful visualization for determining and investigating where improvements can be made or where bottlenecks might be. Many internet browsers like Chrome and Firefox also offer tools for analyzing a websites waterfall loading.

3.18 You’ve implemented lazy loading to minimize requests on initial page load.

Lazy loading is just like it sounds, only loading what is needed to see the content currently on the screen. Such that as you scroll down those images and content can be loaded as you get to them instead of slowing down the initial page load. Lazy loading is built into many performance based themes & plugins and should be utilized so long as it does not negatively effect the website visitor’s experience.

3.19 Any embedded videos are served quickly with little or no loading time.

Take inventory of how videos are loaded or are loading on any WordPress site. Making sure they are not self-hosted in the WordPress media library which does not handle video well because they are such high bandwidth. It’s often best to use a 3rd party service to host and embed videos on a WordPress site and even then you’ll want to ensure you are using the most current embed code.

Got a WordPress website speed optimization checklist item that we didn’t cover here? Please leave a reply in the comments below.

Make sure to download the master checklist and audit all the other areas of any WordPress website.

WordPress Website Security Audit Checklist

WordPress can be a very secure platform to build and maintain a powerful website with, but it can also be insecure if you don’t take proper precautions. As much as it’s about securing against possible attacks, it’s also about knowing what to do when security does fail and you have a compromised WordPress website. Use this free checklist to take a holistic evaluation of any WordPress website’s security setup.

Each checklist item is numbered in correspondence with the Master Checklist with a short summary and a link to more detailed information if available.

Master Checklist Table of Contents

  1. WordPress Website Analytics Setup Checklist
  2. WordPress Website Security Audit Checklist [you are here]
  3. WordPress Performance Site Speed Optimization Audit Checklist
  4. WordPress SEO Audit Checklist

WordPress Security Checklist

2.1 You have automated daily backups of your WordPress Directories & Files.

The best way to secure a WordPress website, is to be prepared for when it gets compromised. Make sure you are keeping regular backups of your WordPress directories & files, perhaps with some redundancy or a couple different backup sources. Having reliable and current backups when you need them is critical for WordPress website security.


2.2 You have automated daily backups of your WordPress Database.

Do not overlook backing up the WordPress Website Database(s). A full backup of WordPress contains not just the directories and files, but also the database(s). Again having some redundancy or multiple backup sources/destinations is smart when backing up your WordPress databases.


2.3 You know, or know someone who knows how to restore from your backup files if needed.

Having recent backups when you need them is only helpful if you know how to restore them into place to get your site running again after it’s compromised. Ensure you have a process for how to restore your site when you need to and that the appropriate people can follow those procedures. Some hosting service providers can help with this, but it’s nice to be self-sufficient as well when it comes to restoring a WordPress website.


2.4 You’ve automated restorations with a service that allows you to one-click rollback to any day in the past.

Elaborating on the previous item, there are solutions for backup restoration that allow easy one-click rollback restorations for WordPress sites. If you are less technical this is extremely useful so that when things go wrong you can correct them without needing to call or hire a developer for advanced help restoring a site and getting it working again.


2.5 You periodically take an additional manual ‘local’ backup so that you have a recent backup in more than one place.

Cloud backups are great, but it does not hurt to have a recent “local” backup of a WordPress website saved on your computer as well. As sort of a worse case backup when your cloud backup fails or you can’t access it – Any WordPress developer will tell you this has saved them countless times taking this extra step.


2.6 Your backups are also being backed up. (Via cloud ect..)

If you keep your backups on the same server as your WordPress website, you could lose both at the same time. Create redundancy in backing up your website and as crazy as it sounds, backup your backups. There are many unexpected scenarios where the backup you need was also lost and you are out of luck.


2.7 You have no Administrator users with the default username ‘Admin’

This is the most classic WordPress security hardening item. WordPress site health check feature now checks for this so make sure you mind those items as well. Many WordPress sites are hacked because if the default admin username is used, then all a hacker has to do is guess the password correctly. Make sure you also limit login attempts to prevent this type of password guessing.


2.8 You’ve reviewed the active FTP accounts on your server to ensure there are no rogue accounts.

Most WordPress hosts allow you FTP or sFTP access to manage the files on your server, ensure you know who has access. Sometimes an old website manager or no longer authorized colleagues still have FTP accounts that should have been deleted. FTP accounts should only be held by trusted individuals as they have the potential to compromise a WordPress website rather easily.


2.9 You’ve updated your passwords for your WordPress database lately.

Unauthorized database access is a quick way to have a WordPress website compromised. It’s easy to update your database password and should be done periodically to ensure only those individuals and application that are authorized have access to your WordPress mySQL databases.


2.10 You’ve reviewed the current Administrator Users are all required.

Many WordPress installation have many Users setup with Administrator privileges and often go disregarded after the user is setup. Take periodic crawls through your WordPress users and ensure your user roles are properly set and lowest level access only is implemented.


2.11 You use a plugin to stop ‘brute force’ attacks.

There are many solutions for stopping “brute force attacks” on WordPress websites. Jetpack has this built in, or any plugin that limits the login attempts. Brute force attacks are simple when trail and error guessing of login/password can be done without limit. This can strain a server and crash your site or worse allow an unauthorized application or individual to gain access to your site’s backend.


2.12 You’ve reviewed Google Search Console for any security issues.

You should have your WordPress site configured in Google Search Console, which provides a Security Issues report. This makes you aware of any hacked content, malware or unwanted software, or social engineering issues so you can fix the problem. If issues are identified by GSC, then you can request a reconsideration review from Google which takes some time.


2.13 You invest in a premium security plugin that scans and hardens.

There are many premium (paid) security solutions available for WordPress websites that are recommended. These solution can proactively scan and harden the security points of your website. It’s important not to consider these solutions as silver bullets and also take into consideration all the items in this checklist and create some redundancy for yourself.


2.14 You are running the latest version of your theme.

Many WordPress websites run popular themes as opposed to custom made themes, and the authors of these popular themes are constantly producing updates. Keeping your theme up to date with the latest version from the author gives you all the benefits of enhancements and bug fixes to ensure you site continues secure and performing properly. You should always be running the latest version of your WordPress theme.


2.15 You are running the latest version of your plugins.

WordPress plugin authors release plugin updates all the time to address security vulnerabilities. Always run the latest versions of any and all the plugins on a WordPress website. Not only will the WordPress site be more secure but you’ll also get all the enhancements and bug fixes also included in these plugin updates.


2.16 You are running the latest version of WordPress.

Each WordPress version contains a list of security enhancements with it. WordPress also releases new version just to address a specific security vulnerability from time to time as they are identified. WordPress takes security very seriously and the whole developer community works together to ensure patches are put in place as soon as possible when a security vulnerability is found in the WordPress core.


2.17 You complete updates as soon as they are released.

Turning on auto-updates is a great idea if you don’t check your WordPress dashboard very often. You can trust most updates have been tested before they are released and the rewards of keeping your WordPress plugins, themes, and core as up to date as possible far outweigh the risks of upgrading early, when a patch might be released shortly after the update. Updates do sometimes have the capacity to break a WordPress site, but you should always be prepared with a current backup and a plan for restoration should an update break your site.


2.18 You’ve removed unused plugins & themes.

Unused and/or inactive WordPress themes & plugins present a security vulnerability that is easily avoided by removing them from a WordPress installation. Most think that by deactivating plugins/themes they’ve done all they need to do, but you need to actually follow through and delete the unused plugins & themes to prevent exploitation of their code that’s still on your server and/or in your database.


2.19 You require strong passwords.

Any WordPress users should have strong passwords set, especially administrator user roles. There are settings and plugins to ensure that any users setting passwords are required to follow strong password best practices and won’t allow them to set a weak password. This is important and you often have no idea how secure other administrators set their passwords.


2.20 You use a hosting company known for security.

Not all hosting companies are the same when it comes to hosting a WordPress site. Many hosts specialize in hosting WordPress and many of those have special safeguards in place to help with WordPress security. Managed WordPress hosting services take this even further and offer specific features on their plans to ensure security, backups, and restorations to make it easy to protect any WordPress website.


2.21 You’ve properly configured SSL (HTTPS).

SSL certificates are easy and free to implement and are an absolute must. Let’s Encrypt revolutionized this making it a no brainier to ensure any WordPress site has the little lock and is running HTTPS. SSL and HTTPS no only helps WordPress from being compromised but also help protect any visitors to your website especially if they are sending information through the site like in contact forms.


2.22 You use a unique database prefix.

The default WordPress database prefix is wp_ which you could probably have guessed. Anything that’s easy to guess or default makes a hackers life so much easier. Take the extra step of having a unique database prefix for the WordPress database and add another layer of security to any WordPress installation. Many WordPress hosts now include this as standard practice when setting up new WordPress installations.


2.23 Your file and folder permissions are properly set on the server.

If file permissions are not set correctly on your server it can compromise your WordPress website. Most WordPress specialized hosting companies have tools to reset default file permissions for WordPress installations, as this can be a tedious job to do manually. Overtime file permissions can get incorrectly set and create otherwise hidden vulerabilities.

Got a WordPress Security checklist item that we didn’t cover here? Please leave a reply in the comments below.

Make sure to download the master checklist and audit all the other areas of any WordPress website.

WordPress Website Analytics Setup Checklist

Analytics are a critical part of ensuring any WordPress website is performing optimally and knowing what’s working and what could be improved. There are lots of analytics solutions for WordPress and this checklist will help to ensure a base level analytics setup on any WordPress website. Which analytics solutions for WordPress are used is a matter of preference but analytics are the foundation of making any improvements data driven and must be setup properly.

Each checklist item is numbered in correspondence with the Master Checklist with a short summary and a link to more detailed information if available.

Master Checklist Table of Contents

  1. WordPress Website Analytics Setup Checklist [you are here]
  2. WordPress Website Security Audit Checklist
  3. WordPress Performance Site Speed Optimization Audit Checklist
  4. WordPress SEO Audit Checklist

WordPress Analytics Checklist

1.1 Google Analytics is setup and tested tracking all pages.

The most popular free analytics solution for WordPress is Google Analytics and is a great place to start tracking your website stats. Ensure Google Analytics is properly configured with any WordPress site and tracking correctly. Learn More


1.2 You’ve setup conversion ‘goals’ in Google Analytics to track when users have taken specific actions on your website.

Most WordPress websites have specific goals they drive the visitors to complete. Whether that’s filling out a contact form, purchasing a project, or opting in for a newsletter for example – You should be using “goal tracking” analytics features to understand the visitors journey to completing that desired action.


1.3 If your website is e-commerce (storefront) you’ve properly configured Google Analytics Conversion Tracking.

Building off the previous checklist item, if you are selling via e-commerce then Google Analytics has a specific feature for tracking conversions on any WordPress website. This enables you to segregate and better understand the traffic or visitors who are actually purchasing on a WordPress set and understand their buyers journey on your site.


1.4 You’ve reviewed the Internal Site Search data in GA to make sure it’s turned-on and configured for any insights about user intent based on searches.

This option in Google Analytics is toggled OFF by default, but if turned on and configured properly could provide great insights as to what users are searching for on any WordPress website.


1.5 You’ve setup a filter for your home and/or office IP Address to make sure those visits are not being tracked in GA.

Google Analytics will track all visitors, including you or those at your company, unless you tell it not to. Sometimes you don’t want to track your own actions or those of your colleagues, and rather only track outside visitors that your trying to target. This helps to keep your data clean and not have all the irrelevant internal traffic muck up any WordPress website stats. Google Analytics allows you to disregard traffic from a certain IP Address, which often are unique to any office building or can be requested from your internet service provider.


1.6 You are taking advantage of ‘Campaign Tracking’ in GA with the use of URL tagging.

Most marketers know about URL parameters but they can be confusing for the general WordPress website admin. Campaign tracking allows you more granular data about the acquistion sources and their behavior once they hit a WordPress website. These are commonly known as UTM (Urchin Traffic Monitor) but could more appropriately be described as a Unique Tracking Metric.


1.7 You’ve made sure you are tracking all your domains, including sub-domains in GA.

It’s important to realize that Google Analytics, and many other analytics platforms, often look at subdomains as separate websites. Do you have any subdomains working alongside a WordPress website? Consider how those are tracked in Google Analytics and if they should be included, excluded or separate.


1.8 You are tracking the correct non-www. or www. web address in GA.

Many WordPress site owers and managers don’t understand that www. or non-www. matters a lot. Perhaps less than it once did – but historically Google considered these two different sites. The important part is to be consistent and ensure you have setup your site either with or without the www. before the domain name.


1.9 You’ve reviewed all sections of GA reporting looking for any insightful analytics that could help or be hindering your site.

It’s one thing to have analytics properly setup on a WordPress website, but another thing to actually review the stats. Most analytics solutions have lots of data that can be viewed in lots of insightful ways. Ensure you take the time to learn the data by reviewing and researching so you can know what’s working and what is not to help you know where to focus your efforts.


1.10 You only have one instance of the GA tracking code in your site pages.

Often times WordPress websites accidentally include the tracking code for whatever analytics solution in multiple places. So when you look at that source code for any page you can see extra tacking codes. There are advanced ways to manage multiple tracking codes if you have them, but you mostly want to avoid duplicates that could result in duplicate data.


1.11 You’ve configured your analytics tracking info settings to collect all the data you need.

Many analytics solutions for WordPress allow you to control the data you collect on your website. It’s important to be aware of what is being collected and ensuring you are gathering the level of user detail you need. Doing this while ensuring you inform website visitors of the data you are collecting is an often overlooked element of a WordPress site.


1.12 You’ve considered setting up GA Alerts to monitor any significant changes in website traffic.

If a WordPress site is suddenly receiving a ton more traffic than normal, someone should be notified with an alert. It’s important to have analytics configured on your WordPress site to notify someone that the website is suddenly receiving irregular traffic quantities. This can be an opportunity to recognize new traffic sources or this can be a warning that your site might crash if the hosting server is not powerful enough to serve all the visitors.


1.13 You have setup a ‘filter’ or otherwise excluded or segmented tracking login areas and pages not desirable for your marketing data requirements.

Often WordPress website analytics contain content pages that are of no interest to the performance of your website. Using filters in analytics on a WordPress site can help to reduce the clutter that smears your view into the most relevant/actionable statistics.


1.14 You utilize the User flow and Goal Flow charts and data with Google Analytics segmented by source and medium.

These data visualizations are particularly useful with WordPress websites to understand a specific segments source and behavior. Overall, be familiar with all the the capabilities and visualizations offered by analytics solutions like Google Analytics. Gain a deeper understanding of where to attribute the success of your WordPress website.


1.15 You’ve setup a filter for /blog/ content only vs. primary site pages.

Since many WordPress websites utilize the blogging feature it’s often helpful to look at the performance of the blog vs. the rest of the site separately. Comparing the performance of blog posts, without the clutter of the rest of your site pages, and vice versa, can give you a clear picture on priorities. Be sure you have these filters configured especially as many WordPress sites don’t have a specific /blog/ directory all posts contain in their URL. For instance, if your permalinks are setup as /%postname%/ then you’ll need to do some special configuration to ensure you get this segregated blog data.

Got a WordPress Analytics checklist item that we didn’t cover here? Please leave a reply in the comments below.

Make sure to download the master checklist and audit all the other areas of any WordPress website.

Where has WPauditor been? The 2021 Update

Howdy from Montana! How’s it going?

Sitting here looking at a notepad filled with action items to bring WPauditor back to life. WPauditor is a project kicked off in April 2016 knowing it would benefit many including myself. A place I could offer all my experience and expertise in WordPress to help the most people possible. I’ve always been passionate about launching this project but was taken away with other opportunities and obligations as a freelancer and in my roles after being hired by Codeable where I resigned from earlier this year. So now this project is back on the main stage.

The original domain purchase confirmation for wpauditor.com email from back in April 2016

I’ve put a lot of thought into what I want this project to be, but it will always remain just that, a project, that will evolve. I’ve got a pretty clear vision where I want to go and what that looks like but even that can change based on where I’m seeing success with it. I’m super excited to relaunch this project with my full attention so long as I can keep other opportunities from preventing that.

Site visitor stats from the birth of wpauditor.com

You can see from the image above, this project has never really got off the ground. That’s easily explained as after buying the domain I was almost immediately hired in-house by Codeable and that took my full-time attention away. You can see as I write this we are on track for the worst month ever in performance of this website. I have every intention and a plan to turn that right around.

Where WPauditor Started

It all started with the checklist. I wanted to build this whole site around free resources that any WordPress site owner or manager or anyone helping with WordPress in general could use. Although I more or less abandoned this site for 5 years, the checklist was produced and has been downloaded and helped hundreds of people.

I used a similar checklist when I performed WordPress website audits for clients to help them know where to focus to improve, mitigate costly oversights and identify low hanging fruits. I offer this as the Audit Preview which was also downloaded while this site sat unattended showing folks examples of what the checklist helped to identify when executed.

I even had 33 people Request an Audit, a service I hoped and still hope to provide for those who don’t wish to do-it-themselves with the resources provided on this website.

I started this site with a passion that turned into set it and forget it. I left it in the dust and it still performed with no supervision. There is absolutely some regret for not sticking with it but that’s how it went and I’m more looking forward to where it’s going.

Where WPauditor is Going

It all starts with giving The Checklist an overhaul. It’s been 5 years and in internet/WordPress time, that’s a long time. A lot has changed and the items that were important then, are not as important now. So each section will be getting audited and brought up to date with everything I’ve seen change in WordPress over the past 5 years and how to be successful with it, no matter what kind of WordPress site you are running.

The new checklist will be published absolutely free again and will roll out as on the blog as individual post for the various sections… WordPress site speed, security, analytics, UI/UX, design, content… ect… Making sure you can cover all your bases. Also available as PDF download of course.

The goal is to provide massive value for free, for those willing to work for it. Empower the do-it-yourselfers.

For those who need a bit more coaching, I plan to add exactly that… an online course to easily coach you through running an audit according to our checklist on any WordPress website. Providing you all the resources to execute a WordPress website audit on your own for yourself or someone else who owns a WordPress website. This will likely be a very affordable course offered through this site and/or a platform like Udemy where I’ve got 3 other successful courses. e-Commerce WordPress website auditing will be another offering, But I’ll be putting focus first on smaller WordPress sites just getting started but with principles that apply to big WooCommerce stores as well.

For those looking for a done-for-you service, to have a WordPress website audited, that’ll be the top-tier offering on this site where myself or a personally trained professional at my level with Audit your site for you and provide all the answers you need to be successful and know where to focus. I aim to offer a handful of these a month as a premium done-for-you service. Much like a home inspector I’ll point out what is wrong, and go even further by providing trusted solutions where you can easily get help fixing any identified areas of improvement.

It’s a pretty simple business model. My competitive edge is my vast experience in the WordPress space and extreme familiarity and relationships with the solutions and success of many websites as a freelancer. I want to channel all that into WPauditor to help the most people possible. This site has yet to bring me any measurable income but I do plan to follow through with making this an income generating projects through those I help.

My priorities for executing all the above will be first on the do-it-yourself solutions over the done-for-you service which will be based on availability and only offered for very few customers at first.

That’s it, in a nutshell. Plans for this site open-sourced.

How it’s Going

I’ve recently completed my move from Washington State to Montana and I’m living the life of my dreams. I’m living 10 minutes from the chairlifts at Whitefish Mountain Resort where I work 4 days a week on the mountain. I’m working a seasonal job as a mountain bike patroller and trail crew member and couldn’t be happier to be spending so much time outside using my body not sitting hunched over at a computer desk burning out my eyeballs, back and wrists.

I cannot abandon my experience with WordPress and this is how I’m planning to put that expertise back to work. Looking ahead to winter my hope is I can properly launch WPauditor as I originally planned and as mentioned above to help more people with WordPress once again on my own terms.

As I’m recovering from a decent burnout experience, this site makes me feel the passion again and takes me back to my WordPress entrepreneur past which is why I got into it in the first place… So easy & free to start something from nothing and improve as you go.

Please follow @wpauditor on twitter or subscribe to our emails in the footer of any page on this website for updates on where it’s going.

How to Choose a WordPress Theme

There is a lot to consider when choosing a theme for your WordPress website. Even more to consider when you are planning on building your inbound marketing strategy on top of it. That being said don’t be intimidated because if you follow a few pieces of advice you’ll make the best selection with ease. Follow the steps below for help with choosing a WordPress theme for inbound marketing.
Read more

Klaviyo Viewed Product Abandonment Tracking with WooCommerce

The Klaviyo WordPress plugin does not currently work with viewed product tracking in WooCommerce out of the box. Klaviyo support provides a code but it needs to be modified to work with WooCommerce.

Below you’ll find a GIST of that custom function to be placed in your WordPress child theme’s functions file.

This will result in you being able to track and filter within your Klaviyo dashboard by users who viewed a product.

Klaviyo Viewed Product Abandonment Tracking WooCommerce