The MUST when launching a website

Every good developer should have a checklist with things that need to be done during launch of a website. We are only people and we forget things.

If you use project management software or simple todo list app, there probably is a way to predefine such list. I hope that this post will help you in some way. I know that some of these tasks should be consider and done during development, but double (triple) check is a good habit. I divided all tasks into categories for better undestanding.


I start with this, because tasks in this category are often ommited. Especially in small websites. We rely on our code, server settings and so on – which is wrong. Trust no one. When we work with diffrent clients, we work with diffrent servers, diffrent frameworks. We shouldn’t be confident of anything. It’s hard to test your website thoroughly without dedicated team, but you can, and you should do something.

  1. Remove installation directory – if you used some open source project or cms, there was probably installation step in the proccess. You MUST delete this folder.
  2. Disable directory listing – you can do that with .htaccess and Options -Indexes
  3. Disallow direct access to files that don’t have to be accessed from browser – like framework/cms files
  4. Disable error reporting/debugging messages
  5. Check 404 page
  6. Check if form validation works on server side – you should not rely on JavaScript or HTML5 validation
  7. What about XSS?
  8. What about SQL Injection?
  9. What about code injection?

I could go on with possible vulnerabilities but this is a start. If you wanna know more, you should start with OWASP website.

Also – and this is more for backend and shouldn’t be taken into account at the end, but checking won’t hurt anyone – passwords should be strong and hashed in database.


A good place to start is google PageSpeed Insights, where you can test your website against web performance best practices, but it all comes down to:

  1. Minify JS – you should use developer (uncompressed) version during development, and minify (compressed) version on production. There are many tools online you can use for this like jscompress, javascript compressor.
  2. Minify CSS – as above. If you use SASS (or LESS) you can define compressed output style. If not, there is also online tool for that CSS compressor.
  3. Combine JS/CSS files – having multiple JS or CSS files can hurt us. Just combine them into 1 (or 2 if you use sooo many of them). It’s faster to make 1 request than 10.
  4. Move JavaScript to footer – not the HTML5 shiv obviously.
  5. Enable compresion – most servers allows you to enable gzip compression. You can do it in .htaccess. If for some reason web server doesn’t allow it, you could always compress files yourself, upload them and create rules in .htaccess.
  6. Enable browser cache – this should be your very last task. When all the CSS, JS are totally free from bugs (or very close cause it’s never „bug free”) and all content like images and fonts are final.


Although SEO is very related to content, we should check/do few things:

  1. robots.txt – make sure that Allow/Disallow are set right.
  2. <meta name=”robots”> – make sure it does NOT have „noindex, nofollow” (unless you don’t want your website to be indexed).
  3. Decide if website should work on www or no www subdomain and make proper redirect – for existing websites check which one is indexed and make redirect based on that. For new it depends on preferences – i always choose no www.
  4. Sitemap.xml present/accessible/correct?
  5. Is <title> present and unique for every subpage?
  6. Is alt=””present for images.
  7. Analytics – let’s be honest, whatever you use (google analytics, piwik or whateva) you’re gonna use something.


  1. Check validation errors.
  2. Check JavaScript errors and warnings – there is something called “console” in the browser.
  3. HTML5 shiv – if you don’t use feature detection you don’t need to use whole Modernizr (super cool library).
  4. Touch friendly – even if your website isn’t responsive, some users might visit it on device with touchscreen.
  5. Browser check – if you want test IE8 properly, you should do it on virtual machine with actual IE8 and not some emulator.
  6. Remove comments – if you minify JS or CSS, compilator will do that for you. Just make sure no „funny” comments or some kind of notes are visible in html source code.

If you think of anything I should add to this list let me know in the comment :o)

0 0 vote
Article Rating