WordPress offers a unit testing checklist and import files along with instructions for theme testing in general.

Usability

Interface, visual content, and legibility

  • Homepage appearance
  • Consistent headers
  • Element alignment
  • Timing of dynamic content
  • Favicon
  • Subpage appearance (each template)
  • Spelling/Grammar
  • Extraneous text orphans/rivers/hyphens/etc.

Flexibility

Responsiveness at various users’ browser settings.

  • Various viewport sizes
  • Various text sizes
  • Various browser zoom levels
  • Drag resizable forms/elements

Social

Check to see how different pages will show up when shared via social networks.

Metadata

Check metadata to see how crawlers (including search and social) will see the site.

SEO

Make sure search crawlers can properly index the website and its content. Many other checks in this list can also affect SEO!

Functionality

Valid code and proper target URLs without orphan pages or broken essential functions.

  • No broken links
  • target="_blank" on external links
  • Page Titles
  • Search
  • Logo links home
  • Forms accept alternate character sets (and symbols like quotes)
  • Not affected by third-party ad blocking apps
  • Verify Universal Google Analytics are instated
    • Verify Google Analytics event tracking is working properly
    • Verify Google AdWords integration is working properly (if needed)
    • Add referrer spambot protection to Google Analytics (using an alternate View)

Validity

Run the pages through various validators to see if there are any glaring mistakes. The linters will be very strict, and HTML5 can not technically be W3 validated, so while we will always strive for syntactically perfect code, it is not always conceivable.

Performance

Run the pages through various speed tests to see how optimized the site is. Clients’ servers may hinder goal progress, but frontend improvements should be noted. These are not requirements, but are methods of testing where a site stacks up. For a true baseline speed test, enable browser caching in .htaccess before running tests.

Accessibility

Graceful degradation and progressive optimization for usability across all types of users’ disabilities. For more information, read about Section 508 compliance.

  • AChecker
  • Internationalization
  • Specified language
  • Readable by target demographic (and above)
  • Alt attributes (only on images that have information; not simply decorative)
  • Links are descriptive not simply “click here” (SEO benefits too)
  • Heading tag usage
  • Check readability without certain resources
    • Disable javascript
    • Disable images
    • Disable CSS
  • Sufficient color contrast (especially for header/navigation)
  • Print style
  • Text selection (Not blocked, coherent order)
  • Sitemap (Preferably XML)
  • Friendly (“Pretty”) URLs
  • Limited (or no) use of mailto links. Contact form alternatives used.
  • Keyboard accessible (including tab order and dropdown menus)
  • Test in a screen reader (if possible)

Security

Prevent users from knowingly or unwittingly using the site in a way not intended, and other defensive design checks.

  • Prevent directory traversal (Options All -Indexes)
  • Remove or redirect “www” subdomain
  • Submit empty form fields (required fields and not)
  • Search submissions do not execute JS (search for: “<script>alert(‘Test’);</script>”)
  • Custom 404 page
  • No sensitive information in browser-side source code (comments, console logs, etc.)
  • Pages/files behind secured pages inaccessible from outside areas
  • Disable Wordpress Pingbacks
  • Deny access to .htaccess file from visitors