602-765-9434

Website Administration Document

Below is a practical checklist you can adapt to create (or audit) a comprehensive Website Administration Document for any WordPress-based site. Use clear headings, keep everything in one secure place (password-protected or encrypted), and update it whenever something changes.

1. Core Site Details

  • Primary domain(s) & any redirects
  • Public site URL for staging, development, and production
  • Launch / last-major-update date

2. Access & Credentials

(store passwords in a secure vault; never in plain text)

  • WordPress admin URL & super-admin login
  • SFTP/SSH credentials
  • cPanel or hosting dashboard access
  • CDN, DNS, and cloud-storage logins (if used)
  • Master list of all user roles and their permissions

3. Infrastructure & Hosting

  • Hosting provider, plan, server location, and IP address
  • PHP, MySQL/MariaDB, and WordPress core versions (with planned upgrade windows)
  • Resource limits (CPU, RAM, storage caps)

4. CMS Configuration

  • Site language, time-zone, permalink structure
  • Installed themes (active & inactive) with version numbers and license keys
  • Complete plugin inventory: name, version, purpose, renewal date, license key, and developer link
  • Child-theme repository or Git repo details (if version-controlled)

5. Design & Branding Assets

  • Brand style guide link (fonts, colors, imagery rules)
  • Logo files and usage notes (SVG, PNG, favicon, app icons)
  • Custom CSS/JS snippets and where they are stored

6. Content Governance

  • Content types (posts, pages, products, custom post types)
  • Editorial workflow (draft → review → publish) and responsible parties
  • Media-library conventions (file naming, alt-text standards, max file sizes)

7. E-commerce / Payments (if applicable)

  • WooCommerce version, extensions, license keys
  • Payment-gateway credentials (Stripe, PayPal, etc.)
  • Tax, shipping, and currency settings
  • Inventory-sync or ERP integrations

8. Email & Communication

  • Transactional email service (SMTP, SendGrid, Mailgun) credentials
  • Email marketing platform API keys (Mailchimp, Klaviyo, etc.)
  • SPF, DKIM, DMARC records in DNS

9. Security & Compliance

  • Active firewall/WAF settings (e.g., Cloudflare rules)
  • Malware-scan schedule and tool
  • Two-factor-authentication policy
  • GDPR/CCPA consent mechanisms & data-retention policy
  • SSL certificate type, issuer, and renewal date

 

10. Backup & Recovery

  • Backup provider and storage location (off-site/cloud)
  • Frequency & retention policy
  • Restoration procedure with step-by-step instructions
  • Date of last successful restore test

11. Performance & Monitoring

  • Caching layers in use (object cache, page cache, CDN)
  • Key performance metrics targets (TTFB, LCP, CLS)
  • Monitoring services (UptimeRobot, Pingdom) login and alert channels
  • Optimization plugins or server modules enabled

12. Analytics & Tracking

  • Google Analytics/GA4 property ID and access
  • Tag-management container details (Google Tag Manager, Matomo)
  • Conversion goals, e-commerce tracking setup, and attribution model

13. Third-Party Integrations

  • SaaS tools (CRM, marketing automation, LMS, membership platforms)
  • API keys, webhooks, and callback URLs
  • Renewal/expiration dates and SLAs

14. Licensing & Renewals Calendar

  • Domain renewals
  • Hosting plan renewal
  • Premium themes/plugins/SaaS subscriptions
  • SSL certificate expiry

15. Maintenance Log & Change History

  • Chronological record of updates (core, theme, plugins)
  • Performance/security incidents and resolutions
  • Notes from staged deployment tests

16. Contacts & Escalation

  • Internal owner(s) with roles (marketing lead, IT lead)
  • External vendors/contractors with responsibilities
  • 24/7 emergency contact and preferred channels

17. Reference Assets

  • Sample email templates for outages/maintenance notices
  • SOPs for routine tasks (content upload, patching, cache-clearing)
  • Links to vendor support centers and documentation

Tips for Managing the Document

  1. Version-control it—use a private Git repo or a secure, shared drive to track edits.
  2. Schedule quarterly reviews to verify credentials, license keys, and renewal dates.
  3. Automate reminders (e.g., renewals, SSL expiry, backup tests) so nothing slips.
  4. Restrict access to need-to-know personnel; rotate passwords when staff change.

A well-maintained Website Administration Document saves hours of troubleshooting, keeps your team aligned, and protects your digital investment.