TL;DR: Website projects fail most often because of scope creep, unclear requirements, or missing technical elements discovered after launch. This checklist gives you a complete framework from initial brief through to post-launch — covering everything from hosting and security to content, analytics, and SEO setup.
Why Website Projects So Commonly Fail
Most website project post-mortems look the same: the project ran over time, over budget, or both; the website launched with missing features or technical problems; and the relationship between the business and the web agency is strained.
The most common root cause is not a bad agency or a bad brief. It is the absence of a structured process for capturing requirements, making decisions, and testing the deliverable before it goes live.
This checklist does not guarantee a perfect project, but it does prevent the most common failures.
Phase 1: Project Definition
Scope and Requirements
- Define the primary purpose of the website: lead generation, e-commerce, information, booking, or a combination
- Define the target audience: who is this website for? What do they want to find?
- List all required pages: homepage, about, services/products, contact, legal (privacy policy, terms)
- Define the content management requirement: who will update the website after launch? How often?
- Define integration requirements: contact forms, booking systems, CRM, live chat, payment, analytics
- Define performance requirements: what does success look like? Lead volume, enquiry rate, traffic targets?
- Define design direction: provide examples of websites you like (and explain what you like about them)
- Define content responsibility: will you supply content or does the agency provide copywriting?
- Define timeline requirements: is there a hard launch date? What is driving it?
Budget
- Define total budget including: design and development, copywriting, photography/imagery, hosting, ongoing maintenance, and any third-party integrations
- Understand ongoing costs: hosting, domain renewal, SSL certificate, maintenance retainer, email hosting
- Confirm whether the agency quote includes ongoing support or is build-only
Vendor Selection
- Review agency portfolio — do they have examples in your industry or of similar scope?
- Check references — call at least two clients and ask specifically about project management and post-launch support
- Confirm who will build the website — internal team or offshore subcontractors?
- Confirm what CMS (Content Management System) will be used — can you edit content without the agency?
- Confirm ownership: who owns the code, the design, the domain, and the hosting account at the end of the project?
- Confirm whether the agency handles SEO setup, or if that is a separate engagement
Phase 2: Technical Setup
Domain and DNS
- Confirm domain name is registered and you have access to the registrar account
- If purchasing a new domain: register .com.au and .com for your brand (cybersquatting protection)
- Confirm DNS is under your control — not locked in the agency’s account
- Document DNS records (A, CNAME, MX, TXT) before any changes are made
- Confirm email will continue working through the website build and migration process
Critical: Your domain and DNS must be registered in your name with credentials only you control. An agency that holds your domain registration is a dependency you do not want.
Hosting
- Confirm hosting provider and plan tier (shared, VPS, dedicated, or managed hosting)
- For e-commerce or high-traffic sites: confirm hosting can handle expected traffic peaks
- Confirm Australian hosting (or CDN with Australian edge nodes) for performance and data residency
- Confirm backup schedule and recovery process for hosting
- Confirm who has access to hosting control panel — it should be you, with agency access as a secondary user
- Understand what happens to hosting access if the agency relationship ends
SSL Certificate
- Confirm SSL certificate will be installed before launch — all modern websites must be HTTPS
- Confirm SSL auto-renewal is configured (most modern hosting includes Let’s Encrypt auto-renewal)
- Confirm there are no mixed-content warnings (HTTP resources loaded on an HTTPS page)
Email Setup
- Confirm that website launch will not break email delivery
- Confirm SPF, DKIM, and DMARC records are correctly configured after DNS changes
- Test email sending and receiving before and after DNS cutover
Phase 3: Content Preparation
Text Content
- Homepage: hero headline, subheadline, primary call to action, key value propositions
- About page: company story, team, values, differentiators
- Services/products pages: description, benefits, pricing (if applicable), call to action for each service
- Contact page: address, phone, email, map, business hours, contact form
- Privacy Policy: legally required if you collect personal information — have a solicitor review or use a template reviewed by a solicitor
- Terms of Service (if applicable)
- Blog (if applicable): initial posts for credibility at launch
- FAQs (if applicable)
Images and Media
- Confirm whether photography is professional or stock
- If stock photography: confirm licence type (some stock licences restrict commercial use)
- If professional photography: book shoot before content deadline, not after
- Ensure all images are properly optimised for web (not 10MB DSLR originals)
- Confirm image alt text is written for all images (accessibility and SEO)
- Confirm brand assets are provided: logo in SVG/PNG, brand colour codes, fonts
SEO Content Foundation
- Confirm each page has a unique, descriptive page title (50–60 characters)
- Confirm each page has a unique meta description (150–160 characters)
- Confirm heading structure is logical: one H1 per page, H2 for main sections, H3 for subsections
- Confirm internal linking: pages link to each other contextually
- Confirm contact and location information is consistent across all pages (NAP consistency for local SEO)
Phase 4: Technical Review Before Launch
Performance
- Test page load speed on mobile and desktop (Google PageSpeed Insights — target 80+ score)
- Confirm images are served in WebP or AVIF format where supported
- Confirm caching is configured on the web server
- Confirm a CDN is configured for static asset delivery
Security
- Confirm all CMS software, plugins, and themes are on the latest version
- Confirm strong admin password and MFA is enabled for CMS admin accounts
- Confirm file upload restrictions are in place (if the site accepts file uploads)
- Confirm contact form has CAPTCHA or honeypot spam protection
- Confirm CMS admin panel URL has been changed from default (e.g., WordPress
/wp-adminis a common attack target) - Confirm regular automated backups are running and stored off-server
Forms and Integrations
- Test every form: submit a test enquiry and confirm it arrives at the correct email address
- Confirm form submissions are also stored in the CMS or CRM (email alone is not reliable)
- Test all third-party integrations: booking systems, live chat, payment processing
- Test on multiple browsers: Chrome, Firefox, Safari, Edge
- Test on mobile devices: iOS (Safari) and Android (Chrome) at minimum
- Test contact phone numbers and email addresses are clickable on mobile
SEO and Analytics
- Confirm Google Analytics 4 is installed and tracking visits
- Confirm Google Search Console is set up with site ownership verified
- Submit XML sitemap to Google Search Console
- Confirm robots.txt is correctly configured (not blocking search engines)
- Confirm there are no broken internal links
- Confirm 301 redirects are in place for any old URLs that have changed
- Confirm Google Business Profile is updated to match new website URL
Legal and Compliance
- Privacy Policy is accessible from the footer of every page
- Cookie consent banner is displayed if using tracking cookies or analytics (Australian Privacy Act 1988 compliance)
- Confirm all copyright and trademark notices are correct
- If collecting personal information: confirm Privacy Policy accurately describes how data is collected, stored, and used
Phase 5: Launch and Post-Launch
Launch Day
- DNS cutover scheduled for a low-traffic period (early morning, weekend)
- Monitor website immediately after DNS propagation (can take 1–48 hours globally)
- Confirm Google Analytics is recording visits after launch
- Confirm all forms are working on the live domain
- Confirm SSL is valid on the live domain
- Confirm email is still working after DNS changes
- Test website from a mobile device not connected to your office network (confirms DNS has propagated)
First 30 Days
- Monitor Google Search Console for crawl errors or indexing issues
- Monitor Google Analytics for any unexpected traffic patterns
- Submit sitemap to Bing Webmaster Tools in addition to Google
- Check that all old website URLs redirect correctly (no 404s for indexed pages)
- Update Google Business Profile with new website URL if changed
- Update email signatures, business cards, and printed materials with website address
- Test website performance on PageSpeed Insights — address any newly-identified issues
Ongoing Maintenance (Monthly)
Many businesses launch a website and then forget about it. A website that is not maintained becomes a security liability and a performance degrader.
- Update CMS, plugins, and themes to latest versions (monthly minimum)
- Review and restore from automated backup if any issues occur
- Check for broken links (automated tools available)
- Review Google Search Console for any new crawl errors or manual actions
- Review analytics for any traffic or conversion anomalies
If your website is built on WordPress or another CMS, your IT provider should be managing monthly updates and security monitoring as part of your managed IT service. If they are not, ask why.
For a full discussion of website design, SEO, and digital marketing services, see our Website Design & SEO service page.
For related resources: