- Caching and temporary directories accessible (permissions!) by webserver
- Webfonts available for production domain
- Are email adresses (a little) protected?
- Do you need a captcha somewhere?
- Debug disabled
- Removed unnecessary credentials (e.g. development database)
- Only webroot accessible from the outside
- htaccess: silence is golden
- Secure passwords
- Secure hashing algorhythm (and salted)
- Caching enabled
- CSS/JS compressed and concatenated
- Graphics smushed
- htaccess: gzip-compression, cache expiration, etc.
- Added links to fb/google+/twitter/etc
- Added OpenGraph-Tags
- Proper title and meta-tags
- Google Analytics tracking code
- Google Webmaster Tools / Site claimed
- Added favicons/tiles/touch-icons/etc
- Retina-ready?
- About
- Privacy
- Terms
- Dedicated pages for all of these
- Email/Phone number correct
- UTF-8
- Backlink to your own webpage
- Email client set up
- Server uses correct time and timezone
- Correct PHP Locale
- Credits/Backlink to your website