First Steps
Security
- Enable Two Factor Authentication
- Make sure ACL is properly setup
- Disable Mass Mail (Global Configuration → Server)
- Remove All unused Users, Groups
- Disable User Registration (Global Configuration → Users → User Options)
- Setup password Complexity if you allow User Registration (Global Configuration → Users → Password Options)
- Activate https for the whole site (Global Configuration → Server)
Configuration
- Set the PHP required by your Joomla installation MultiPHP Manager
- Setup ReCaptcha. Get credentials from ReCaptcha, setup the plugin Joomla ReCaptcha Plugin, set the option in (Global Configuration → Site) as below.
- Disable Error Reporting (Global Configuration → Server)
- Setup eMail (SMTP) (Global Configuration → Server)
- Select Correct Time Zone (Global Configuration → Server)
- Set Feed eMail Address to “No Email”
SEF
- Enable SEF → Joomla Enable SEF
- Make sure all of your alias for menus, categories, articles are small caps and use - for space, ex. product-list
| Alias Quality | Alias |
|---|---|
| Bad |  |
| Good |  |
| Better |  |
- Install ReDJ for making custom urls or redirects from your old site. ReDJ Setup
- Setup a Joomla Custom 404 Page
Caching & Sessions
- Enable Caching & Session → Joomla Caching
Media
Extensions
- Delete Unused Extensions
- Update All Extensions
Templates
- Uninstall unused Templates
Legal Terms
- Enable Cookie Banner
- Create a Terms of Service page
- Create a Privacy page
- Setup Google Analytics
- Check PageSpeed Insights
Content
- Remove All unused Articles, Categories, Menus and Modules.
- Remove All unused Assets (Images etc)
- Empty Trashes
- Check Robots.txt for required changes
You should be ready to go public.