Website Building Guides & Tutorials

Website management begins before you touch the site. The handover—whether from a previous agency, a client's internal team, or a departing colleague—determines whether future operations will feel calm or chaotic.

Inadequate handovers create months of frustration: mysteries about why configurations exist, missing credentials discovered during emergencies, undocumented dependencies that break unexpectedly, and clients asking questions you can't answer because the information wasn't transferred. A thorough pre-management audit conducted before accepting responsibility helps identify gaps in this documentation early.

This checklist provides a framework for three scenarios:

Outgoing handovers: You built the site, someone else manages it
Incoming audits: You're accepting management of an existing site
Internal transitions: Team members change, clients transfer between account managers

It's comprehensive, intentionally. Not every item applies to every situation, but the checklist prevents critical gaps that convert manageable websites into mysterious problems. As agencies quickly learn, what happens after a website goes live determines its long-term success.

I. Access & Credentials Foundation

Operations depend on access. Missing credentials block routine tasks and convert simple changes into expensive delays.

1. Hosting Account Access

Primary hosting provider and account credentials
Hosting plan details (resources, renewal date, costs)
FTP/SFTP credentials with correct permissions
SSH access if applicable
Hosting control panel access (cPanel, Plesk, custom dashboards)
Server location and configuration details

2. Domain Management Access

Domain registrar and account credentials
Domain renewal date and auto-renewal status
DNS management access
Current DNS records and their purposes
Email routing configurations
Subdomain setup and purposes

3. CMS/Platform Access

Admin credentials with appropriate permission levels
Multi-factor authentication setup and recovery options
User roles and current active users
Access history if security-sensitive

4. External Service Accounts

Email service provider (transactional emails, newsletters)
Analytics platforms (Google Analytics, etc.)
CDN or performance services
Backup services
Security/monitoring services
Form handling services
Payment processor accounts
Social media management tools
SEO tools with ongoing subscriptions

5. Third-Party Integration Credentials

API keys and secrets
OAuth connections and refresh tokens
Webhook URLs and authentication
Integration documentation or setup notes

II. Technical Architecture Documentation

Understanding how the site is built determines how safely and effectively you can maintain it.

6. Platform & Stack Details

CMS or framework (WordPress, Webflow, Shopify, custom, etc.)
Version information
Hosting environment (shared, VPS, dedicated, managed WordPress, etc.)
PHP/Node/Python version and requirements
Database type and version
Server software (Apache, Nginx, etc.)

7. Theme/Template Information

Theme name and version
Whether it's premium, custom, or free
Theme documentation or support access
Customization approach (child theme, direct edits, page builder)
License information for premium themes

8. Plugin/Extension/Module Inventory

Complete list of active plugins/extensions
Purpose of each (not always obvious from names)
Premium plugins requiring licenses or renewals
Custom-developed plugins
Plugins with known compatibility concerns
Inactive plugins still installed (and why they're retained)

9. Custom Code Documentation

Custom functionality beyond standard plugins
Code location (theme functions, custom plugins, etc.)
Purpose and behavior of custom code
Dependencies (libraries, external APIs)
Known limitations or edge cases

10. Database Structure & Customizations

Custom tables beyond standard CMS tables
Database access credentials
Backup and restore procedures
Size and growth patterns
Cleanup or maintenance requirements

III. Operational Procedures & History

How the site has been managed informs future decisions. History reveals patterns, problems, and working solutions.

11. Update History & Procedures

Update frequency and timing (when updates are applied)
Testing process before production updates
Staging environment availability and access
Problematic updates encountered previously
Items deliberately not updated (and why)

12. Backup Systems & Verification

Backup solution in use (host, plugin, external service)
Backup frequency and retention period
What's backed up (files, database, both)
Backup storage location and access
Most recent successful backup verification
Tested restore procedure documentation

13. Security Measures & Incident History

Security plugins or services active
Firewall configurations
Login attempt protections
SSL certificate provider and renewal process
Previous security incidents and how they were resolved
Known vulnerabilities or security concerns

14. Monitoring & Alert Systems

Uptime monitoring setup
Performance monitoring tools
Error logging and notification systems
Who receives alerts and how
Alert response procedures

These automated systems complement manual weekly maintenance checks to ensure comprehensive site health monitoring.

15. Maintenance History

Recurring problems and their patterns
Recent major changes or migrations
Workarounds implemented for ongoing issues
Performance optimizations applied
Recent support tickets and resolutions

IV. Performance & Optimization Configuration

Performance configurations affect update behavior, troubleshooting difficulty, and user experience. Changes without understanding existing optimization can break functionality.

16. Caching Configurations

Page caching method (plugin, server-level, host-managed)
Object caching if implemented
Browser caching rules
Cache exclusions (dynamic pages, logged-in users, etc.)
Cache clearing procedures and frequency

17. CDN Setup

CDN provider and account access
What's served through CDN (all assets vs. selective)
CDN configuration details
Cache purging procedures
Cost structure and usage limits

18. Database Optimization

Database cleanup schedules
Query optimization implementations
Indexing customizations
Database size management approach

19. Image & Media Management

Image optimization method (plugin, external service, manual)
Media library organization approach
External media storage (S3, etc.) if applicable
Lazy loading implementations
Media backup procedures

Understanding these optimization configurations prevents accidental performance degradation and informs weekly maintenance routines.

V. Content & SEO Infrastructure

Content structure and SEO configurations affect both user experience and search performance. Changes require understanding existing structure.

20. SEO Configuration

SEO plugin/tool in use
XML sitemap location and generation method
Robots.txt configuration
Structured data implementations
Canonical URL rules
Redirect rules and their purposes
Google Search Console and Bing Webmaster Tools access

21. Content Structure & Backup

Content types beyond standard posts/pages
Taxonomy structure (categories, tags, custom taxonomies)
Custom fields and meta data usage
Content migration history if applicable
Editorial workflow or approval processes

22. User Roles & Permissions

Custom user roles beyond defaults
Permission customizations
Users with admin access and their purposes
User management procedures

VI. Client-Specific Configurations

Every site has unique requirements. Client-specific configurations often cause the most confusion during transitions because they're not standard or obvious.

23. Forms & Lead Capture

Form plugin or service in use
Form submission routing (where notifications go)
Form data storage (database, external service, both)
Spam protection methods
Required field validation rules
Form backup or export procedures

24. E-commerce Configurations (if applicable)

E-commerce platform (WooCommerce, Shopify, custom)
Payment gateway configuration
Tax calculation methods
Shipping configuration
Inventory management approach
Order fulfillment workflow
Abandoned cart handling

25. Email Systems

Transactional email configuration (SMTP, service)
Newsletter/marketing email integration
Email template customizations
Email deliverability monitoring

26. External Integrations

CRM integrations
Marketing automation connections
Social media feeds or sharing
Live chat implementations
Booking or scheduling systems
Custom API integrations

27. Scheduled Tasks & Automation

Cron jobs or scheduled tasks
Automated content publishing
Automated reports or notifications
Background processing tasks

VII. Legal & Compliance Considerations

Legal and compliance requirements vary by industry, location, and client type. Violations create liability regardless of handover quality.

28. Privacy & Data Protection

Privacy policy status and requirements
Cookie consent implementation (GDPR, CCPA compliance)
Data retention policies
User data export/deletion procedures
Third-party data sharing configurations

29. Accessibility Status

Accessibility compliance level target (WCAG 2.1 A, AA, AAA)
Known accessibility issues
Accessibility testing tools or audits performed
Required compliance (ADA, Section 508, etc.)

30. Legal Requirements

Industry-specific compliance needs (HIPAA, PCI-DSS, etc.)
Terms of service and legal page status
Content licensing or attribution requirements
Age restrictions or geographic limitations

VIII. Client Relationship & Expectations

Technical handovers without relationship context create client friction. Understanding expectations and communication patterns prevents misunderstandings.

31. Service Scope & SLA

What's included in ongoing management
Response time expectations
Update schedules and procedures
Emergency support availability
Out-of-scope work boundaries

32. Communication Protocols

Primary client contact information
Preferred communication methods
Communication frequency expectations
Escalation procedures
Reporting requirements

33. Budget & Financial Arrangements

Monthly/annual fee structure
What's included vs. billed separately
Payment schedule and method
Cost limits for work without approval
Budget for external services (hosting, licenses)

34. Known Client Preferences

Update timing preferences
Notification preferences
Risk tolerance (aggressive vs. conservative updates)
Design change sensitivity
Feature requests or wishlist items

IX. Future Planning & Roadmap

Understanding planned changes affects maintenance decisions.

35. Planned Updates or Changes

Known upcoming feature needs
Scheduled redesigns or major updates
Platform migration considerations
Integration plans
Growth expectations and scaling considerations

36. Known Issues & Technical Debt

Documented problems not yet resolved
Workarounds currently in place
Needed refactoring or cleanup
Deprecated code or plugins
Security concerns requiring eventual attention

X. Handover Meeting & Knowledge Transfer

Documentation alone isn't sufficient—verbal transfer catches context.

37. Structured Handover Meeting

Walkthrough of actual site (not just documentation review)
Demonstration of common tasks
Discussion of past problems and solutions
Questions about unusual configurations
Clarification of ambiguous documentation

38. Transition Period Support

Availability for questions after handover
Escalation path for unforeseen issues
Timeline for transition support
Documentation of transition support boundaries

Using This Checklist in Practice

For Outgoing Handovers (Sites You Built):

Use this checklist during project closure to ensure complete knowledge transfer. Complete it before the final client meeting, not during rushed last-minute preparations. Treat it as part of project completion, not an afterthought.

For Incoming Audits (Sites You're Accepting):

Use this checklist during sales/discovery before committing to management. Missing items aren't necessarily deal-breakers, but they inform effort estimation and pricing. Some items missing = standard onboarding. Most items missing = either refuse the client or charge for site reconstruction before management begins.

For Internal Handovers (Team Transitions):

Use this when team members change or clients transfer between account managers. Prevents knowledge loss during team evolution.

Adapting the Checklist

This checklist is comprehensive, not prescriptive. Adapt it:

Small simple sites may not need every item
Complex applications may need additional platform-specific items
Your agency's standards might make some items redundant (if you always use X backup solution, no need to document it per-site)
Some clients have unusual requirements needing custom additions

The goal isn't checklist compliance—it's ensuring whoever manages the site next (including future-you) has the information needed for calm, effective operations.

The Completeness Reality Check

Complete handovers are rare. Even agencies following checklists systematically often discover gaps months later. Perfection isn't the goal—significant improvement over ad-hoc handovers is.

A handover covering 80% of this checklist is excellent. A handover covering 50% is acceptable for many contexts. A handover covering 20% creates problems. No handover creates chaos.

The checklist exists to raise the floor from "we'll figure it out" to "we have most of what's needed and know what's missing."

The Post-Handover Refinement

Good agencies refine handover documentation throughout the management phase. When something undocumented causes problems, it gets documented immediately. The handover becomes a living document that improves based on operational experience.

This refinement benefits:

Future team members who inherit the client
The client if they later change agencies
The agency's understanding of effective handover practices

Common Handover Failures

Most inadequate handovers fail in predictable ways:

Credential rot: Passwords documented but changed later without updating docs
Assumption documentation: "It's just a standard WordPress setup" (it never is)
Personal knowledge: Information in someone's head, not captured anywhere
Process invisibility: Automated tasks running without anyone knowing they exist
Integration blindness: External services connected without documentation
History amnesia: No record of why decisions were made or problems encountered

This checklist addresses these failure modes through structured, comprehensive documentation.

The Business Case for Thorough Handovers

Investing time in complete handovers reduces long-term costs:

Faster troubleshooting (information is documented, not rediscovered)
Reduced errors (understanding configurations prevents mistakes)
Smoother team transitions (knowledge isn't person-dependent)
Better client service (faster responses, fewer "we'll have to research that" delays)
Reduced stress (confidence from understanding vs. anxiety from mystery)

The handover time investment is measured in hours. The operational efficiency gain is measured in years. The ROI is obvious once agencies track the cost of inadequate handovers.

Conclusion: Handover as Investment

Website handovers aren't administrative tasks to rush through—they're investments in operational sustainability. Every hour spent documenting during handover saves dozens of hours troubleshooting, researching, and reconstructing knowledge later.

Agencies that treat handovers as essential project components rather than optional paperwork operate more calmly, serve clients better, and accumulate manageable portfolios rather than mysterious collections of sites held together by tribal knowledge and luck.

The difference between stressed agencies constantly firefighting and calm agencies managing predictably often traces back to systematic handover practices implemented consistently across all clients.

Frequently Asked Questions

Isn't this checklist too extensive for small, simple websites?

Yes, if applied rigidly. The checklist serves as a comprehensive reference—use relevant sections for each project. A five-page site needs less documentation than a custom application. But even simple sites benefit from basic documentation: hosting access, update history, backup verification, and client expectations matter regardless of site complexity.

What if the previous agency won't provide thorough handover information?

Common problem. Options include: (1) Charge the new client for site archaeology and reconstruction, (2) Refuse the client unless they can obtain better information, or (3) Accept the client with clear communication that incomplete information means higher costs and longer troubleshooting times initially. Never accept inadequate handovers while promising standard service.

How do agencies balance thorough handovers with project timelines and budgets?

By treating handover documentation as a project deliverable, not an afterthought. Build handover time into project estimates from the start. Document throughout development, not during final rush. Use templates and checklists to standardize documentation work. The cost is real but necessary—underfunding handovers creates larger future costs.

Should agencies charge separately for comprehensive handovers?

Depends on positioning. Some agencies include thorough handovers in project pricing as a quality differentiator. Others explicitly itemize handover work to make the value visible. Either approach works if handover time is realistically accounted for in pricing. What doesn't work: promising thorough handovers while not budgeting time to create them.

How often should handover documentation be updated after initial transfer?

Whenever significant changes occur: major updates, new integrations, configuration changes, security incidents, or process modifications. Good practice: quarterly review of documentation accuracy, updating anything that's drifted from reality. Handover docs should always be current enough that they'd be useful if the site transferred tomorrow.

This is written by the team behind NoCodeVista, where we build website management systems that work without drama.