# Digital Dabei Job Manager - Deployment Checklist This checklist ensures the plugin is ready for production deployment and all requirements are met. ## 1. Server Requirements - [ ] **PHP Version:** 7.4 or higher (8.0+ recommended) - [ ] **WordPress Version:** 6.0 or higher - [ ] **PHP Memory Limit:** 256M minimum (512M recommended for Action Scheduler) - [ ] **Max Execution Time:** 60 seconds minimum - [ ] **HTTPS Enabled:** SSL certificate installed and active - [ ] **WP Cron:** Enabled (required for Action Scheduler) - [ ] **File Upload Limits:** 10MB minimum for logo uploads ## 2. Required Plugins ### Core Dependencies - [ ] **Advanced Custom Fields (ACF) Pro:** License activated, all field groups imported - [ ] **Formidable Forms Pro:** License activated, all forms (F1-F5) created - [ ] **Elementor Pro:** License activated, templates configured - [ ] **WP Mail SMTP:** Installed and configured for production email delivery ### Formidable Forms Add-ons - [ ] Formidable Pro - [ ] Form Action Automation (for post creation) - [ ] User Registration Add-on (for provider registration) ## 3. Plugin Configuration ### ACF Field Groups - [ ] **Job Details** field group exists - [ ] `job_location` (text field) - [ ] `job_type` (select: Vollzeit, Teilzeit, Minijob, Freelance/Projekt) - [ ] `job_deadline` (date picker, return format: Ymd) - [ ] `job_contact_email` (email field) - [ ] **Job Deactivation** field group exists - [ ] `deactivation_reason` (textarea) - [ ] `deactivation_date` (date picker) - [ ] **Job Metadata** field group exists - [ ] `submission_date` (date picker, readonly) - [ ] All field groups assigned to `job_offer` post type - [ ] German labels display correctly in admin ### Formidable Forms (F1-F5) - [ ] **F1: Provider Registration** (form key: `provider_registration`) - [ ] Creates user with `ddhh_provider` role - [ ] Required fields: email, password, Anbieter Name - [ ] Auto-login after registration action configured - [ ] Redirect to dashboard after registration - [ ] **F2: Job Submission** (form key: `job_submission`) - [ ] Creates `job_offer` post with `pending` status - [ ] Maps all fields to ACF (title, content, location, type, deadline, contact email) - [ ] Logo upload field (stores as attachment) - [ ] Redirect to dashboard after submission - [ ] **F3: Job Edit** (form key: `job_edit`) - [ ] Loads existing job data via URL parameter - [ ] Ownership validation via `frm_validate_entry` hook - [ ] Preserves submission date on update - [ ] Resets status to `pending` after edit - [ ] **F4: Job Deactivation** (form key: `job_deactivation`) - [ ] Loads existing job data via URL parameter - [ ] Ownership validation - [ ] Sets status to `draft` - [ ] Captures deactivation reason in ACF field - [ ] **F5: Job Application** (form key: `job_application`) - [ ] Pre-fills mentor email if logged in - [ ] Sends application to provider's contact email - [ ] Stays on job detail page after submission ### Elementor Templates - [ ] Job archive page (`/jobangebote/`) configured with Loop Grid - [ ] Single job template displays ACF fields dynamically - [ ] Contact form modal displays on single job pages - [ ] Templates use German labels and formatting ### User Notification Opt-in - [ ] Mentor users can opt-in to job notifications - [ ] User meta key: `ddhh_jm_notification_optin` (value: 'yes') - [ ] Opt-in setting accessible via profile/account page ## 4. Email Configuration ### WP Mail SMTP Production Setup - [ ] SMTP provider configured (Gmail, SendGrid, AWS SES, etc.) - [ ] SMTP credentials entered and tested - [ ] "From Email" set to verified sender address - [ ] "From Name" set appropriately (e.g., "Digital Dabei Hamburg") - [ ] Test email sent successfully from WP Mail SMTP settings ### Email Verification - [ ] **Admin email** (WordPress Settings → General) is correct - [ ] Admin receives test notification emails - [ ] Provider receives test notification emails - [ ] Mentor receives test notification emails - [ ] Email templates display correctly (HTML formatting) - [ ] German text displays correctly (no character encoding issues) ### Notification Testing - [ ] Job submission triggers admin notification - [ ] Job edit triggers admin notification with change summary - [ ] Job deactivation triggers admin notification with reason - [ ] Job publish triggers mentor notification (async batches) - [ ] Job application triggers provider notification - [ ] All email links are clickable and work correctly ## 5. Access Control ### Required Pages - [ ] `/anbieter-login/` page exists with login/registration forms - [ ] `/anbieter-dashboard/` page exists with `[ddhh_provider_dashboard]` shortcode - [ ] Page IDs stored in options: `ddhh_jm_login_page_id`, `ddhh_jm_dashboard_page_id` - [ ] Pages are published and accessible ### Redirect Testing - [ ] Providers attempting WP-Admin access redirected to dashboard - [ ] Exception: `profile.php` accessible for providers - [ ] Exception: `admin-ajax.php` accessible for AJAX - [ ] Non-logged-in users accessing dashboard redirected to login page - [ ] Non-logged-in users accessing job archive redirected to login page - [ ] Non-logged-in users accessing single job redirected to login page ## 6. User Roles & Capabilities ### ddhh_provider Role - [ ] Role exists in WordPress - [ ] Capabilities configured: - [ ] `read` (can access WordPress) - [ ] `edit_job_offers` (can edit their own jobs) - [ ] `delete_job_offers` (can delete their own jobs) - [ ] `read_job_offer` (can read published jobs) - [ ] No `publish_job_offers` capability (enforces pending status) ### Test Users - [ ] Test provider account created and can log in - [ ] Test mentor account (subscriber role) created and can log in - [ ] Test admin account can access all features - [ ] Provider can only edit/delete their own jobs (not others') - [ ] Provider cannot access WP-Admin (except profile.php) ## 7. Action Scheduler ### Verification - [ ] Visit: `/wp-admin/tools.php?page=action-scheduler` - [ ] Action Scheduler page loads without errors - [ ] WP Cron is running (check via WP-Cron Control plugin or server cron) - [ ] Alternative: Server cron configured to trigger `wp-cron.php` every 5 minutes ### Monitoring - [ ] Check "Pending" tab for queued email batches - [ ] Check "Complete" tab for successfully processed batches - [ ] Check "Failed" tab for errors (should be empty) - [ ] Review logs for "Scheduled X notification batches" messages - [ ] Review logs for "Processed notification batch" messages - [ ] No PHP errors or warnings in error logs ### Performance - [ ] Email batches process in chunks of 50 users (rate limiting) - [ ] No timeout errors during batch processing - [ ] Batch actions complete within reasonable time (< 30 seconds per batch) ## 8. Testing Checklist ### Provider Flow (See Plan 07-01) - [ ] Registration creates provider account successfully - [ ] Auto-login after registration works - [ ] Redirect to dashboard after registration works - [ ] Job submission creates pending post with all fields - [ ] Logo upload and display works - [ ] Dashboard displays submitted jobs with correct status - [ ] Edit form loads job data correctly - [ ] Edit saves changes and resets status to pending - [ ] Deactivation sets status to draft and captures reason - [ ] Provider can view their own jobs in dashboard - [ ] Logout functionality available ### Mentor Flow (See Plan 07-02) - [ ] Job archive displays published jobs only - [ ] Login required to access job archive - [ ] Single job page displays all details correctly - [ ] Contact form modal displays on single job pages - [ ] Application form submits successfully - [ ] Provider receives application notification - [ ] Notification opt-in preference saves correctly - [ ] Opted-in mentors receive job publish notifications ### Admin Flow (See Plan 07-03) - [ ] Admin job list displays custom columns (Eingereicht am, Standort, Art) - [ ] Custom columns are sortable - [ ] Pending jobs visible in admin list - [ ] Admin can change status from pending to published - [ ] Admin can reject jobs (set to draft) - [ ] Admin receives submission notification with edit link - [ ] Admin receives edit notification with change summary - [ ] Admin receives deactivation notification with reason - [ ] Email links are clickable and work correctly ## 9. Security Checklist - [ ] **HTTPS Enabled:** All pages served over SSL - [ ] **User Enumeration:** Blocked via security plugin or .htaccess - [ ] **File Upload Restrictions:** Only image files allowed for logos - [ ] **Ownership Validation:** Forms validate user owns job before editing/deactivation - [ ] **Capability Checks:** All admin functions check user capabilities - [ ] **Nonce Verification:** Formidable forms use nonces for CSRF protection - [ ] **SQL Injection:** All queries use prepared statements (WordPress core) - [ ] **XSS Protection:** All output escaped via `esc_html()`, `esc_url()`, etc. - [ ] **Password Strength:** WordPress default password strength enforced - [ ] **Admin Access:** Providers cannot access WP-Admin backend ## 10. Performance - [ ] **Query Optimization:** Custom columns use efficient queries (no N+1 issues) - [ ] **Image Optimization:** Logos auto-cropped to 200x200px on upload - [ ] **Caching:** Object caching enabled if high traffic expected (Redis, Memcached) - [ ] **CDN:** Consider CDN for static assets if high traffic - [ ] **Database Indexes:** ACF meta keys indexed for fast sorting - [ ] **Action Scheduler Cleanup:** Old completed actions cleaned up regularly (90-day retention) ## 11. Backup Strategy ### Pre-Deployment - [ ] **Full Database Backup:** Export complete database before plugin activation - [ ] **File System Backup:** Backup entire WordPress installation - [ ] **Test Restore:** Verify backup can be restored successfully - [ ] **Backup Storage:** Store backups in secure, offsite location ### Rollback Plan - [ ] Document rollback procedure (deactivate plugin, restore database) - [ ] Identify rollback trigger criteria (critical bugs, data loss) - [ ] Assign rollback decision authority (who can authorize rollback) - [ ] Test rollback procedure in staging environment ## 12. Post-Deployment Verification ### Smoke Tests (Within 1 hour) - [ ] WordPress admin loads without errors - [ ] Plugin appears in active plugins list - [ ] Job archive page loads - [ ] Single job page loads - [ ] Provider login page loads - [ ] Provider dashboard loads - [ ] No fatal PHP errors in error logs ### Functional Tests (Within 24 hours) - [ ] Provider registration creates account - [ ] Job submission creates pending post - [ ] Admin receives submission notification - [ ] Admin can publish job - [ ] Mentors receive publish notification (check Action Scheduler) - [ ] Mentor can apply to job - [ ] Provider receives application notification - [ ] Job edit works correctly - [ ] Job deactivation works correctly ### Monitoring (First 7 days) - [ ] Monitor error logs daily for PHP warnings/errors - [ ] Check Action Scheduler for failed actions daily - [ ] Review email delivery logs for bounces/failures - [ ] Monitor server performance (CPU, memory, database queries) - [ ] Collect user feedback on any issues or confusion - [ ] Track job submission rate and mentor engagement ## Issues Found During Testing ### Known Issues (Phase 7 Testing) **Issue 1: No logout option on /anbieter-login/ page** - **Severity:** Low (UX improvement) - **Impact:** Minor confusion for logged-in providers - **Status:** Documented, recommended fix for future update **Issue 2: Admin submission email missing job description** - **Severity:** Medium (reduces notification usefulness) - **Impact:** Admin must click through to WP-Admin to read description - **Status:** Documented, recommended fix for future update **Issue 3: Deactivation reason not displayed in admin notification** - **Severity:** Medium (reduces business intelligence) - **Impact:** Admin loses visibility into deactivation reasons via email - **Status:** Documented, recommended fix for future update **Issue 4: Admin email edit links not clickable** - **Severity:** Medium (reduces notification usefulness) - **Impact:** Admin cannot click edit link, must copy/paste URL - **Status:** Documented, recommended fix for future update ## Support Resources - **Plugin Documentation:** `.planning/PROJECT.md`, `CLAUDE.md` - **Test Results:** `.planning/phases/07-testing-polish/` (07-01, 07-02, 07-03 summaries) - **Architecture Reference:** `CLAUDE.md` (subsystems, workflows, hooks) - **Action Scheduler Docs:** https://actionscheduler.org/ - **ACF Documentation:** https://www.advancedcustomfields.com/resources/ - **Formidable Forms Docs:** https://formidableforms.com/knowledgebase/ ## Sign-Off - [ ] **Technical Review:** All checklist items verified by developer - [ ] **QA Testing:** All user flows tested end-to-end - [ ] **Stakeholder Approval:** Product owner approves deployment - [ ] **Deployment Window:** Scheduled deployment time confirmed - [ ] **Team Notification:** All stakeholders notified of deployment **Deployment Date:** _________________ **Deployed By:** _________________ **Verified By:** _________________ --- **Status:** Ready for production deployment with 4 minor UX issues documented for future updates.