Digital-Dabei-Hamburg-Job-Manager/.planning/phases/07-testing-polish/DEPLOYMENT-CHECKLIST.md

Digital Dabei Job Manager - Deployment Checklist

This checklist ensures the plugin is ready for production deployment and all requirements are met.

1. Server Requirements

• PHP Version: 7.4 or higher (8.0+ recommended)
• WordPress Version: 6.0 or higher
• PHP Memory Limit: 256M minimum (512M recommended for Action Scheduler)
• Max Execution Time: 60 seconds minimum
• HTTPS Enabled: SSL certificate installed and active
• WP Cron: Enabled (required for Action Scheduler)
• File Upload Limits: 10MB minimum for logo uploads

2. Required Plugins

Core Dependencies

• Advanced Custom Fields (ACF) Pro: License activated, all field groups imported
• Formidable Forms Pro: License activated, all forms (F1-F5) created
• Elementor Pro: License activated, templates configured
• WP Mail SMTP: Installed and configured for production email delivery

Formidable Forms Add-ons

• Formidable Pro
• Form Action Automation (for post creation)
• User Registration Add-on (for provider registration)

3. Plugin Configuration

ACF Field Groups

• Job Details field group exists
  • job_location (text field)
  • job_type (select: Vollzeit, Teilzeit, Minijob, Freelance/Projekt)
  • job_deadline (date picker, return format: Ymd)
  • job_contact_email (email field)
• Job Deactivation field group exists
  • deactivation_reason (textarea)
  • deactivation_date (date picker)
• Job Metadata field group exists
  • submission_date (date picker, readonly)
• All field groups assigned to job_offer post type
• German labels display correctly in admin

Formidable Forms (F1-F5)

• F1: Provider Registration (form key: provider_registration)
  • Creates user with ddhh_provider role
  • Required fields: email, password, Anbieter Name
  • Auto-login after registration action configured
  • Redirect to dashboard after registration
• F2: Job Submission (form key: job_submission)
  • Creates job_offer post with pending status
  • Maps all fields to ACF (title, content, location, type, deadline, contact email)
  • Logo upload field (stores as attachment)
  • Redirect to dashboard after submission
• F3: Job Edit (form key: job_edit)
  • Loads existing job data via URL parameter
  • Ownership validation via frm_validate_entry hook
  • Preserves submission date on update
  • Resets status to pending after edit
• F4: Job Deactivation (form key: job_deactivation)
  • Loads existing job data via URL parameter
  • Ownership validation
  • Sets status to draft
  • Captures deactivation reason in ACF field
• F5: Job Application (form key: job_application)
  • Pre-fills mentor email if logged in
  • Sends application to provider's contact email
  • Stays on job detail page after submission

Elementor Templates

• Job archive page (/jobangebote/) configured with Loop Grid
• Single job template displays ACF fields dynamically
• Contact form modal displays on single job pages
• Templates use German labels and formatting

User Notification Opt-in

• Mentor users can opt-in to job notifications
• User meta key: ddhh_jm_notification_optin (value: 'yes')
• Opt-in setting accessible via profile/account page

4. Email Configuration

WP Mail SMTP Production Setup

• SMTP provider configured (Gmail, SendGrid, AWS SES, etc.)
• SMTP credentials entered and tested
• "From Email" set to verified sender address
• "From Name" set appropriately (e.g., "Digital Dabei Hamburg")
• Test email sent successfully from WP Mail SMTP settings

Email Verification

• Admin email (WordPress Settings → General) is correct
• Admin receives test notification emails
• Provider receives test notification emails
• Mentor receives test notification emails
• Email templates display correctly (HTML formatting)
• German text displays correctly (no character encoding issues)

Notification Testing

• Job submission triggers admin notification
• Job edit triggers admin notification with change summary
• Job deactivation triggers admin notification with reason
• Job publish triggers mentor notification (async batches)
• Job application triggers provider notification
• All email links are clickable and work correctly

5. Access Control

Required Pages

• /anbieter-login/ page exists with login/registration forms
• /anbieter-dashboard/ page exists with [ddhh_provider_dashboard] shortcode
• Page IDs stored in options: ddhh_jm_login_page_id, ddhh_jm_dashboard_page_id
• Pages are published and accessible

Redirect Testing

• Providers attempting WP-Admin access redirected to dashboard
• Exception: profile.php accessible for providers
• Exception: admin-ajax.php accessible for AJAX
• Non-logged-in users accessing dashboard redirected to login page
• Non-logged-in users accessing job archive redirected to login page
• Non-logged-in users accessing single job redirected to login page

6. User Roles & Capabilities

ddhh_provider Role

• Role exists in WordPress
• Capabilities configured:
  • read (can access WordPress)
  • edit_job_offers (can edit their own jobs)
  • delete_job_offers (can delete their own jobs)
  • read_job_offer (can read published jobs)
  • No publish_job_offers capability (enforces pending status)

Test Users

• Test provider account created and can log in
• Test mentor account (subscriber role) created and can log in
• Test admin account can access all features
• Provider can only edit/delete their own jobs (not others')
• Provider cannot access WP-Admin (except profile.php)

7. Action Scheduler

Verification

• Visit: /wp-admin/tools.php?page=action-scheduler
• Action Scheduler page loads without errors
• WP Cron is running (check via WP-Cron Control plugin or server cron)
• Alternative: Server cron configured to trigger wp-cron.php every 5 minutes

Monitoring

• Check "Pending" tab for queued email batches
• Check "Complete" tab for successfully processed batches
• Check "Failed" tab for errors (should be empty)
• Review logs for "Scheduled X notification batches" messages
• Review logs for "Processed notification batch" messages
• No PHP errors or warnings in error logs

Performance

• Email batches process in chunks of 50 users (rate limiting)
• No timeout errors during batch processing
• Batch actions complete within reasonable time (< 30 seconds per batch)

8. Testing Checklist

Provider Flow (See Plan 07-01)

• Registration creates provider account successfully
• Auto-login after registration works
• Redirect to dashboard after registration works
• Job submission creates pending post with all fields
• Logo upload and display works
• Dashboard displays submitted jobs with correct status
• Edit form loads job data correctly
• Edit saves changes and resets status to pending
• Deactivation sets status to draft and captures reason
• Provider can view their own jobs in dashboard
• Logout functionality available

Mentor Flow (See Plan 07-02)

• Job archive displays published jobs only
• Login required to access job archive
• Single job page displays all details correctly
• Contact form modal displays on single job pages
• Application form submits successfully
• Provider receives application notification
• Notification opt-in preference saves correctly
• Opted-in mentors receive job publish notifications

Admin Flow (See Plan 07-03)

• Admin job list displays custom columns (Eingereicht am, Standort, Art)
• Custom columns are sortable
• Pending jobs visible in admin list
• Admin can change status from pending to published
• Admin can reject jobs (set to draft)
• Admin receives submission notification with edit link
• Admin receives edit notification with change summary
• Admin receives deactivation notification with reason
• Email links are clickable and work correctly

9. Security Checklist

• HTTPS Enabled: All pages served over SSL
• User Enumeration: Blocked via security plugin or .htaccess
• File Upload Restrictions: Only image files allowed for logos
• Ownership Validation: Forms validate user owns job before editing/deactivation
• Capability Checks: All admin functions check user capabilities
• Nonce Verification: Formidable forms use nonces for CSRF protection
• SQL Injection: All queries use prepared statements (WordPress core)
• XSS Protection: All output escaped via esc_html(), esc_url(), etc.
• Password Strength: WordPress default password strength enforced
• Admin Access: Providers cannot access WP-Admin backend

10. Performance

• Query Optimization: Custom columns use efficient queries (no N+1 issues)
• Image Optimization: Logos auto-cropped to 200x200px on upload
• Caching: Object caching enabled if high traffic expected (Redis, Memcached)
• CDN: Consider CDN for static assets if high traffic
• Database Indexes: ACF meta keys indexed for fast sorting
• Action Scheduler Cleanup: Old completed actions cleaned up regularly (90-day retention)

11. Backup Strategy

Pre-Deployment

• Full Database Backup: Export complete database before plugin activation
• File System Backup: Backup entire WordPress installation
• Test Restore: Verify backup can be restored successfully
• Backup Storage: Store backups in secure, offsite location

Rollback Plan

• Document rollback procedure (deactivate plugin, restore database)
• Identify rollback trigger criteria (critical bugs, data loss)
• Assign rollback decision authority (who can authorize rollback)
• Test rollback procedure in staging environment

12. Post-Deployment Verification

Smoke Tests (Within 1 hour)

• WordPress admin loads without errors
• Plugin appears in active plugins list
• Job archive page loads
• Single job page loads
• Provider login page loads
• Provider dashboard loads
• No fatal PHP errors in error logs

Functional Tests (Within 24 hours)

• Provider registration creates account
• Job submission creates pending post
• Admin receives submission notification
• Admin can publish job
• Mentors receive publish notification (check Action Scheduler)
• Mentor can apply to job
• Provider receives application notification
• Job edit works correctly
• Job deactivation works correctly

Monitoring (First 7 days)

• Monitor error logs daily for PHP warnings/errors
• Check Action Scheduler for failed actions daily
• Review email delivery logs for bounces/failures
• Monitor server performance (CPU, memory, database queries)
• Collect user feedback on any issues or confusion
• Track job submission rate and mentor engagement

Issues Found During Testing

Known Issues (Phase 7 Testing)

Issue 1: No logout option on /anbieter-login/ page

• Severity: Low (UX improvement)
• Impact: Minor confusion for logged-in providers
• Status: Documented, recommended fix for future update

Issue 2: Admin submission email missing job description

• Severity: Medium (reduces notification usefulness)
• Impact: Admin must click through to WP-Admin to read description
• Status: Documented, recommended fix for future update

Issue 3: Deactivation reason not displayed in admin notification

• Severity: Medium (reduces business intelligence)
• Impact: Admin loses visibility into deactivation reasons via email
• Status: Documented, recommended fix for future update

Issue 4: Admin email edit links not clickable

• Severity: Medium (reduces notification usefulness)
• Impact: Admin cannot click edit link, must copy/paste URL
• Status: Documented, recommended fix for future update

Support Resources

• Plugin Documentation: .planning/PROJECT.md, CLAUDE.md
• Test Results: .planning/phases/07-testing-polish/ (07-01, 07-02, 07-03 summaries)
• Architecture Reference: CLAUDE.md (subsystems, workflows, hooks)
• Action Scheduler Docs: https://actionscheduler.org/
• ACF Documentation: https://www.advancedcustomfields.com/resources/
• Formidable Forms Docs: https://formidableforms.com/knowledgebase/

Sign-Off

• Technical Review: All checklist items verified by developer
• QA Testing: All user flows tested end-to-end
• Stakeholder Approval: Product owner approves deployment
• Deployment Window: Scheduled deployment time confirmed
• Team Notification: All stakeholders notified of deployment

Deployment Date: _________________

Deployed By: _________________

Verified By: _________________

---

Status: Ready for production deployment with 4 minor UX issues documented for future updates.