This is part of our WordPress Agency Acquisition Series. Be sure to view more insights we’ve shared on selling your WordPress agency.

Most of the conversation around agency acquisitions centers on the seller — how to prepare, how to price, how to transition. But due diligence is where deals are won or lost, and it’s the buyer’s responsibility to get it right. Whether you’re a first-time acquirer or a seller who wants to understand what a serious buyer will look for, this checklist covers the ground that matters most.

What Due Diligence Actually Means

Due diligence is the process of verifying everything a seller has told you before you close the deal. It’s not about distrust — it’s about making sure the business you’re buying matches the business you were shown. Done well, it protects both parties: the buyer gets an accurate picture of what they’re acquiring, and the seller demonstrates that their agency is exactly what they said it was.

At CyberOptik, we’ve been through this process more than a dozen times as acquirers. What follows is a practical breakdown of what we look at — and what sellers should be ready to show.

Start With the Right Mindset

Before diving into checklists, it’s worth framing how we approach due diligence. We’re not looking for reasons to kill a deal — we’re looking for an accurate picture of what we’re getting into. An issue that surfaces during due diligence isn’t automatically a dealbreaker; it’s information that helps us structure the right deal. A seller who is transparent about challenges is far easier to work with than one who oversells and underdelivers after close.

We also use every tool available to accelerate this process. Reviewing a seller’s website, portfolio, Google reviews, and backlink profile (tools like Ahrefs can even give you a rough estimate of their client list size) before the first conversation means we walk in informed — and it signals to the seller that we’re serious.

Financial Due Diligence

This is the foundation of any acquisition evaluation. Numbers that look good in a summary can tell a very different story when you dig in.

Revenue Quality — MRR First

The single most important financial filter is the nature of the revenue. Recurring revenue — hosting, care plans, retainers — is what gives an acquisition its value. Project-only revenue, where clients may not need work for another four to seven years, has little ongoing relationship stickiness and should be treated cautiously. If an agency has no recurring revenue at all, it may be better structured as a referral or commission arrangement rather than a full acquisition.

Acceptable billing cadences for recurring revenue: monthly, quarterly, semi-annual, or annual. Anything less frequent than annual is a red flag worth investigating.

  • At least 24 months of profit and loss statements
  • Clear breakdown of MRR vs. one-time project revenue
  • Revenue concentration — what percentage comes from the top 3 clients?
  • Any seasonal patterns or recent anomalies in revenue
  • Outstanding invoices and accounts receivable aging

High revenue concentration is one of the most common risk factors we encounter. If 40% of an agency’s revenue comes from a single client, that’s not just a valuation issue — it’s a business continuity question. Our post on valuing your WordPress agency explains how these factors affect your multiple.

Expenses and Liabilities

  • Monthly operating costs broken down by category
  • Software subscriptions and tool costs — which are transferable, and which are tied to the seller’s accounts?
  • Plugin licenses — are any of these lifetime deals (LTDs) that can be absorbed into your existing stack?
  • Any outstanding loans, lines of credit, or deferred payments
  • Pending disputes, refund obligations, or legal exposure

One often-overlooked point: if you as the buyer already own a license for a tool the acquired agency uses (Gravity Forms, WP Rocket, etc.), that expense disappears from the cost side — which is a genuine value-add you can factor into your offer.

Client Due Diligence

An agency’s client list is often its most valuable asset — and the most fragile. This section is about understanding the real health of those relationships, not just the revenue they represent.

Contract Review

  • Are clients on signed contracts or informal arrangements?
  • What are the notice periods and cancellation terms?
  • Are there any contracts with change-of-ownership clauses that could trigger cancellation?
  • Are retainer clients billed monthly, quarterly, or annually — and how far out are they paid?

Service Stickiness

Not all recurring revenue is created equal. Hosting is the gold standard — a client who cancels hosting loses their website, so the friction to leave is extremely high. Care plans are good but somewhat less sticky; a client can cancel without immediate consequence. Marketing retainers (SEO, PPC, social) carry the highest churn risk post-acquisition — clients are more involved, results take time, and a new provider creates uncertainty. Know what type of recurring revenue you’re actually acquiring.

Relationship Health

  • How long has each major client been with the agency?
  • When did the seller last speak with each top-10 client?
  • Are there any clients with open complaints, disputes, or dissatisfaction on record?
  • What is the client churn rate over the past 12–24 months?

Understanding the role of the buyer and seller in the transition is critical here — how the seller communicates the change to clients is often the difference between retention and churn. The closing rate with existing clients is 60–70%; with new prospects it’s 5–20%. Protecting that relationship equity is a financial priority, not just a courtesy.

Operational Due Diligence

You’re not just buying revenue — you’re buying a business that needs to keep running on day one after closing.

Team and Staffing

  • Who are the key people, and are they employees or contractors?
  • Are any team members likely to leave if the agency changes hands?
  • Is there any single person — including the owner — who is a critical operational dependency?
  • Are there signed NDAs, non-solicitation agreements, or IP assignment agreements in place?

The “key person” question deserves special attention. An agency where everything runs through the owner’s head is a higher-risk acquisition — not because the owner is doing anything wrong, but because the knowledge transfer required is substantially larger. This is also worth understanding from a seller’s perspective: agencies where the owner has successfully removed themselves from day-to-day operations command a premium. We cover this in depth on the seller side in our guide on how to prepare your WordPress agency for selling.

Processes and Documentation

  • Are there written SOPs for core functions — client onboarding, project delivery, support escalation?
  • Is the project management system organized and accessible?
  • How is client communication documented and stored?
  • Are there guidebooks or internal reference documents for recurring tasks?

Sellers who haven’t documented their operations aren’t automatically disqualified — but it affects risk, and therefore the deal structure and valuation. What we look for is a business someone else could figure out. If the answer is “not without six months of handholding,” we adjust accordingly.

Technical Due Diligence

For a WordPress agency, the technical stack matters — both as a reflection of quality and as a transition risk factor.

Platform and CMS

We evaluate every acquisition against what platforms we’re actually equipped to support. For WordPress-focused shops this is straightforward, but it’s worth understanding what page builders are in use (Divi, Elementor, WP Bakery, Gutenberg, Avada) and whether any sites sit on legacy or proprietary CMS platforms that would require migration. Platform migrations can actually become a unique value-creating part of a deal structure — we’ve completed acquisitions specifically to migrate clients off proprietary systems onto WordPress.

Hosting Infrastructure

  • What hosting providers are in use, and are accounts transferable?
  • Are client sites on managed WordPress hosting or shared environments?
  • Are there sites on outdated PHP versions, deprecated plugins, or unsupported themes?
  • Is there a documented backup and recovery process for client sites?

Tools and Licensing

  • What premium plugins, themes, or tools are in use — and are licenses transferable?
  • Are there custom-built tools or proprietary code that need to be accounted for?
  • What project management, billing, and CRM platforms are in use?
  • Are there any SaaS accounts generating ongoing revenue (e.g., privacy compliance tools, plugin license reseller arrangements)?

Assets Beyond the Client List

A thorough buyer looks beyond the revenue and the clients. Here’s what else is actually on the table in most acquisitions:

  • The agency website — if it generates organic traffic or leads, keep it live; if not, 301 redirect it
  • Google Business Profile and accumulated reviews
  • Client asset libraries — logos, stock photos, branding files
  • Proposal history — win/loss documents that reveal pricing strategies and potential upsell opportunities
  • Agency email accounts — forwarding these into a dedicated inbox can surface business opportunities long after close
  • Social media accounts and any associated audience

Don’t underestimate the proposal archive in particular. Former prospects who were quoted but never converted are warm leads — they already expressed interest and evaluated the agency once.

Legal and Compliance Due Diligence

  • Is the business properly registered and in good standing?
  • Are there any pending or threatened legal actions?
  • Are client data handling practices GDPR and privacy law compliant?
  • Are there any intellectual property claims or disputes around work product?
  • Who owns the agency’s brand assets, domain, and social accounts?

On the legal documentation side: for smaller acquisitions, a simplified acquisition agreement — essentially a clear scope of work outlining the book of business, assets included, and payment structure — is often sufficient. For larger deals, a Letter of Intent followed by a full acquisition agreement reviewed by an attorney is worth the investment. If you’re doing multiple acquisitions, having an attorney review your template once pays for itself many times over.

What Sellers Should Know

If you’re a seller reading this checklist, use it as your preparation guide. Every item a buyer has to chase down is friction that slows the deal — or kills it. The sellers who close fastest and at the best terms walk into due diligence with clean, organized documentation already ready to share.

Our post on mitigating risks when selling your WordPress agency covers many of these areas from the seller’s perspective, and our what not to do guide addresses the mistakes that most commonly derail deals during this phase.

Due diligence doesn’t have to be adversarial. When both sides approach it with transparency and preparation, it becomes the foundation of a transition that works — for the buyer, the seller, and most importantly, the clients.

Thinking about selling your WordPress agency and want to know what a due diligence process with CyberOptik actually looks like? Reach out here — we’re happy to walk you through it.