This document discusses best practices for maintaining a Drupal site over the long term, including training users and web teams, documentation, auditing, monitoring, security reviews, version and module updates, and community involvement. It emphasizes the importance of ongoing education, communication, documentation, prevention through auditing and monitoring, and keeping the site, modules, and themes up to date.
13. Auditing Code Base
- Version Control
- Development Server Setup: Dev > Test > Prod
- Hacks- Hacked! module
- Custom Modules- what do they do?
- Contributed Modules- updates, errors?
- Drupal Core- update and/or upgrade?
14. Auditing Configuration
- Panels/Context/Display Suite, used properly?
- Live Updating? Feeds?
- Site Logs
- Permissions and Roles- PHP filter
- Spam Prevention
- Performance Optimization
- SEO: SEO Checklist Module
15. Auditing Theme
- Are themes up to date?
- Base Theme used? Or Hacked?
- Custom PHP logic in tpl files?
- Libraries and CSS structure
- Responsive- What techniques?
- Red flags- are tpl files out of control?
16. Monitoring
- Most of the time in recovery is figuring out what’s broken
- Monitor Trends
17. Monitoring
- Use Syslog to write Drupal logs to text file
- Monitor Servers, SEO
- Cron
-Total Admin Control or create admin views
- Drupalmonitor.com
- Are your admins educated?
- Every time you have an issue- start to monitor.
-Google Analytics
18. Security Review
- Most security holes are created in the configuration and
theme.
- Security Review module will help!
19. Security Review
- File system permissions
- Input format
- Content (nodes, comments and fields in Drupal 7)
- Error reporting
- Private file
- Allowed upload extension
- Database error
- Failed logins
- Drupal admin permissions
- Username as password
- Password included in user emails
- PHP access
21. Detecting Problems
- Spam- number of nodes, emails being sent,
comments, users. (Good to know trends)
Mollom, Captcha, Admin Views
- Use Version Control to check diffs- revert
to good version
- Hacked! Module - switch to unhacked
contrib module
- Security Review Module will look for spam
in content.
- Use a good hosting company
23. Updates
Keep on top of Updates- within 30 days
for security updates.
Read the update notes for non-security
updates.
Finding a bug in a contrib module.
Do Not Hack Core! No exceptions.
Planning for Custom Modules
Staying in tune with Advances in
Community Modules
29. Key Points
Continual Love & Attention
Keep Documentation Fresh
Use good communication and
feedback/QA tools
Foster Drupal Talent
Community Contribution