This document discusses best practices for maintaining a Drupal site over the long term, including training users and web teams, documentation, auditing, monitoring, security reviews, version and module updates, and community involvement. It emphasizes the importance of ongoing education, communication, documentation, prevention through auditing and monitoring, and keeping the site, modules, and themes up to date.

1. LA Drupal Camp 2012
Maintaining a Drupal Over the Longterm
Meghan Sweet (@meghsweet)
29 June, 2012

2. Site Launches!

3. Now What?

4. Empower Your Users

5. Drupal Web Team Training
• Learning Drupal Takes Time
• Train the Trainer
• Backup Expert Level Support
• Effective Documentation

6. Content Manager Training
• Onsite Training Sessions
• Help Videos
• FAQ / Forums
• Training Materials

7. Documentation
Extensive commenting
Onscreen help
Training Videos
FAQ Capture

8. Support Best Practices

9. Communication
Ticketing Tool
Expectation Management
Expect Ongoing Education

10. QA Best Practices
• Development, Testing & Production
• Stakeholder Sign-off by Review
• Regular Release Cycle
• Batch work

11. Audits and Monitoring
Prevention is better than cure

12. Auditing
Periodic Auditing is important!
Make a check-list.

13. Auditing Code Base
- Version Control
- Development Server Setup: Dev > Test > Prod
- Hacks- Hacked! module
- Custom Modules- what do they do?
- Contributed Modules- updates, errors?
- Drupal Core- update and/or upgrade?

14. Auditing Configuration
- Panels/Context/Display Suite, used properly?
- Live Updating? Feeds?
- Site Logs
- Permissions and Roles- PHP filter
- Spam Prevention
- Performance Optimization
- SEO: SEO Checklist Module

15. Auditing Theme
- Are themes up to date?
- Base Theme used? Or Hacked?
- Custom PHP logic in tpl files?
- Libraries and CSS structure
- Responsive- What techniques?
- Red flags- are tpl files out of control?

16. Monitoring
- Most of the time in recovery is figuring out what’s broken
- Monitor Trends

17. Monitoring
- Use Syslog to write Drupal logs to text file
- Monitor Servers, SEO
- Cron
-Total Admin Control or create admin views
- Drupalmonitor.com
- Are your admins educated?
- Every time you have an issue- start to monitor.
-Google Analytics

18. Security Review
- Most security holes are created in the configuration and
theme.
- Security Review module will help!

19. Security Review
- File system permissions
- Input format
- Content (nodes, comments and fields in Drupal 7)
- Error reporting
- Private file
- Allowed upload extension
- Database error
- Failed logins
- Drupal admin permissions
- Username as password
- Password included in user emails
- PHP access

20. Training is key.
Users need Drupal
awareness!

21. Detecting Problems
- Spam- number of nodes, emails being sent,
comments, users. (Good to know trends)
Mollom, Captcha, Admin Views
- Use Version Control to check diffs- revert
to good version
- Hacked! Module - switch to unhacked
contrib module
- Security Review Module will look for spam
in content.
- Use a good hosting company

22. Security & Module Updates
What to do with those error messages?

23. Updates
Keep on top of Updates- within 30 days
for security updates.
Read the update notes for non-security
updates.
Finding a bug in a contrib module.
Do Not Hack Core! No exceptions.
Planning for Custom Modules
Staying in tune with Advances in
Community Modules

24. Version Upgrades
Timing
Community Catch-up
New Modules
Consider a Rebuild?
Testing
What’s the plan?

25. Community Connection

26. Groups.Drupal.org
Internal Knowledge Sharing
Local User Group Meet-ups
Drupal Camps, Cons & Summits

27. Taking Over
Another’s Work

28. discovery
read the documentation
talk to all stakeholders
get clear line of sight to priorities
review the laundry list

29. Key Points
Continual Love & Attention
Keep Documentation Fresh
Use good communication and
feedback/QA tools
Foster Drupal Talent
Community Contribution

30. Thank You!
@meghsweet
@chapter_three