1 / 47

Checklist for Drupal site builder and web admin

Checklist for Drupal site builder and web admin. Adolfo G. Nasol http:// danreb.com. The Topic. I’ve got the idea after attending on the last Drupal PH meet-up ( Jan 14, 2011) These are my list of best practice ( I hope it is ) Drupal site building strategy

sol
Download Presentation

Checklist for Drupal site builder and web admin

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Checklist for Drupal site builder and web admin Adolfo G. Nasol http:// danreb.com

  2. The Topic • I’ve got the idea after attending on the last Drupal PH meet-up ( Jan 14, 2011) • These are my list of best practice ( I hope it is ) • Drupal site building strategy • Dedicated for web admin, site builder, Drupal themer and junior developer and Drupal newbie. • Purpose : to be able to hear feedback from fellow developer about their own strategy and practice.

  3. About Me • I am a Freelancer working as Drupal Site builder, Drupal Themer / Designer and Website admin • A total of 1 year and 39 weeks since I started using Drupal and registered as a member in PhDrug -> http://groups.drupal.org/philippines • Information and Communication Technology Student • Short Course trainers teaching Dreamweaver and Fireworks

  4. Category checklist • Deployment • Performance • Administration • Troubleshooting • Security

  5. Always check “Status report” PATH : /admin/reports/status Resolve any errors shown in status report Deployment : Check “Status report”

  6. Always check “Status report” PATH : /admin/reports/status/sql PATH : /admin/reports/status/php Status report page gives you a lot of useful information for troubleshooting your Drupal sites and it will allow you to resolve almost 90% of the problem of your Drupal sites just by resolving errors and issues found in this page. Deployment : Check “Status report”

  7. Check the “Site Information” • Check if all information define here is correct such as “E-mail address and Site name”. - use email address ending in sites domain • Set the default front page, slogan if needed, footer and mission statement • If you installed Poormans cron module, you can set the time interval in this page for running cron. Deployment : Check the “ Site Information”

  8. Check “User registration” settings Path : /admin/user/settings • The default value of Visitors can create accounts and no administrator approval is required is easily overlooked, and often undesired. Deployment : Check the “ User registration” settings

  9. Check “User registration” settings • If you disable the public registration and choose Only site administrators can create new user accounts you may also interested removing the link “Request new password” in the login block or page, the module “No request new password” will allow you to do this. Module Download URL : http://drupal.org/project/noreqnewpass Deployment : Check the “ User registration” settings

  10. Disallow odd usernames • If you enabled the public registration for your Drupal sites, It is recommended that you prevent users from registering on your website with some odd usernames like: root, admin, webmaster, administrator etc. • To prevent this from happening: - Go to Administer > User management > Access rules > Add rule - Set Access type to Deny - Set Rule type to Username - In Mask type root - Click the Add rule button • Repeat this for every username you don't want to be created on your site. Deployment : Disallow odd usernames

  11. Disallow odd usernames You can also add rule to disallow users who registered using disposable emails, or certain domain name. Deployment : Disallow odd usernames

  12. Confirm “Email” settings • Often, placeholder email addresses will be filled in during development, and should be updated before deployment. Try to start with the correct addresses from the beginning when possible. • In addition to Drupal's global site mail, email addresses is stored in a variety of places: The admin user's account, contact forms, webforms, ubercart etc. Deployment : Confirm “ Email” settings

  13. Confirm “Email” settings In every site I’ve maintain, I always set the notification for new security release to send updates to my email account , PATH -> /admin/reports/updates/settings Deployment : Confirm “ Email” settings

  14. Adjust “Database logging” row limit • The default row limit of 1000 can wrap quickly, database logging gives you information for vital debugging when you need it. The average row length is generally around 1kB, so you can boost this up to 100,000 rows and still leave you with a manageable watchdog table. Note : If your website is running on a shared hosting account, turning off database logging and automatic updates will speed up loading of your Drupal sites. PATH : /admin/settings/logging/dblog PATH : /admin/reports/dblog Deployment : Adjust “Database logging” row limit

  15. Use “PhpMyadmin” to remove database overhead, optimize and check your Drupal’s database regularly If you don’t regularly check your Drupal sites database, overhead will grow bigger and bigger in size and your site will slow down loading pages. Deployment and Performance : Use PhpMyadmin to repair and optimize Drupal database tables

  16. Set-up “Cron” • Easiest way is to install “Poormanscron” modules, download URL is - > http://drupal.org/project/poormanscron Then in “Site Information” page you can adjust the time intervals of your Drupal sites to run cron. You can also setup cron in your website cPanel, information on setting up cron can be found here : http://drupal.org/cron Poormanscron is now part of Drupal 7 Deployment : Set up cron : Install Poormanscron module

  17. Check “Error reporting ” page PATH : /admin/settings/error-reporting Deployment : Check “Error reporting “

  18. Error 403 and Error 404 pages • If you don’t want visitors trying to go to restricted directory redirected into user login page, then alternatively you can create a node with some extra information so that your visitors don't ever fall on the default blank 403 access denied page. • Create the node and remember its node ID • Go back to Administer > Site configuration > Error reporting • Set Default 403 (Access denied) page to the node ID you just created • Save your settings and repeat the same step for setting up Error 404 page. • If you want you can also use the Search 404 module , download URL : http://drupal.org/project/search404 Deployment : Error 403 and Error 404 pages

  19. Disable “Error reporting” • On a production site, it's best to suppress on-screen error reporting by choosing Write errors to the log. • - Go to Site configuration > • Error reporting • Set Error reporting list box • to Write errors to log • - Save configuration Deployment : Disable :Error reporting”

  20. Install Backup and Migrate I Use Backup and Migrate module to backup client Drupal database automatically Deployment : Install Backup and Migrate

  21. Install Backup and Migrate • - I Use Backup and Migrate module to easily extract database and migrate Drupal site. • - Then copy the sites folder • To the new server, excluding the file “settings.php” • Then restore or import the database into the new server Download URL : http://drupal.org/project/backup_migrate Deployment : Install Backup and Migrate

  22. Use “FireFTP” to synchronized and upload files Deployment : Use “FireFTP” to synchronized and upload files

  23. Use “FireFTP” to synchronized and upload files Download URL : http://fireftp.mozdev.org/ - FireFTP is an FTP clients extension for Mozilla Firefox Deployment : Use “FireFTP” to upload and synchronized files

  24. Install WYSIWYG for your site users or clients Deployment : Install WYSIWYG editor

  25. Install WYSIWYG for your site users or clients • I used the combination of the following modules : • CKEditor - http://drupal.org/project/ckeditor • CKEditor link - http://drupal.org/project/ckeditor_link • CKEditor SWF - http://drupal.org/project/ckeditor_swf • Image resize filter - http://drupal.org/project/image_resize_filter • IMCE - http://drupal.org/project/imce • IMCE Mkdir - http://drupal.org/project/imce_mkdir • IMCE Rename - http://drupal.org/project/imce_rename • IMCE Crop - http://drupal.org/project/imce_crop • Better Formats - http://drupal.org/project/better_formats WHEW! That’s a lot of modules! Deployment : Install WYSIWYG editor

  26. Don’t forget to set your “favicon” A – If your themes comes with a favicon icon. B – Or else you can upload image to be use as favicon I prefer to use the themes default favicon, I create favicon using the online generator at the URL : http://favicon-generator.org A B Deployment : Set your “favicon”

  27. Check modules and themes directory • Common mistakes for newbie is to put contributed modules and themes in the wrong directory. Don’t drop contributed modules and your custom theme in these Directory, this is for core modules And core theme only. Deployment : Check “modules and themes” directory

  28. Check modules and themes directory • Put it inside “sites/all/modules” for modules and “sites/all/themes” for your custom theme. You can drop your downloaded contributed modules and themes or custom modules and themes into these directory. You can create folder named “modules” or “themes” inside this 2 folder and drop your module or theme there. Deployment : Check “modules and themes” directory

  29. Check and set Caching mode PATH : /admin/settings/performance Deployment and Performance : Check and set Caching mode

  30. Set Page compression and Block Cache PATH : /admin/settings/performance Deployment and Performance : Set Page compression and Block cache

  31. Optimize and Gzip CSS and Javascript file PATH : /admin/settings/performance • - I use Javascript aggregator module to gzip and minify javascript. • URL to download: http://drupal.org/project/javascript_aggregator • - I use cssgzip module to gzip css file • URL to download : • http://drupal.org/project/css_gzip • For maximum performance , you can try to install also boost module • URL to download : • http://drupal.org/project/boost Deployment and Performance : Optimize and Gzip CSS and Javascript file

  32. Confirmation : before CSS and Javascript optimization That’s a lot of http request! Deployment and Performance : Before optimizing CSS and Javascript

  33. Confirmation : after optimization, only 2 http request, WOW what a great improvement! Deployment and Performance : Before optimizing CSS and Javascript

  34. Use “Web developer toolbar” to confirm css and javascript file compression Uncompressed size Compressed size Take note of the big difference in the file sizes, really cool! You can download Web Developer toolbar here URL : http://chrispederick.com/work/web-developer/ Deployment and Performance : Use “Web developer toolbar”

  35. Use “Yslow” to grade and check performance of your Drupal site You can download Yslow here in this URL : http://developer.yahoo.com/yslow/ Deployment and Performance : Use “Yslow”

  36. Test Performance and page speed using the free services of http://www.webpagetest.org According to survey, visitors go leave your site if it doesn’t load within 7 seconds Deployment and Performance : Use webpagetes.org website to measure page speed

  37. Check Module Page PATH : /admin/build/modules • Before deploying a site, disable all developer modules. Example : - views_ui - imagecache_ui - masquerade - devel - theme editor • Disable and uninstall module that your site don’t need. • If you delete previously installed modules, you may want to clean your Drupal site system table, use “System table cleaner” module. URL : http://drupal.org/project/system_table_cleaner Note : Drupal 7 already included system table cleaner functionality Deployment and Performance : Check Module Page

  38. Check “.htaccess” Decide whether to redirect your visitors to domain with www prefix or without www prefix, good for SEO Add configuration for ETag Deployment and SEO : Check “.htaccess”

  39. Enable Clean URL / check URL aliases • Enable path module and install pathauto. You may want to set update action in pathauto settings not to change the url alias if nodes are updated, this will avoid broken link and SEO Problem. PATH : /admin/build/path/settings You may also install “transliteration” module to handle sanitation of file names. Deployment and SEO : Enable clean URL / check URL aliases

  40. Ensure “settings.php” is write protected Make sure settings.php is set to read only Security : Ensure "settings.php" is write protected

  41. Protecting critical users • I use the following modules to protect critical users, for example the root user which is User 1 - Protect Critical User : this protect critical user from being deleted, URL : http://drupal.org/project/protect_critical_users - Permission Lock : I don’t want to allow my client to play with a bomb, so I restricted them from configuring explosive Drupal permission settings. URL : http://drupal.org/project/permissions_lock - User protect : Just like user protect but with more options and much more complicated configuration. URL : http://drupal.org/project/userprotect Security : Protecting critical users

  42. Disable user 1 • Be sure to have at least one user (other than uid 1) that has the permission administer users from user module. • Login with this account (again other than uid 1) • Go to Administer > User management > Users • Edit user with uid == 1 • Set Status to Blocked • Click Save • Now user 1 can't login to your website. No more risk for password discovery for this account. • Please note that you should check enabled modules code, sometimes they use user 1 to achieve some tasks. And this could break some modules features. So use with caution. Security : Protecting critical users

  43. Hide User 1 and change its user login name • Install User One module from http://drupal.org/project/userone This module will hide User 1 from user listing page and also control viewing and editing of user one account. It also allow user 1 to login with different name. Security : Protecting critical users

  44. Remove “.txt” files in the root directory You may upload and leave this txt file : robot.txt intact You can skip uploading all this txt files into your production server. Possible security threat according to some developer. Deployment and Security : Remove “.txt” files in the root directory

  45. Check allowed “Input format” Installed Better format module and you can set the default format for your users and also per content types URL : http://drupal.org/project/better_formats Deployment and Security : Check input format

  46. Check and configure permissions after enabling new modules Deployment and Security : Check Permissions

  47. ENDPresented by : Adolfo G. Nasol http://danreb.com09195951276YM : carnielshopSkype : danrebco END OF PRESENTATION : Drupalcamp 2011 Philippine Drupal User Groups

More Related