Drupal Checklist for Site Builder and Web admin
-
Upload
adolfo-nasol -
Category
Technology
-
view
4.178 -
download
6
description
Transcript of Drupal Checklist for Site Builder and Web admin
Checklist for Drupal site builder and web admin
Adolfo G. Nasolhttp:// danreb.com
The Topic• I’ve got the idea after attending on the
last Drupal PH meet-up ( Jan 14, 2011)• These are my list of best practice ( I hope
it is )• Drupal site building strategy• Dedicated for web admin, site builder,
Drupal themer and junior developer and Drupal newbie.
• Purpose : to be able to hear feedback from fellow developer about their own strategy and practice.
About Me• I am a Freelancer working as Drupal Site
builder, Drupal Themer / Designer and Website admin
• A total of 1 year and 39 weeks since I started using Drupal and registered as a member in PhDrug -> http://groups.drupal.org/philippines
• Information and Communication Technology Student
• Short Course trainers teaching Dreamweaver and Fireworks
Category checklist
• Deployment • Performance • Administration • Troubleshooting• Security
Deployment : Check “Status report”
Always check “Status report”
Resolve any errors shown in status report
PATH : /admin/reports/status
Deployment : Check “Status report”
Always check “Status report”
Status report page gives you a lot of useful informationfor troubleshooting your Drupal sites and it will allow you to resolve almost 90% of the problem of your Drupal sites just by resolving errors and issues found in this page.
PATH : /admin/reports/status/sqlPATH : /admin/reports/status/php
Check the “Site Information”
• Check if all information define here is correct such as “E-mail address and Site name”.
- use email address ending in sites domain
• Set the default front page, slogan if needed, footer and mission statement
• If you installed Poormans cron module, you can set the time interval in this page for running cron.
Deployment : Check the “ Site Information”
Check “User registration” settings
• The default value of Visitors can create accounts and no administrator approval is required is easily overlooked, and often undesired. Deployment : Check the “ User registration” settings
Path : /admin/user/settings
Check “User registration” settings• If you disable the public registration and choose Only site
administrators can create new user accounts you may also interested removing the link “Request new password” in the login block or page, the module “No request new password” will allow you to do this.
Deployment : Check the “ User registration” settings
Module Download URL : http://drupal.org/project/noreqnewpass
Deployment : Disallow odd usernames
Disallow odd usernames• If you enabled the public registration for your Drupal
sites, It is recommended that you prevent users from registering on your website with some odd usernames like: root, admin, webmaster, administrator etc.
• To prevent this from happening: - Go to Administer > User management >
Access rules > Add rule - Set Access type to Deny - Set Rule type to Username - In Mask type root - Click the Add rule button• Repeat this for every username you don't want to
be created on your site.
Deployment : Disallow odd usernames
Disallow odd usernames
You can also add rule to disallow users who registered using disposable emails, or certaindomain name.
Confirm “Email” settings• Often, placeholder email addresses will be
filled in during development, and should be updated before deployment. Try to start with the correct addresses from the beginning when possible.
• In addition to Drupal's global site mail, email addresses is stored in a variety of places: The admin user's account, contact forms, webforms, ubercart etc.
Deployment : Confirm “ Email” settings
Confirm “Email” settings
Deployment : Confirm “ Email” settings
In every site I’ve maintain, I always set the notification for new security release to send updates to my email account , PATH -> /admin/reports/updates/settings
Adjust “Database logging” row limit• The default row limit of 1000 can wrap quickly, database logging gives you
information for vital debugging when you need it. The average row length is generally around 1kB, so you can boost this up to 100,000 rows and still leave you with a manageable watchdog table.
Deployment : Adjust “Database logging” row limit
PATH : /admin/settings/logging/dblogPATH : /admin/reports/dblog
Note : If your website is running on a shared hosting account, turning off database logging and automatic updates will speed uploading of your Drupal sites.
Use “PhpMyadmin” to remove database overhead, optimize and check your
Drupal’s database regularly
Deployment and Performance : Use PhpMyadmin to repair and optimize Drupal database tables
If you don’t regularlycheck your Drupalsites database, overhead will growbigger and bigger insize and your sitewill slow down loading pages.
Set-up “Cron” • Easiest way is to install “Poormanscron” modules,
download URL is - > http://drupal.org/project/poormanscron
Deployment : Set up cron : Install Poormanscron module
Then in “Site Information” page you canadjust the time intervals of your Drupal sites to run cron.
You can also setup cron in your websitecPanel, information on setting up croncan be found here :http://drupal.org/cron
Poormanscron is now part of Drupal 7
Deployment : Check “Error reporting “
Check “Error reporting ” pagePATH : /admin/settings/error-reporting
Error 403 and Error 404 pages
Deployment : Error 403 and Error 404 pages
• If you don’t want visitors trying to go to restricted directory redirected into user login page, then alternatively you can create a node with some extra information so that your visitors don't ever fall on the default blank 403 access denied page.
• Create the node and remember its node ID• Go back to Administer > Site configuration > Error reporting• Set Default 403 (Access denied) page to the node ID you
just created• Save your settings and repeat the same step for setting up
Error 404 page.• If you want you can also use the Search 404 module , download
URL : http://drupal.org/project/search404
Disable “Error reporting”
Deployment : Disable :Error reporting”
• On a production site, it's best to suppress on-screen error reporting by choosing Write errors to the log.
- Go to Site configuration > Error reporting- Set Error reporting list box to Write errors to log- Save configuration
Deployment : Install Backup and Migrate
Install Backup and Migrate
I Use Backup and Migrate module to backup client Drupal database automatically
Deployment : Install Backup and Migrate
Install Backup and Migrate - I Use Backup and Migrate module to easily extract database and migrate Drupal site.
- Then copy the sites folder To the new server, excluding the file “settings.php”
-Then restore or import the database into the new server
Download URL : http://drupal.org/project/backup_migrate
Use “FireFTP” to synchronized and upload files
Deployment : Use “FireFTP” to synchronized and upload files
Use “FireFTP” to synchronized and upload files
Deployment : Use “FireFTP” to upload and synchronized files
Download URL : http://fireftp.mozdev.org/ - FireFTP is an FTP clients extension for Mozilla Firefox
Deployment : Install WYSIWYG editor
Install WYSIWYG for your site users or clients
Deployment : Install WYSIWYG editor
Install WYSIWYG for your site users or clients
I used the combination of the following modules :
• CKEditor - http://drupal.org/project/ckeditor• CKEditor link - http://drupal.org/project/ckeditor_link• CKEditor SWF - http://drupal.org/project/ckeditor_swf• Image resize filter - http://drupal.org/project/image_resize_filter• IMCE - http://drupal.org/project/imce• IMCE Mkdir - http://drupal.org/project/imce_mkdir• IMCE Rename - http://drupal.org/project/imce_rename• IMCE Crop - http://drupal.org/project/imce_crop• Better Formats - http://drupal.org/project/better_formats
WHEW! That’s a lot of modules!
Deployment : Set your “favicon”
Don’t forget to set your “favicon”
A
B
A – If your themes comeswith a favicon icon.
B – Or else you can uploadimage to be use as favicon
I prefer to use the themesdefault favicon, I createfavicon using the onlinegenerator at the URL :http://favicon-generator.org
Check modules and themes directory
• Common mistakes for newbie is to put contributed modules and themes in the wrong directory.
Deployment : Check “modules and themes” directory
Don’t drop contributed modulesand your custom theme in theseDirectory, this is for core modulesAnd core theme only.
Check modules and themes directory
• Put it inside “sites/all/modules” for modules and “sites/all/themes” for your custom theme.
Deployment : Check “modules and themes” directory
You can drop your downloaded contributed modules and themes or custom modules and themes into these directory.
You can create folder named “modules” or “themes” inside this 2 folder and drop your module or theme there.
Check and set Caching mode
Deployment and Performance : Check and set Caching mode
PATH : /admin/settings/performance
Set Page compression and Block Cache
Deployment and Performance : Set Page compression and Block cache
PATH : /admin/settings/performance
Optimize and Gzip CSS and Javascript file
Deployment and Performance : Optimize and Gzip CSS and Javascript file
PATH : /admin/settings/performance
- I use Javascript aggregator module to gzip and minify javascript.URL to download: http://drupal.org/project/javascript_aggregator
- I use cssgzip module to gzip css fileURL to download :http://drupal.org/project/css_gzip
- For maximum performance , you can try to install also boost moduleURL to download :http://drupal.org/project/boost
Confirmation : before CSS and Javascript optimization That’s a lot of http request!
Deployment and Performance : Before optimizing CSS and Javascript
Confirmation : after optimization, only 2 http request, WOW what a great improvement!
Deployment and Performance : Before optimizing CSS and Javascript
Use “Web developer toolbar” to confirm css and javascript file compression
Deployment and Performance : Use “Web developer toolbar”
Uncompressed size
Compressed sizeTake note of the big difference in thefile sizes, really cool!
You can download Web Developer toolbar hereURL : http://chrispederick.com/work/web-developer/
Use “Yslow” to grade and check performance of your Drupal site
Deployment and Performance : Use “Yslow”
You can download Yslow here in this URL : http://developer.yahoo.com/yslow/
Test Performance and page speed using the free services of http://www.webpagetest.org
Deployment and Performance : Use webpagetes.org website to measure page speed
According to survey, visitors go leave your site if it doesn’t load within 7 seconds
Check Module Page• Before deploying a site, disable all developer modules. Example : - views_ui - imagecache_ui - masquerade - devel - theme editor• Disable and uninstall module that your site don’t need.• If you delete previously installed modules, you may want
to clean your Drupal site system table, use “System table cleaner” module.
URL : http://drupal.org/project/system_table_cleanerNote : Drupal 7 already included system table cleaner
functionality Deployment and Performance : Check Module Page
PATH : /admin/build/modules
Check “.htaccess”
Deployment and SEO : Check “.htaccess”
Add configuration for ETag
Decide whether to redirectyour visitors to domain withwww prefix or without wwwprefix, good for SEO
Enable Clean URL / check URL aliases
• Enable path module and install pathauto.
Deployment and SEO : Enable clean URL / check URL aliases
You may also install “transliteration” module to handle sanitation of file names.
You may want to set updateaction in pathauto settingsnot to change the url aliasif nodes are updated, this willavoid broken link and SEO Problem.
PATH : /admin/build/path/settings
Ensure “settings.php” is write protected
Security : Ensure "settings.php" is write protected
Make sure settings.php is set to read only
Protecting critical users • I use the following modules to protect critical users, for
example the root user which is User 1 - Protect Critical User : this protect critical user from
being deleted, URL : http://drupal.org/project/protect_critical_users
- Permission Lock : I don’t want to allow my client to play with a bomb, so I restricted them from configuring explosive Drupal permission settings. URL : http://drupal.org/project/permissions_lock
- User protect : Just like user protect but with more
options and much more complicated configuration. URL : http://drupal.org/project/userprotect
Security : Protecting critical users
Disable user 1• Be sure to have at least one user (other than uid 1) that
has the permission administer users from user module.• Login with this account (again other than uid 1)• Go to Administer > User management > Users• Edit user with uid == 1• Set Status to Blocked• Click Save• Now user 1 can't login to your website. No more risk for
password discovery for this account.• Please note that you should check enabled modules code,
sometimes they use user 1 to achieve some tasks. And this could break some modules features. So use with caution.
Security : Protecting critical users
Hide User 1 and change its user login name
• Install User One module from http://drupal.org/project/userone
This module will hide User 1 from user listing page and also control viewing and editing of user one account.
It also allow user 1 to loginwith different name.
Security : Protecting critical users
Remove “.txt” files in the root directory
Deployment and Security : Remove “.txt” files in the root directory
You can skip uploading all this txt files into your production server. Possiblesecurity threat according to some developer.
You may upload and leave this txt file : robot.txtintact
Check allowed “Input format”
Deployment and Security : Check input format
Installed Better format module and you can set the default format for your users and also per content types
URL : http://drupal.org/project/better_formats
Check and configure permissions after enabling new modules
Deployment and Security : Check Permissions
END OF PRESENTATION : Drupalcamp 2011 Philippine Drupal User Groups
END
Presented by : Adolfo G. Nasol
http://danreb.com09195951276
YM : carnielshopSkype : danrebco