Your SlideShare is downloading. ×
  • Like
Drupal Checklist for Site Builder and Web admin
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Drupal Checklist for Site Builder and Web admin


I've discuss this presentation in the Business track of PhDrug : Philippine Drupal User Group DrupalCamp Manila Event this Feb 5 2011 in Makati Philippines

I've discuss this presentation in the Business track of PhDrug : Philippine Drupal User Group DrupalCamp Manila Event this Feb 5 2011 in Makati Philippines

Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads


Total Views
On SlideShare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide
  • Created and prepared by : Adolfo G. Nasol for Philippine Drupal User Group Drupal Camp events Feb 5 2011


  • 1. Checklist for Drupal site builder and web admin
    Adolfo G. Nasol
  • 2. The Topic
    I’ve got the idea after attending on the last Drupal PH meet-up ( Jan 14, 2011)
    These are my list of best practice ( I hope it is )
    Drupal site building strategy
    Dedicated for web admin, site builder, Drupal themer and junior developer and Drupal newbie.
    Purpose : to be able to hear feedback from fellow developer about their own strategy and practice.
  • 3. About Me
    I am a Freelancer working as Drupal Site builder, Drupal Themer / Designer and Website admin
    A total of 1 year and 39 weeks since I started using Drupal and registered as a member in PhDrug ->
    Information and Communication Technology Student
    Short Course trainers teaching Dreamweaver and Fireworks
  • 4. Category checklist
  • 5. Always check “Status report”
    Deployment : Check “Status report”
    PATH : /admin/reports/status
    Resolve any errors shown in status report
  • 6. Always check “Status report”
    Deployment : Check “Status report”
    PATH : /admin/reports/status/sql
    PATH : /admin/reports/status/php
    Status report page gives you a lot of useful information
    for troubleshooting your Drupal sites and it will allow you to resolve almost
    90% of the problem of your Drupal sites just by resolving errors and issues found in this page.
  • 7. Check the “Site Information”
    Check if all information define here is correct such as “E-mail address and Site name”.
    - use email address ending in sites domain
    Set the default front page, slogan if needed, footer and mission statement
    If you installed Poormans cron module, you can set the time interval in this page for running cron.
    Deployment : Check the “ Site Information”
  • 8. Check “User registration” settings
    Path : /admin/user/settings
    The default value of Visitors can create accounts and no administrator approval is required is easily overlooked, and often undesired.
    Deployment : Check the “ User registration” settings
  • 9. Check “User registration” settings
    If you disable the public registration and choose Only site administrators can create new user accounts you may also interested removing the link “Request new password” in the login block or page, the module “No request new password” will allow you to do this.
    Module Download URL :
    Deployment : Check the “ User registration” settings
  • 10. Disallow odd usernames
    If you enabled the public registration for your Drupal sites, It is recommended that you prevent users from registering on your website with some odd usernames like: root, admin, webmaster, administrator etc.
    To prevent this from happening:
    - Go to Administer > User management > Access rules > Add rule
    - Set Access type to Deny
    - Set Rule type to Username
    - In Mask type root
    - Click the Add rule button
    Repeat this for every username you don't want to be created on your site.
    Deployment : Disallow odd usernames
  • 11. Disallow odd usernames
    Deployment : Disallow odd usernames
    You can also add rule to disallow users who registered using disposable emails, or certain
    domain name.
  • 12. Confirm “Email” settings
    Often, placeholder email addresses will be filled in during development, and should be updated before deployment. Try to start with the correct addresses from the beginning when possible.
    In addition to Drupal's global site mail, email addresses is stored in a variety of places: The admin user's account, contact forms, webforms, ubercart etc.
    Deployment : Confirm “ Email” settings
  • 13. Confirm “Email” settings
    In every site I’ve maintain, I always set the notification for new security release to send updates to my email account , PATH -> /admin/reports/updates/settings
    Deployment : Confirm “ Email” settings
  • 14. Adjust “Database logging” row limit
    The default row limit of 1000 can wrap quickly, database logging gives you information for vital debugging when you need it. The average row length is generally around 1kB, so you can boost this up to 100,000 rows and still leave you with a manageable watchdog table.
    Note : If your website is running on a shared hosting account, turning off database logging and automatic updates will speed up
    loading of your Drupal sites.
    PATH : /admin/settings/logging/dblog
    PATH : /admin/reports/dblog
    Deployment : Adjust “Database logging” row limit
  • 15. Use “PhpMyadmin” to remove database overhead, optimize and check your Drupal’s database regularly
    If you don’t regularly
    check your Drupal
    sites database,
    overhead will grow
    bigger and bigger in
    size and your site
    will slow down
    loading pages.
    Deployment and Performance : Use PhpMyadmin to repair and optimize Drupal database tables
  • 16. Set-up “Cron”
    Easiest way is to install “Poormanscron” modules, download URL is - >
    Then in “Site Information” page you can
    adjust the time intervals of your Drupal sites to run cron.
    You can also setup cron in your website
    cPanel, information on setting up cron
    can be found here :
    Poormanscron is now part of Drupal 7
    Deployment : Set up cron : Install Poormanscron module
  • 17. Check “Error reporting ” page
    Deployment : Check “Error reporting “
    PATH : /admin/settings/error-reporting
  • 18. Error 403 and Error 404 pages
    If you don’t want visitors trying to go to restricted directory redirected into user login page, then alternatively you can create a node with some extra information so that your visitors don't ever fall on the default blank 403 access denied page.
    Create the node and remember its node ID
    Go back to Administer > Site configuration > Error reporting
    Set Default 403 (Access denied) page to the node ID you just created
    Save your settings and repeat the same step for setting up Error 404 page.
    If you want you can also use the Search 404 module , download URL :
    Deployment : Error 403 and Error 404 pages
  • 19. Disable “Error reporting”
    On a production site, it's best to suppress on-screen error reporting by choosing Write errors to the log.
    - Go to Site configuration >
    Error reporting
    • Set Error reporting list box
    to Write errors to log
    - Save configuration
    Deployment : Disable :Error reporting”
  • 20. Install Backup and Migrate
    Deployment : Install Backup and Migrate
    I Use Backup and Migrate module to backup client Drupal database automatically
  • 21. Install Backup and Migrate
    Deployment : Install Backup and Migrate
    - I Use Backup and Migrate module to easily extract database and migrate Drupal site.
    - Then copy the sites folder
    To the new server, excluding the file “settings.php”
    • Then restore or import the database into the new server
    Download URL :
  • 22. Use “FireFTP” to synchronized and upload files
    Deployment : Use “FireFTP” to synchronized and upload files
  • 23. Use “FireFTP” to synchronized and upload files
    Download URL :
    - FireFTP is an FTP clients extension for Mozilla Firefox
    Deployment : Use “FireFTP” to upload and synchronized files
  • 24. Install WYSIWYG for your site users or clients
    Deployment : Install WYSIWYG editor
  • 25. Install WYSIWYG for your site users or clients
    Deployment : Install WYSIWYG editor
    I used the combination of the following modules :
    • CKEditor -
    • 26. CKEditor link -
    • 27. CKEditor SWF -
    • 28. Image resize filter -
    • 29. IMCE -
    • 30. IMCE Mkdir -
    • 31. IMCE Rename -
    • 32. IMCE Crop -
    • 33. Better Formats -
    WHEW! That’s a lot of modules!
  • 34. Don’t forget to set your “favicon”
    Deployment : Set your “favicon”
    A – If your themes comes
    with a favicon icon.
    B – Or else you can upload
    image to be use as favicon
    I prefer to use the themes
    default favicon, I create
    favicon using the online
    generator at the URL :
  • 35. Check modules and themes directory
    Common mistakes for newbie is to put contributed modules and themes in the wrong directory.
    Don’t drop contributed modules
    and your custom theme in these
    Directory, this is for core modules
    And core theme only.
    Deployment : Check “modules and themes” directory
  • 36. Check modules and themes directory
    Put it inside “sites/all/modules” for modules and “sites/all/themes” for your custom theme.
    You can drop your downloaded contributed modules and themes or custom modules and themes into these directory.
    You can create folder named “modules” or “themes” inside this 2 folder and drop your module or theme there.
    Deployment : Check “modules and themes” directory
  • 37. Check and set Caching mode
    PATH : /admin/settings/performance
    Deployment and Performance : Check and set Caching mode
  • 38. Set Page compression and Block Cache
    PATH : /admin/settings/performance
    Deployment and Performance : Set Page compression and Block cache
  • 39. Optimize and Gzip CSS and Javascript file
    PATH : /admin/settings/performance
    - I use Javascript aggregator module to gzip and minify javascript.
    URL to download:
    - I use cssgzip module to gzip css file
    URL to download :
    • For maximum performance , you can try to install also boost module
    URL to download :
    Deployment and Performance : Optimize and Gzip CSS and Javascript file
  • 40. Confirmation : before CSS and Javascript optimization That’s a lot of http request!
    Deployment and Performance : Before optimizing CSS and Javascript
  • 41. Confirmation : after optimization, only 2 http request, WOW what a great improvement!
    Deployment and Performance : Before optimizing CSS and Javascript
  • 42. Use “Web developer toolbar” to confirm css and javascript file compression
    Uncompressed size
    Compressed size
    Take note of the big difference in the
    file sizes, really cool!
    You can download Web Developer toolbar here
    URL :
    Deployment and Performance : Use “Web developer toolbar”
  • 43. Use “Yslow” to grade and check performance of your Drupal site
    You can download Yslow here in this URL :
    Deployment and Performance : Use “Yslow”
  • 44. Test Performance and page speed using the free services of
    According to survey, visitors go leave your site if it doesn’t load within 7 seconds
    Deployment and Performance : Use website to measure page speed
  • 45. Check Module Page
    PATH : /admin/build/modules
    Before deploying a site, disable all developer modules.
    Example :
    - views_ui
    - imagecache_ui
    - masquerade
    - devel
    - theme editor
    Disable and uninstall module that your site don’t need.
    If you delete previously installed modules, you may want to clean your Drupal site system table, use “System table cleaner” module.
    URL :
    Note : Drupal 7 already included system table cleaner functionality
    Deployment and Performance : Check Module Page
  • 46. Check “.htaccess”
    Decide whether to redirect
    your visitors to domain with
    www prefix or without www
    prefix, good for SEO
    Add configuration for ETag
    Deployment and SEO : Check “.htaccess”
  • 47. Enable Clean URL / check URL aliases
    Enable path module and install pathauto.
    You may want to set update
    action in pathauto settings
    not to change the url alias
    if nodes are updated, this will
    avoid broken link and SEO
    PATH : /admin/build/path/settings
    You may also install “transliteration” module to handle sanitation of file names.
    Deployment and SEO : Enable clean URL / check URL aliases
  • 48. Ensure “settings.php” is write protected
    Make sure settings.php is set to read only
    Security : Ensure "settings.php" is write protected
  • 49. Protecting critical users
    I use the following modules to protect critical users, for example the root user which is User 1
    - Protect Critical User : this protect critical user from being deleted, URL :
    - Permission Lock : I don’t want to allow my client to play with a bomb, so I restricted them from configuring explosive Drupal permission settings. URL :
    - User protect : Just like user protect but with more options and much more complicated configuration. URL :
    Security : Protecting critical users
  • 50. Disable user 1
    Be sure to have at least one user (other than uid 1) that has the permission administer users from user module.
    Login with this account (again other than uid 1)
    Go to Administer > User management > Users
    Edit user with uid == 1
    Set Status to Blocked
    Click Save
    Now user 1 can't login to your website. No more risk for password discovery for this account.
    Please note that you should check enabled modules code, sometimes they use user 1 to achieve some tasks. And this could break some modules features. So use with caution.
    Security : Protecting critical users
  • 51. Hide User 1 and change its user login name
    Install User One module from
    This module will hide User 1
    from user listing page and
    also control viewing and
    editing of user one account.
    It also allow user 1 to login
    with different name.
    Security : Protecting critical users
  • 52. Remove “.txt” files in the root directory
    You may upload
    and leave this txt
    file : robot.txt
    You can skip uploading all this txt files
    into your production server. Possible
    security threat according to some
    Deployment and Security : Remove “.txt” files in the root directory
  • 53. Check allowed “Input format”
    Installed Better format module and you can set the default format for your users and also per content types
    URL :
    Deployment and Security : Check input format
  • 54. Check and configure permissions after enabling new modules
    Deployment and Security : Check Permissions
  • 55. ENDPresented by : Adolfo G. Nasol http://danreb.com09195951276YM : carnielshopSkype : danrebco
    END OF PRESENTATION : Drupalcamp 2011 Philippine Drupal User Groups