Checklist for Drupal site builder and web admin<br />Adolfo G. Nasol<br />http:// danreb.com<br />
The Topic<br />I’ve got the idea after attending on the last Drupal PH meet-up ( Jan 14, 2011)<br />These are my list of b...
About Me<br />I am a Freelancer working as Drupal Site builder, Drupal Themer / Designer and Website admin<br />A total of...
Category checklist<br />Deployment <br />Performance <br />Administration <br />Troubleshooting<br />Security<br />
Always check “Status report”<br />Deployment : Check “Status report”<br />PATH :  /admin/reports/status<br />Resolve any e...
Always check “Status report”<br />Deployment : Check “Status report”<br />PATH :  /admin/reports/status/sql<br />PATH :  /...
Check the  “Site Information”<br />Check if all information define here is correct such as “E-mail address and Site name”....
Check “User registration” settings<br />Path :  /admin/user/settings<br />The default value of Visitors can create account...
Check “User registration” settings<br />If you disable the public registration and choose Only site administrators can cre...
Disallow odd usernames<br />If you enabled the public registration for your Drupal sites, It is recommended that you preve...
Disallow odd usernames<br />Deployment : Disallow odd usernames<br />You can also add rule to disallow users who registere...
Confirm “Email” settings<br />Often, placeholder email addresses will be filled in during development, and should be updat...
Confirm “Email” settings<br />In every site I’ve maintain, I always set the notification for new security release to send ...
Adjust “Database logging” row limit<br />The default row limit of 1000 can wrap quickly, database logging gives you inform...
Use “PhpMyadmin”  to remove database overhead, optimize and check your Drupal’s database regularly<br />If you don’t regul...
Set-up “Cron” <br />Easiest way is to install “Poormanscron” modules, download URL is - > http://drupal.org/project/poorma...
Check “Error reporting ” page<br />Deployment :  Check “Error reporting “<br />PATH : /admin/settings/error-reporting<br />
 Error 403 and Error 404  pages<br />If you don’t want visitors trying to go to restricted directory redirected into user ...
 Disable “Error reporting”<br />On a production site, it's best to suppress on-screen error reporting by choosing Write er...
Install Backup and Migrate<br />Deployment : Install Backup and Migrate<br />I Use Backup and Migrate module to backup cli...
Install Backup and Migrate<br />Deployment : Install Backup and Migrate<br /> - I Use Backup and Migrate module to easily ...
Use “FireFTP” to synchronized and upload files<br />Deployment : Use “FireFTP” to synchronized and upload files<br />
Use “FireFTP” to synchronized and upload files<br />Download URL : http://fireftp.mozdev.org/<br />    - FireFTP is an FTP...
Install WYSIWYG for your site users or clients<br />Deployment : Install WYSIWYG  editor<br />
Install WYSIWYG for your site users or clients<br />Deployment : Install WYSIWYG  editor<br />I used the combination of th...
  CKEditor link  - http://drupal.org/project/ckeditor_link
  CKEditor SWF - http://drupal.org/project/ckeditor_swf
  Image resize filter - http://drupal.org/project/image_resize_filter
  IMCE - http://drupal.org/project/imce
  IMCE Mkdir - http://drupal.org/project/imce_mkdir
  IMCE Rename - http://drupal.org/project/imce_rename
  IMCE Crop - http://drupal.org/project/imce_crop
  Better Formats - http://drupal.org/project/better_formats</li></ul>WHEW! That’s a lot of modules!<br />
Don’t forget to set your “favicon”<br />Deployment :  Set your “favicon”<br />A – If your themes comes<br />with a favicon...
Check modules and themes directory<br />Common mistakes for newbie is to put contributed modules and themes in the wrong d...
Check modules and themes directory<br />Put it inside “sites/all/modules”  for modules and “sites/all/themes” for your cus...
Check and set Caching mode<br />PATH :  /admin/settings/performance<br />Deployment  and Performance :  Check  and set Cac...
Set Page compression and Block Cache<br />PATH :  /admin/settings/performance<br />Deployment  and Performance :  Set Page...
Optimize and Gzip CSS and Javascript file<br />PATH :  /admin/settings/performance<br /> - I use Javascript aggregator mod...
Confirmation : before CSS and Javascript optimization That’s a lot of http request!<br />Deployment  and Performance :  Be...
Confirmation : after optimization, only 2 http request, WOW what a great improvement!<br />Deployment  and Performance :  ...
Use “Web developer toolbar” to confirm css and javascript file compression<br />Uncompressed size<br />Compressed size<br ...
Use “Yslow” to grade and check performance of your Drupal site <br />You can download Yslow here in this URL :  http://dev...
Test  Performance and page speed using the free services of http://www.webpagetest.org<br />According to survey, visitors ...
Check Module Page<br />PATH :  /admin/build/modules<br />Before deploying a site, disable all developer modules.<br />    ...
Check “.htaccess”<br />Decide whether to redirect<br />your visitors to domain with<br />www prefix or without www<br />pr...
Enable Clean URL / check URL aliases<br />Enable path module and install pathauto.<br />You may want to set update<br />ac...
Upcoming SlideShare
Loading in...5
×

Drupal Checklist for Site Builder and Web admin

4,232

Published on

I've discuss this presentation in the Business track of PhDrug : Philippine Drupal User Group DrupalCamp Manila Event this Feb 5 2011 in Makati Philippines

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
4,232
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
59
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide
  • Created and prepared by : Adolfo G. Nasol for Philippine Drupal User Group Drupal Camp events Feb 5 2011
  • Drupal Checklist for Site Builder and Web admin

    1. 1. Checklist for Drupal site builder and web admin<br />Adolfo G. Nasol<br />http:// danreb.com<br />
    2. 2. The Topic<br />I’ve got the idea after attending on the last Drupal PH meet-up ( Jan 14, 2011)<br />These are my list of best practice ( I hope it is )<br />Drupal site building strategy<br />Dedicated for web admin, site builder, Drupal themer and junior developer and Drupal newbie.<br />Purpose : to be able to hear feedback from fellow developer about their own strategy and practice.<br />
    3. 3. About Me<br />I am a Freelancer working as Drupal Site builder, Drupal Themer / Designer and Website admin<br />A total of 1 year and 39 weeks since I started using Drupal and registered as a member in PhDrug -> http://groups.drupal.org/philippines<br />Information and Communication Technology Student<br />Short Course trainers teaching Dreamweaver and Fireworks<br />
    4. 4. Category checklist<br />Deployment <br />Performance <br />Administration <br />Troubleshooting<br />Security<br />
    5. 5. Always check “Status report”<br />Deployment : Check “Status report”<br />PATH : /admin/reports/status<br />Resolve any errors shown in status report<br />
    6. 6. Always check “Status report”<br />Deployment : Check “Status report”<br />PATH : /admin/reports/status/sql<br />PATH : /admin/reports/status/php<br />Status report page gives you a lot of useful information<br />for troubleshooting your Drupal sites and it will allow you to resolve almost <br />90% of the problem of your Drupal sites just by resolving errors and issues found in this page.<br />
    7. 7. Check the “Site Information”<br />Check if all information define here is correct such as “E-mail address and Site name”.<br /> - use email address ending in sites domain<br /> Set the default front page, slogan if needed, footer and mission statement<br />If you installed Poormans cron module, you can set the time interval in this page for running cron.<br />Deployment : Check the “ Site Information”<br />
    8. 8. Check “User registration” settings<br />Path : /admin/user/settings<br />The default value of Visitors can create accounts and no administrator approval is required is easily overlooked, and often undesired.<br />Deployment : Check the “ User registration” settings<br />
    9. 9. Check “User registration” settings<br />If you disable the public registration and choose Only site administrators can create new user accounts you may also interested removing the link “Request new password” in the login block or page, the module “No request new password” will allow you to do this.<br />Module Download URL : http://drupal.org/project/noreqnewpass<br />Deployment : Check the “ User registration” settings<br />
    10. 10. Disallow odd usernames<br />If you enabled the public registration for your Drupal sites, It is recommended that you prevent users from registering on your website with some odd usernames like: root, admin, webmaster, administrator etc.<br />To prevent this from happening:<br /> - Go to Administer > User management > Access rules > Add rule<br /> - Set Access type to Deny<br /> - Set Rule type to Username<br /> - In Mask type root<br /> - Click the Add rule button<br />Repeat this for every username you don't want to be created on your site.<br />Deployment : Disallow odd usernames<br />
    11. 11. Disallow odd usernames<br />Deployment : Disallow odd usernames<br />You can also add rule to disallow users who registered using disposable emails, or certain<br />domain name.<br />
    12. 12. Confirm “Email” settings<br />Often, placeholder email addresses will be filled in during development, and should be updated before deployment. Try to start with the correct addresses from the beginning when possible.<br /> In addition to Drupal's global site mail, email addresses is stored in a variety of places: The admin user's account, contact forms, webforms, ubercart etc.<br />Deployment : Confirm “ Email” settings<br />
    13. 13. Confirm “Email” settings<br />In every site I’ve maintain, I always set the notification for new security release to send updates to my email account , PATH -> /admin/reports/updates/settings<br />Deployment : Confirm “ Email” settings<br />
    14. 14. Adjust “Database logging” row limit<br />The default row limit of 1000 can wrap quickly, database logging gives you information for vital debugging when you need it. The average row length is generally around 1kB, so you can boost this up to 100,000 rows and still leave you with a manageable watchdog table.<br />Note : If your website is running on a shared hosting account, turning off database logging and automatic updates will speed up<br />loading of your Drupal sites. <br />PATH : /admin/settings/logging/dblog<br />PATH : /admin/reports/dblog<br />Deployment : Adjust “Database logging” row limit<br />
    15. 15. Use “PhpMyadmin” to remove database overhead, optimize and check your Drupal’s database regularly<br />If you don’t regularly<br />check your Drupal<br />sites database, <br />overhead will grow<br />bigger and bigger in<br />size and your site<br />will slow down <br />loading pages.<br />Deployment and Performance : Use PhpMyadmin to repair and optimize Drupal database tables <br />
    16. 16. Set-up “Cron” <br />Easiest way is to install “Poormanscron” modules, download URL is - > http://drupal.org/project/poormanscron<br />Then in “Site Information” page you can<br />adjust the time intervals of your Drupal sites to run cron.<br />You can also setup cron in your website<br />cPanel, information on setting up cron<br />can be found here :<br />http://drupal.org/cron<br />Poormanscron is now part of Drupal 7<br />Deployment : Set up cron : Install Poormanscron module<br />
    17. 17. Check “Error reporting ” page<br />Deployment : Check “Error reporting “<br />PATH : /admin/settings/error-reporting<br />
    18. 18. Error 403 and Error 404 pages<br />If you don’t want visitors trying to go to restricted directory redirected into user login page, then alternatively you can create a node with some extra information so that your visitors don't ever fall on the default blank 403 access denied page.<br />Create the node and remember its node ID<br />Go back to Administer > Site configuration > Error reporting<br />Set Default 403 (Access denied) page to the node ID you just created<br />Save your settings and repeat the same step for setting up Error 404 page.<br />If you want you can also use the Search 404 module , download URL : http://drupal.org/project/search404 <br />Deployment : Error 403 and Error 404 pages<br />
    19. 19. Disable “Error reporting”<br />On a production site, it's best to suppress on-screen error reporting by choosing Write errors to the log.<br />- Go to Site configuration > <br /> Error reporting<br /><ul><li> Set Error reporting list box</li></ul> to Write errors to log<br />- Save configuration<br />Deployment : Disable :Error reporting”<br />
    20. 20. Install Backup and Migrate<br />Deployment : Install Backup and Migrate<br />I Use Backup and Migrate module to backup client Drupal database automatically<br />
    21. 21. Install Backup and Migrate<br />Deployment : Install Backup and Migrate<br /> - I Use Backup and Migrate module to easily extract database and migrate Drupal site.<br /> - Then copy the sites folder <br />To the new server, excluding the file “settings.php”<br /><ul><li>Then restore or import the database into the new server</li></ul>Download URL : http://drupal.org/project/backup_migrate<br />
    22. 22. Use “FireFTP” to synchronized and upload files<br />Deployment : Use “FireFTP” to synchronized and upload files<br />
    23. 23. Use “FireFTP” to synchronized and upload files<br />Download URL : http://fireftp.mozdev.org/<br /> - FireFTP is an FTP clients extension for Mozilla Firefox<br />Deployment : Use “FireFTP” to upload and synchronized files<br />
    24. 24. Install WYSIWYG for your site users or clients<br />Deployment : Install WYSIWYG editor<br />
    25. 25. Install WYSIWYG for your site users or clients<br />Deployment : Install WYSIWYG editor<br />I used the combination of the following modules :<br /><ul><li> CKEditor - http://drupal.org/project/ckeditor
    26. 26. CKEditor link - http://drupal.org/project/ckeditor_link
    27. 27. CKEditor SWF - http://drupal.org/project/ckeditor_swf
    28. 28. Image resize filter - http://drupal.org/project/image_resize_filter
    29. 29. IMCE - http://drupal.org/project/imce
    30. 30. IMCE Mkdir - http://drupal.org/project/imce_mkdir
    31. 31. IMCE Rename - http://drupal.org/project/imce_rename
    32. 32. IMCE Crop - http://drupal.org/project/imce_crop
    33. 33. Better Formats - http://drupal.org/project/better_formats</li></ul>WHEW! That’s a lot of modules!<br />
    34. 34. Don’t forget to set your “favicon”<br />Deployment : Set your “favicon”<br />A – If your themes comes<br />with a favicon icon.<br />B – Or else you can upload<br />image to be use as favicon<br />I prefer to use the themes<br />default favicon, I create<br />favicon using the online<br />generator at the URL :<br />http://favicon-generator.org<br />A<br />B<br />
    35. 35. Check modules and themes directory<br />Common mistakes for newbie is to put contributed modules and themes in the wrong directory.<br />Don’t drop contributed modules<br />and your custom theme in these<br />Directory, this is for core modules<br />And core theme only.<br />Deployment : Check “modules and themes” directory<br />
    36. 36. Check modules and themes directory<br />Put it inside “sites/all/modules” for modules and “sites/all/themes” for your custom theme.<br />You can drop your downloaded contributed modules and themes or custom modules and themes into these directory.<br />You can create folder named “modules” or “themes” inside this 2 folder and drop your module or theme there.<br />Deployment : Check “modules and themes” directory<br />
    37. 37. Check and set Caching mode<br />PATH : /admin/settings/performance<br />Deployment and Performance : Check and set Caching mode<br />
    38. 38. Set Page compression and Block Cache<br />PATH : /admin/settings/performance<br />Deployment and Performance : Set Page compression and Block cache<br />
    39. 39. Optimize and Gzip CSS and Javascript file<br />PATH : /admin/settings/performance<br /> - I use Javascript aggregator module to gzip and minify javascript.<br />URL to download: http://drupal.org/project/javascript_aggregator<br /> - I use cssgzip module to gzip css file<br />URL to download :<br />http://drupal.org/project/css_gzip<br /><ul><li> For maximum performance , you can try to install also boost module</li></ul>URL to download :<br />http://drupal.org/project/boost<br />Deployment and Performance : Optimize and Gzip CSS and Javascript file<br />
    40. 40. Confirmation : before CSS and Javascript optimization That’s a lot of http request!<br />Deployment and Performance : Before optimizing CSS and Javascript <br />
    41. 41. Confirmation : after optimization, only 2 http request, WOW what a great improvement!<br />Deployment and Performance : Before optimizing CSS and Javascript <br />
    42. 42. Use “Web developer toolbar” to confirm css and javascript file compression<br />Uncompressed size<br />Compressed size<br />Take note of the big difference in the<br />file sizes, really cool!<br />You can download Web Developer toolbar here<br />URL : http://chrispederick.com/work/web-developer/<br />Deployment and Performance : Use “Web developer toolbar”<br />
    43. 43. Use “Yslow” to grade and check performance of your Drupal site <br />You can download Yslow here in this URL : http://developer.yahoo.com/yslow/<br />Deployment and Performance : Use “Yslow”<br />
    44. 44. Test Performance and page speed using the free services of http://www.webpagetest.org<br />According to survey, visitors go leave your site if it doesn’t load within 7 seconds<br />Deployment and Performance : Use webpagetes.org website to measure page speed<br />
    45. 45. Check Module Page<br />PATH : /admin/build/modules<br />Before deploying a site, disable all developer modules.<br /> Example :<br /> - views_ui<br /> - imagecache_ui<br /> - masquerade<br /> - devel<br />- theme editor<br />Disable and uninstall module that your site don’t need.<br />If you delete previously installed modules, you may want to clean your Drupal site system table, use “System table cleaner” module.<br />URL : http://drupal.org/project/system_table_cleaner<br />Note : Drupal 7 already included system table cleaner functionality<br />Deployment and Performance : Check Module Page<br />
    46. 46. Check “.htaccess”<br />Decide whether to redirect<br />your visitors to domain with<br />www prefix or without www<br />prefix, good for SEO<br />Add configuration for ETag<br />Deployment and SEO : Check “.htaccess”<br />
    47. 47. Enable Clean URL / check URL aliases<br />Enable path module and install pathauto.<br />You may want to set update<br />action in pathauto settings<br />not to change the url alias<br />if nodes are updated, this will<br />avoid broken link and SEO <br />Problem.<br />PATH : /admin/build/path/settings<br />You may also install “transliteration” module to handle sanitation of file names.<br />Deployment and SEO : Enable clean URL / check URL aliases<br />
    48. 48. Ensure “settings.php” is write protected<br />Make sure settings.php is set to read only<br />Security : Ensure "settings.php" is write protected<br />
    49. 49. Protecting critical users <br />I use the following modules to protect critical users, for example the root user which is User 1<br />- Protect Critical User : this protect critical user from being deleted, URL : http://drupal.org/project/protect_critical_users<br /> - Permission Lock : I don’t want to allow my client to play with a bomb, so I restricted them from configuring explosive Drupal permission settings. URL : http://drupal.org/project/permissions_lock <br />- User protect : Just like user protect but with more options and much more complicated configuration. URL : http://drupal.org/project/userprotect<br />Security : Protecting critical users<br />
    50. 50. Disable user 1<br />Be sure to have at least one user (other than uid 1) that has the permission administer users from user module.<br />Login with this account (again other than uid 1)<br />Go to Administer > User management > Users<br />Edit user with uid == 1<br />Set Status to Blocked<br />Click Save<br />Now user 1 can't login to your website. No more risk for password discovery for this account.<br />Please note that you should check enabled modules code, sometimes they use user 1 to achieve some tasks. And this could break some modules features. So use with caution.<br />Security : Protecting critical users<br />
    51. 51. Hide User 1 and change its user login name<br />Install User One module from http://drupal.org/project/userone <br />This module will hide User 1 <br />from user listing page and <br />also control viewing and <br />editing of user one account. <br />It also allow user 1 to login<br />with different name.<br />Security : Protecting critical users<br />
    52. 52. Remove “.txt” files in the root directory <br />You may upload <br />and leave this txt <br />file : robot.txt<br />intact<br />You can skip uploading all this txt files <br />into your production server. Possible<br />security threat according to some <br />developer.<br />Deployment and Security : Remove “.txt” files in the root directory<br />
    53. 53. Check allowed “Input format” <br />Installed Better format module and you can set the default format for your users and also per content types <br />URL : http://drupal.org/project/better_formats<br />Deployment and Security : Check input format<br />
    54. 54. Check and configure permissions after enabling new modules<br />Deployment and Security : Check Permissions<br />
    55. 55. ENDPresented by : Adolfo G. Nasol http://danreb.com09195951276YM : carnielshopSkype : danrebco<br />END OF PRESENTATION : Drupalcamp 2011 Philippine Drupal User Groups<br />
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×