Your SlideShare is downloading. ×
Drupal Checklist for Site Builder and Web admin
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Drupal Checklist for Site Builder and Web admin


Published on

I've discuss this presentation in the Business track of PhDrug : Philippine Drupal User Group DrupalCamp Manila Event this Feb 5 2011 in Makati Philippines

I've discuss this presentation in the Business track of PhDrug : Philippine Drupal User Group DrupalCamp Manila Event this Feb 5 2011 in Makati Philippines

Published in: Technology

  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide
  • Created and prepared by : Adolfo G. Nasol for Philippine Drupal User Group Drupal Camp events Feb 5 2011
  • Transcript

    • 1. Checklist for Drupal site builder and web admin
      Adolfo G. Nasol
    • 2. The Topic
      I’ve got the idea after attending on the last Drupal PH meet-up ( Jan 14, 2011)
      These are my list of best practice ( I hope it is )
      Drupal site building strategy
      Dedicated for web admin, site builder, Drupal themer and junior developer and Drupal newbie.
      Purpose : to be able to hear feedback from fellow developer about their own strategy and practice.
    • 3. About Me
      I am a Freelancer working as Drupal Site builder, Drupal Themer / Designer and Website admin
      A total of 1 year and 39 weeks since I started using Drupal and registered as a member in PhDrug ->
      Information and Communication Technology Student
      Short Course trainers teaching Dreamweaver and Fireworks
    • 4. Category checklist
    • 5. Always check “Status report”
      Deployment : Check “Status report”
      PATH : /admin/reports/status
      Resolve any errors shown in status report
    • 6. Always check “Status report”
      Deployment : Check “Status report”
      PATH : /admin/reports/status/sql
      PATH : /admin/reports/status/php
      Status report page gives you a lot of useful information
      for troubleshooting your Drupal sites and it will allow you to resolve almost
      90% of the problem of your Drupal sites just by resolving errors and issues found in this page.
    • 7. Check the “Site Information”
      Check if all information define here is correct such as “E-mail address and Site name”.
      - use email address ending in sites domain
      Set the default front page, slogan if needed, footer and mission statement
      If you installed Poormans cron module, you can set the time interval in this page for running cron.
      Deployment : Check the “ Site Information”
    • 8. Check “User registration” settings
      Path : /admin/user/settings
      The default value of Visitors can create accounts and no administrator approval is required is easily overlooked, and often undesired.
      Deployment : Check the “ User registration” settings
    • 9. Check “User registration” settings
      If you disable the public registration and choose Only site administrators can create new user accounts you may also interested removing the link “Request new password” in the login block or page, the module “No request new password” will allow you to do this.
      Module Download URL :
      Deployment : Check the “ User registration” settings
    • 10. Disallow odd usernames
      If you enabled the public registration for your Drupal sites, It is recommended that you prevent users from registering on your website with some odd usernames like: root, admin, webmaster, administrator etc.
      To prevent this from happening:
      - Go to Administer > User management > Access rules > Add rule
      - Set Access type to Deny
      - Set Rule type to Username
      - In Mask type root
      - Click the Add rule button
      Repeat this for every username you don't want to be created on your site.
      Deployment : Disallow odd usernames
    • 11. Disallow odd usernames
      Deployment : Disallow odd usernames
      You can also add rule to disallow users who registered using disposable emails, or certain
      domain name.
    • 12. Confirm “Email” settings
      Often, placeholder email addresses will be filled in during development, and should be updated before deployment. Try to start with the correct addresses from the beginning when possible.
      In addition to Drupal's global site mail, email addresses is stored in a variety of places: The admin user's account, contact forms, webforms, ubercart etc.
      Deployment : Confirm “ Email” settings
    • 13. Confirm “Email” settings
      In every site I’ve maintain, I always set the notification for new security release to send updates to my email account , PATH -> /admin/reports/updates/settings
      Deployment : Confirm “ Email” settings
    • 14. Adjust “Database logging” row limit
      The default row limit of 1000 can wrap quickly, database logging gives you information for vital debugging when you need it. The average row length is generally around 1kB, so you can boost this up to 100,000 rows and still leave you with a manageable watchdog table.
      Note : If your website is running on a shared hosting account, turning off database logging and automatic updates will speed up
      loading of your Drupal sites.
      PATH : /admin/settings/logging/dblog
      PATH : /admin/reports/dblog
      Deployment : Adjust “Database logging” row limit
    • 15. Use “PhpMyadmin” to remove database overhead, optimize and check your Drupal’s database regularly
      If you don’t regularly
      check your Drupal
      sites database,
      overhead will grow
      bigger and bigger in
      size and your site
      will slow down
      loading pages.
      Deployment and Performance : Use PhpMyadmin to repair and optimize Drupal database tables
    • 16. Set-up “Cron”
      Easiest way is to install “Poormanscron” modules, download URL is - >
      Then in “Site Information” page you can
      adjust the time intervals of your Drupal sites to run cron.
      You can also setup cron in your website
      cPanel, information on setting up cron
      can be found here :
      Poormanscron is now part of Drupal 7
      Deployment : Set up cron : Install Poormanscron module
    • 17. Check “Error reporting ” page
      Deployment : Check “Error reporting “
      PATH : /admin/settings/error-reporting
    • 18. Error 403 and Error 404 pages
      If you don’t want visitors trying to go to restricted directory redirected into user login page, then alternatively you can create a node with some extra information so that your visitors don't ever fall on the default blank 403 access denied page.
      Create the node and remember its node ID
      Go back to Administer > Site configuration > Error reporting
      Set Default 403 (Access denied) page to the node ID you just created
      Save your settings and repeat the same step for setting up Error 404 page.
      If you want you can also use the Search 404 module , download URL :
      Deployment : Error 403 and Error 404 pages
    • 19. Disable “Error reporting”
      On a production site, it's best to suppress on-screen error reporting by choosing Write errors to the log.
      - Go to Site configuration >
      Error reporting
      • Set Error reporting list box
      to Write errors to log
      - Save configuration
      Deployment : Disable :Error reporting”
    • 20. Install Backup and Migrate
      Deployment : Install Backup and Migrate
      I Use Backup and Migrate module to backup client Drupal database automatically
    • 21. Install Backup and Migrate
      Deployment : Install Backup and Migrate
      - I Use Backup and Migrate module to easily extract database and migrate Drupal site.
      - Then copy the sites folder
      To the new server, excluding the file “settings.php”
      • Then restore or import the database into the new server
      Download URL :
    • 22. Use “FireFTP” to synchronized and upload files
      Deployment : Use “FireFTP” to synchronized and upload files
    • 23. Use “FireFTP” to synchronized and upload files
      Download URL :
      - FireFTP is an FTP clients extension for Mozilla Firefox
      Deployment : Use “FireFTP” to upload and synchronized files
    • 24. Install WYSIWYG for your site users or clients
      Deployment : Install WYSIWYG editor
    • 25. Install WYSIWYG for your site users or clients
      Deployment : Install WYSIWYG editor
      I used the combination of the following modules :
      • CKEditor -
      • 26. CKEditor link -
      • 27. CKEditor SWF -
      • 28. Image resize filter -
      • 29. IMCE -
      • 30. IMCE Mkdir -
      • 31. IMCE Rename -
      • 32. IMCE Crop -
      • 33. Better Formats -
      WHEW! That’s a lot of modules!
    • 34. Don’t forget to set your “favicon”
      Deployment : Set your “favicon”
      A – If your themes comes
      with a favicon icon.
      B – Or else you can upload
      image to be use as favicon
      I prefer to use the themes
      default favicon, I create
      favicon using the online
      generator at the URL :
    • 35. Check modules and themes directory
      Common mistakes for newbie is to put contributed modules and themes in the wrong directory.
      Don’t drop contributed modules
      and your custom theme in these
      Directory, this is for core modules
      And core theme only.
      Deployment : Check “modules and themes” directory
    • 36. Check modules and themes directory
      Put it inside “sites/all/modules” for modules and “sites/all/themes” for your custom theme.
      You can drop your downloaded contributed modules and themes or custom modules and themes into these directory.
      You can create folder named “modules” or “themes” inside this 2 folder and drop your module or theme there.
      Deployment : Check “modules and themes” directory
    • 37. Check and set Caching mode
      PATH : /admin/settings/performance
      Deployment and Performance : Check and set Caching mode
    • 38. Set Page compression and Block Cache
      PATH : /admin/settings/performance
      Deployment and Performance : Set Page compression and Block cache
    • 39. Optimize and Gzip CSS and Javascript file
      PATH : /admin/settings/performance
      - I use Javascript aggregator module to gzip and minify javascript.
      URL to download:
      - I use cssgzip module to gzip css file
      URL to download :
      • For maximum performance , you can try to install also boost module
      URL to download :
      Deployment and Performance : Optimize and Gzip CSS and Javascript file
    • 40. Confirmation : before CSS and Javascript optimization That’s a lot of http request!
      Deployment and Performance : Before optimizing CSS and Javascript
    • 41. Confirmation : after optimization, only 2 http request, WOW what a great improvement!
      Deployment and Performance : Before optimizing CSS and Javascript
    • 42. Use “Web developer toolbar” to confirm css and javascript file compression
      Uncompressed size
      Compressed size
      Take note of the big difference in the
      file sizes, really cool!
      You can download Web Developer toolbar here
      URL :
      Deployment and Performance : Use “Web developer toolbar”
    • 43. Use “Yslow” to grade and check performance of your Drupal site
      You can download Yslow here in this URL :
      Deployment and Performance : Use “Yslow”
    • 44. Test Performance and page speed using the free services of
      According to survey, visitors go leave your site if it doesn’t load within 7 seconds
      Deployment and Performance : Use website to measure page speed
    • 45. Check Module Page
      PATH : /admin/build/modules
      Before deploying a site, disable all developer modules.
      Example :
      - views_ui
      - imagecache_ui
      - masquerade
      - devel
      - theme editor
      Disable and uninstall module that your site don’t need.
      If you delete previously installed modules, you may want to clean your Drupal site system table, use “System table cleaner” module.
      URL :
      Note : Drupal 7 already included system table cleaner functionality
      Deployment and Performance : Check Module Page
    • 46. Check “.htaccess”
      Decide whether to redirect
      your visitors to domain with
      www prefix or without www
      prefix, good for SEO
      Add configuration for ETag
      Deployment and SEO : Check “.htaccess”
    • 47. Enable Clean URL / check URL aliases
      Enable path module and install pathauto.
      You may want to set update
      action in pathauto settings
      not to change the url alias
      if nodes are updated, this will
      avoid broken link and SEO
      PATH : /admin/build/path/settings
      You may also install “transliteration” module to handle sanitation of file names.
      Deployment and SEO : Enable clean URL / check URL aliases
    • 48. Ensure “settings.php” is write protected
      Make sure settings.php is set to read only
      Security : Ensure "settings.php" is write protected
    • 49. Protecting critical users
      I use the following modules to protect critical users, for example the root user which is User 1
      - Protect Critical User : this protect critical user from being deleted, URL :
      - Permission Lock : I don’t want to allow my client to play with a bomb, so I restricted them from configuring explosive Drupal permission settings. URL :
      - User protect : Just like user protect but with more options and much more complicated configuration. URL :
      Security : Protecting critical users
    • 50. Disable user 1
      Be sure to have at least one user (other than uid 1) that has the permission administer users from user module.
      Login with this account (again other than uid 1)
      Go to Administer > User management > Users
      Edit user with uid == 1
      Set Status to Blocked
      Click Save
      Now user 1 can't login to your website. No more risk for password discovery for this account.
      Please note that you should check enabled modules code, sometimes they use user 1 to achieve some tasks. And this could break some modules features. So use with caution.
      Security : Protecting critical users
    • 51. Hide User 1 and change its user login name
      Install User One module from
      This module will hide User 1
      from user listing page and
      also control viewing and
      editing of user one account.
      It also allow user 1 to login
      with different name.
      Security : Protecting critical users
    • 52. Remove “.txt” files in the root directory
      You may upload
      and leave this txt
      file : robot.txt
      You can skip uploading all this txt files
      into your production server. Possible
      security threat according to some
      Deployment and Security : Remove “.txt” files in the root directory
    • 53. Check allowed “Input format”
      Installed Better format module and you can set the default format for your users and also per content types
      URL :
      Deployment and Security : Check input format
    • 54. Check and configure permissions after enabling new modules
      Deployment and Security : Check Permissions
    • 55. ENDPresented by : Adolfo G. Nasol http://danreb.com09195951276YM : carnielshopSkype : danrebco
      END OF PRESENTATION : Drupalcamp 2011 Philippine Drupal User Groups