QA Best Practices• Development, Testing & Production• Stakeholder Sign-off by Review• Regular Release Cycle• Batch work
Audits and MonitoringPrevention is better than cure
Auditing what to look for:- Version Control- Hacks- Hacked! module- Custom Modules- what do they do?- Contributed Modules- updates, errors?- Custom Theme- Core- update and/or upgrade?- Live Feeds?- Site Logs- Permissions- php filter, security risks.- Spam Prevention- Performance Optimization Periodic Auditing- SEO Checklist Module is important!
Security Review• Input formats• File system permissions• Error reporting• Private ﬁles• Allowed upload extensions• Database errors• Failed logins• Drupal admin permissions• Username as password• Password included in user emails• PHP access Training is key. Users need Drupal awareness!
Monitoring- Most of the time in recovery isfiguring out what’s broken.- Monitor Trends- Use Syslog to write Drupal logsto text file- Monitor Servers, SEO- Cron- Drupalmonitor.com- Are your admins educated?- Every time you have an issue-start to monitor.
Detecting Problems- Spam- number of nodes, emailsbeing sent, comments, users. (Good toknow trends) - Mollom, Captcha,Admin Views- Use Version Control to check diffs-revert to good version- Hacked! Module - switch tounhacked contrib module- Security Review Module will look forspam in content.
Security & Module UpdatesWhat to do with those error messages?
UpdatesKeep on top of Updates- within30 days at least.Finding a bug in a contribmodule.Do Not Hack Core! Noexceptions.Planning for Custom ModulesStaying in tune with Advancesin Community Modules
Version UpgradesTimingCommunity Catch-upNew ModulesConsider a Rebuild?TestingWhat’s the plan?