QA Best Practices• Development, Testing & Production• Stakeholder Sign-off by Review• Regular Release Cycle• Batch work
Audits and MonitoringPrevention is better than cure
AuditingPeriodic Auditing is important!Make a check-list.
Auditing Code Base- Hacked! module- Custom Modules- what do they do?- Contributed Modules- updates, errors?- Drupal Core- update and/or upgrade?- Comments in code- Drupal Coding standards- Red flags
Auditing Development Environment- Version Control- Development Server Setup: Dev > Test > Prod-What is the development workflow?
Auditing Configuration- Panels/Context/Display Suite, used properly?- Live Updating? Feeds?- Site Logs- Permissions and Roles- PHP filter- Spam Prevention- Performance Optimization-SEO Checklist Module
Auditing Performance- Front End-PerformanceCaching, CSS/JS aggregation, Images- Backend PerformanceSlow custom code, out-of-date modules, caching- Server performance- Traffic Levels- anonymous or logged in.
Monitoring- Most of the time in recovery is figuring out what’s broken- Train your clients how to monitor and write good tickets
Monitoring- Use Syslog to write Drupal logs to text file- Cron and caching configured and on?- Total Admin Control or create admin views- Are your admins educated?- Every time you have an issue- start to monitor.-Google Analytics
Security Review- Most security holes are created in the configuration andtheme.- Security Review module will help!
Security Review- File system permissions- Input format- Content (nodes, comments and ﬁelds in Drupal 7)- Error reporting- Private ﬁle- Allowed upload extension- Database error- Failed logins- Drupal admin permissions- Username as password- Password included in user emails- PHP access
Detecting Problems- Spam-Mollom, Captcha, Admin Views- Use Version Control to check diffs- revertto good version- Hacked! Module - switch to unhackedcontrib module- Security Review Module will look for spamin content.- Use a good hosting company
Security & Module UpdatesWhat to do with those error messages?
UpdatesKeep on top of Updates- within 30 daysfor security updates.Read the update notes for non-securityupdates.Finding a bug in a contrib module.Do Not Hack Core! No exceptions.Planning for Custom ModulesStaying in tune with Advances in
Version UpgradesTimingCommunity Catch-upNew ModulesConsider a Rebuild?TestingWhat’s the plan?