QA Best Practices• Development, Testing & Production• Stakeholder Sign-off by Review• Regular Release Cycle• Batch work
Audits and MonitoringPrevention is better than cure
AuditingPeriodic Auditing is important!Make a check-list.
Auditing Code Base- Version Control- Development Server Setup: Dev > Test > Prod- Hacks- Hacked! module- Custom Modules- what do they do?- Contributed Modules- updates, errors?- Drupal Core- update and/or upgrade?
Auditing Configuration- Panels/Context/Display Suite, used properly?- Live Updating? Feeds?- Site Logs- Permissions and Roles- PHP filter- Spam Prevention- Performance Optimization- SEO: SEO Checklist Module
Auditing Theme- Are themes up to date?- Base Theme used? Or Hacked?- Custom PHP logic in tpl files?- Libraries and CSS structure- Responsive- What techniques?- Red flags- are tpl files out of control?
Monitoring- Most of the time in recovery is figuring out what’s broken- Monitor Trends
Monitoring- Use Syslog to write Drupal logs to text file- Monitor Servers, SEO- Cron-Total Admin Control or create admin views- Drupalmonitor.com- Are your admins educated?- Every time you have an issue- start to monitor.-Google Analytics
Security Review- Most security holes are created in the configuration andtheme.- Security Review module will help!
Security Review- File system permissions- Input format- Content (nodes, comments and ﬁelds in Drupal 7)- Error reporting- Private ﬁle- Allowed upload extension- Database error- Failed logins- Drupal admin permissions- Username as password- Password included in user emails- PHP access
Detecting Problems- Spam- number of nodes, emails being sent,comments, users. (Good to know trends)Mollom, Captcha, Admin Views- Use Version Control to check diffs- revertto good version- Hacked! Module - switch to unhackedcontrib module- Security Review Module will look for spamin content.- Use a good hosting company
Security & Module UpdatesWhat to do with those error messages?
UpdatesKeep on top of Updates- within 30 daysfor security updates.Read the update notes for non-securityupdates.Finding a bug in a contrib module.Do Not Hack Core! No exceptions.Planning for Custom ModulesStaying in tune with Advances inCommunity Modules
Version UpgradesTimingCommunity Catch-upNew ModulesConsider a Rebuild?TestingWhat’s the plan?