This document provides best practices for long-term support of a Drupal site, including training users and staff, documentation, auditing, monitoring, security reviews, and keeping the site and modules updated. It emphasizes the importance of documentation, communication, and ongoing education to ensure a solid foundation and prevent problems. Regular auditing, monitoring, and security reviews are also recommended to catch any issues.
5. Drupal Web Team
• Learning Drupal Takes Time
• Early & Often Team Engagement
• Train the Trainer
• Backup Expert Level Support
• Effective Documentation
6. Content Manager Training
• Onsite Training Sessions
• Web Team Trainers
• FAQ / Forums
• Help Videos
• Training Materials
17. Auditing Configuration
- Panels/Context/Display Suite, used properly?
- Live Updating? Feeds?
- Site Logs
- Permissions and Roles- PHP filter
- Spam Prevention
- Performance Optimization
-SEO Checklist Module
18. Auditing Theme
- Are themes up to date?
- Base Theme used? Or Hacked?
- Custom PHP logic in tpl files?
- Javascript Libraries
- CSS structure
- Responsive- What techniques?
- Red flags- are tpl files out of control?
19. Auditing Performance
- Front End-Performance
Caching, CSS/JS aggregation, Images
- Backend Performance
Slow custom code, out-of-date modules, caching
- Server performance
- Traffic Levels- anonymous or logged in.
20. Monitoring
- Most of the time in recovery is figuring out what’s broken
- Train your clients how to monitor and write good tickets
21. Monitoring
- Use Syslog to write Drupal logs to text file
- Cron and caching configured and on?
- Total Admin Control or create admin views
- Are your admins educated?
- Every time you have an issue- start to monitor.
-Google Analytics
22. Security Review
- Most security holes are created in the configuration and
theme.
- Security Review module will help!
23. Security Review
- File system permissions
- Input format
- Content (nodes, comments and fields in Drupal 7)
- Error reporting
- Private file
- Allowed upload extension
- Database error
- Failed logins
- Drupal admin permissions
- Username as password
- Password included in user emails
- PHP access
25. Detecting Problems
- Spam-Mollom, Captcha, Admin Views
- Use Version Control to check diffs- revert
to good version
- Hacked! Module - switch to unhacked
contrib module
- Security Review Module will look for spam
in content.
- Use a good hosting company
27. Updates
Keep on top of Updates- within 30 days
for security updates.
Read the update notes for non-security
updates.
Finding a bug in a contrib module.
Do Not Hack Core! No exceptions.
Planning for Custom Modules
Staying in tune with Advances in
33. Key Points
Continual Love & Attention
Keep Documentation Fresh
Use good communication and
feedback/QA tools
Foster Drupal Talent
Community Contribution