Maintaining a Drupal Over the Longterm
Meghan Sweet (@meghsweet)
29 June, 2012
LA Drupal Camp 2012
Site Launches!
Now What?
Empower Your Users
Drupal Web Team Training
• Learning Drupal Takes Time
• Train the Trainer
• Backup Expert Level Support
• Effective Documentation
Content Manager Training
• Onsite Training Sessions
• Help Videos
• FAQ / Forums
• Training Materials
DocumentationExtensive commenting Onscreen helpTraining Videos FAQ Capture
Support Best Practices
Communication Ticketing Tool
Expectation Management
Expect Ongoing Education
QA Best Practices
• Development, Testing & Production
• Stakeholder Sign-off by Review
• Regular Release Cycle
• Batch work
Prevention is better than cure
Audits and Monitoring
AuditingPeriodic Auditing is important!
Make a check-list.
Auditing Code Base
- Version Control
- Development Server Setup: Dev > Test > Prod
- Hacks- Hacked! module
- Custom Modules- what do they do?
- Contributed Modules- updates, errors?
- Drupal Core- update and/or upgrade?
Auditing Configuration
- Panels/Context/Display Suite, used properly?
- Live Updating? Feeds?
- Site Logs
- Permissions and Roles- PHP filter
- Spam Prevention
- Performance Optimization
- SEO: SEO Checklist Module
Auditing Theme
- Are themes up to date?
- Base Theme used? Or Hacked?
- Custom PHP logic in tpl files?
- Libraries and CSS structure
- Responsive- What techniques?
- Red flags- are tpl files out of control?
Monitoring- Most of the time in recovery is figuring out what’s broken
- Monitor Trends
Monitoring- Use Syslog to write Drupal logs to text file
- Monitor Servers, SEO
- Cron
-Total Admin Control or create admin views
- Drupalmonitor.com
- Are your admins educated?
- Every time you have an issue- start to monitor.
-Google Analytics
Security Review- Most security holes are created in the configuration and theme.
- Security Review module will help!
Security Review- File system permissions- Input format- Content (nodes, comments and fields in Drupal 7)- Error reporting- Private file- Allowed upload extension- Database error - Failed logins- Drupal admin permissions- Username as password- Password included in user emails- PHP access
Training is key.
Users need Drupal awareness!
Detecting Problems- Spam- number of nodes, emails being sent, comments, users. (Good to know trends) Mollom, Captcha, Admin Views
- Use Version Control to check diffs- revert to good version
- Hacked! Module - switch to unhacked contrib module
- Security Review Module will look for spam in content.
- Use a good hosting company
What to do with those error messages?
Security & Module Updates
UpdatesKeep on top of Updates- within 30 days for security updates.
Read the update notes for non-security updates.
Finding a bug in a contrib module.
Do Not Hack Core! No exceptions.
Planning for Custom Modules
Staying in tune with Advances in Community Modules
Version Upgrades
TimingCommunity Catch-up New ModulesConsider a Rebuild?TestingWhat’s the plan?
Community Connection
Groups.Drupal.orgInternal Knowledge SharingLocal User Group Meet-upsDrupal Camps, Cons & Summits
Taking Over Another’s Work
discoveryread the documentationtalk to all stakeholdersget clear line of sight to prioritiesreview the laundry list
Key PointsContinual Love & Attention
Keep Documentation Fresh
Use good communication and feedback/QA tools
Foster Drupal Talent
Community Contribution
Thank You!@meghsweet
@chapter_three
Recommended