What not to forget when launching a Drupal Site?


Drupal related,pre-upload stuff that needs to be done before launching a Drupal site:

Drupal General Settings:

Few things that must be reviewed & confirmed before releasing a
“Drupal Site”

  • Is the Drupal core up to date with all security releases?
  • Are all modules up to date?
  • Are there files that reveal the specific Drupal version or module information to the public?
  • Remove unused modules, & read documentation of module and know about open issue of module.
  • Remove unused roles.
  • Remove un-used tables from database(custom created tables).
  • Review Content Types and remove the ones not used anywhere:
  • Review the menu, for their specific appearances on diff screens.
  • Review the theme for code quality and adherence toDrupal standards and proper validation.
  • Optimize & Validate the CSS of site.
  • Check for Java Script errors.
  • Review custom modules for code quality and adherence toDrupal standards.
  • Review all views, move into custom module for version management and optimization, remove unused views.
  • Check for proper theming on generated pages (search results,
    login/registration pages, etc).
  • Delete dummy content.
  • Setup cron job , don’t put any script (PHP files) in root directory for cron tasks instead use “hook_cron”..
  • Enable the Path module and get Clean URLs working.
  • Remove Hard coded path of images or content.
  • Disable developer modules Devel / Coder / masquerade / trace / selenium /simpletest / sandbox / drush or any other module that has been used for development purposes on production site.
  • Turn off Views UI.
  • Don’t forget to set site timezone.
  • Check Every string must be passed in t() (translate) function in your module code.
  • Must select “transliterate prior to creating alias”, in path auto configuration.

Drupal Optimization:

Speed & Performance of site could also be increased by taking
the following measures:
• Enable caching of pages,blocks,panels,etc.
• Enable page compression(if not already enabled by the Web server).
• CSS Gzip
• Javascript Aggregation.

Drupal User Settings:

User’s are one of the crucial aspects and thus,there’s a need for
the following safeguard measures:
• Confirm user registration settings.
• Email used to send out the registration.
• Confirm email settings if Logintoboggan is used.
• Check the roles/permissions for appropriate settings as per client


..& there are custom modules to help us in our work.
•Security Check module :http://drupal.org/project/security_review
• SEOChecklist(optional):http://drupal.org/project/seo_checklist
Server Side:
• Review web server configuration – for Apache, check max clients settings and enabled modules.
• Review database configuration – for MySQL, adjust cache size and other settings as necessary.
• Review PHP configuration – adjust max memory and max execution as
• Install and configure PHP opcode cache.
• OPTIONAL: install and configure reverse proxy cache
• Error reporting is turned off, to discourage hacking viagra kaufen rezeptfrei.
• System Status Report Check for any pending file permissions.
• Review Robot.txt along with Team lead for optimum allowance based on
client needs.

Drupal Security:

• Remove .TXT files from Drupal root, it is strongly recommended to remove those files, from the root directory of drupal installation.
• Error reporting display should be set as “write to log only”. Site
configuration > Error reporting
• Use drupal text filtering functions to avoid XSS.
.Use database abstraction layer to avoid SQL injections.


  • Cross browser compatibility in different builds and versions of popular browsers.