DEPLOYMENT CHECKLIST FOR DRUPAL
Drupal related,pre-upload stuff that needs to be done before launching a Drupal site:
Drupal General Settings:
Few things that must be reviewed & confirmed before releasing a
- Is the Drupal core up to date with all security releases?
- Are all modules up to date?
- Are there files that reveal the specific Drupal version or module information to the public?
- Remove unused modules, & read documentation of module and know about open issue of module.
- Remove unused roles.
- Remove un-used tables from database(custom created tables).
- Review Content Types and remove the ones not used anywhere:
- Review the menu, for their specific appearances on diff screens.
- Review the theme for code quality and adherence toDrupal standards and proper validation.
- Optimize & Validate the CSS of site.
- Check for Java Script errors.
- Review custom modules for code quality and adherence toDrupal standards.
- Review all views, move into custom module for version management and optimization, remove unused views.
- Check for proper theming on generated pages (search results,
login/registration pages, etc).
- Delete dummy content.
- Setup cron job , don’t put any script (PHP files) in root directory for cron tasks instead use “hook_cron”..
- Enable the Path module and get Clean URLs working.
- Remove Hard coded path of images or content.
- Disable developer modules Devel / Coder / masquerade / trace / selenium /simpletest / sandbox / drush or any other module that has been used for development purposes on production site.
- Turn off Views UI.
- Don’t forget to set site timezone.
- Check Every string must be passed in t() (translate) function in your module code.
- Must select “transliterate prior to creating alias”, in path auto configuration.
Speed & Performance of site could also be increased by taking
the following measures:
• Enable caching of pages,blocks,panels,etc.
• Enable page compression(if not already enabled by the Web server).
• CSS Gzip
Drupal User Settings:
User’s are one of the crucial aspects and thus,there’s a need for
the following safeguard measures:
• Confirm user registration settings.
• Email used to send out the registration.
• Confirm email settings if Logintoboggan is used.
• Check the roles/permissions for appropriate settings as per client
..& there are custom modules to help us in our work.
•Security Check module :http://drupal.org/project/security_review
• Review web server configuration – for Apache, check max clients settings and enabled modules.
• Review database configuration – for MySQL, adjust cache size and other settings as necessary.
• Review PHP configuration – adjust max memory and max execution as
• Install and configure PHP opcode cache.
• OPTIONAL: install and configure reverse proxy cache
• Error reporting is turned off, to discourage hacking viagra kaufen rezeptfrei.
• System Status Report Check for any pending file permissions.
• Review Robot.txt along with Team lead for optimum allowance based on
• Remove .TXT files from Drupal root, it is strongly recommended to remove those files, from the root directory of drupal installation.
• Error reporting display should be set as “write to log only”. Site
configuration > Error reporting
• Use drupal text filtering functions to avoid XSS.
.Use database abstraction layer to avoid SQL injections.
- Cross browser compatibility in different builds and versions of popular browsers.