The Ultimate Drupal Prelaunch Checklist for Developers
There’s a saying that “Think before you speak”. Similarly, test before you launch.
Website testing is a necessary step to take. Cross-browser testing, checking for dead links, proof-reading these are the things that should get tested before making the site live. This article is all about the steps that are required specifically for starting a Drupal site. Some of the recommendations of Drupal Pre-launch Checklist for developers are:
Drupal do have extendable number of Cron jobs that are scheduled to run at different intervals, some of them are to re-index the search mechanism and some are to check for updates. You can make custom modules in Drupal just like other CMS with their defined Cron jobs.
These Cron jobs can vary from searching the latest Twitter feeds to processing message queues. Without doing Cron jobs, you can run your site, but I would highly recommend that this will let your site to maintain the security by Update status module.
If you can go through the official documentation you can see the whole process of the setting up Cron job, or else do have a look at Poor Man’s Cron. It is a functionality offered in Drupal 7 which is a simple back port of automatic Cron-running functionality.
Check The Upload Sizes & Execution Time:
If you want to allow users to upload large files such as MP3 and MP4 files on your site, then make sure to configure the server first. Allow your server to upload up to an approximate size.
And not just uploading, take a look at the max_execution_time setting also. This time setting will get increase if you are uploading large files.
Check Recipient Email Addresses:
Before launching the Drupal site first make sure to double check that either all the forms, modules, and other things are sending to the correct email addresses or not. Most of the developers forget to update these, once the site is ready, change your own addresses to the client’s one.
Set The File Permissions:
The security is the first concern of any website, so before launching your Drupal site make sure that you correctly configure the security permissions on your file systems. This would help in securing your site from any malicious hackers. Make sure that all files are saved in their particular folders, and also ensure that settings.php file which contains all the information of database connections, is also secured.
Make sure that to facilitate for uploading functionality, your files directory needs to be writeable by the web server. We would recommend you to ensure that your installation must be configured with access to a writable temporary directory. To check the whole process of how to give files permissions and ownership and how to install the files directory, check these two official documentation.
Protect Your Root Account:
Typically during drupal development, you have to develop your site using an admin account. Make sure to secure that account. This account has all the information and the access to your website. And not just the access, but the havoc which could be wrecked by a hacker getting access to this account which the network security is not permitting, and to be carried out using a web browser.
While building the admin account, choose a secure admin account username instead of just choosing admin, make something difficult to guess. And also make sure that the password must be secure enough. You can use a Drupal module named AES so that you can tighten up the security more.
Some of the new modules introduce new kind of permissions that are restrictive. These type of agreements have to be manually enabled for many other roles. These include anonymous, registered or custom. One of the main advantages is that only the root user can access the part of the site but not a regular user, hence more security. Before launching, it is highly recommended that you should test the site with each role.
Turn Off Error Reporting:
Ever witnessed any error messages of Drupal live sites? I have seen them often. These errors are not only Drupal-specific messages. Drupal renders many PHP errors. You have options to either display them or not.
To configure them, go to Site Configuration -> Error Reporting. Now set the option of the same name to write errors to the log. Doing so will not display errors.
Handle 404 Errors Gracefully:
Before launching make sure that the 404 errors (or missing pages) are catered in as helpfully as possible. There is a built-in feature of Drupal in which Error handling page is displayed on pages where there is no block configured. For that, you can use Drupal module named Search 404 or you can use 404 block. This module guesses what the user wants or what user tries to search. It helps the user by feeding terms from URL into the search engine.
Search Engine Optimization
Don’t forget to check robots.txt before launching. And even before that, ensure that the relevant sections of your new site are excluded from crawlers. To further understand, see the documentation on Drupal official site.
Combine Pathauto With Global Redirect:
First install a module called Global Redirect with an existing module Pathauto module. You should use these modules on your Drupal site to generate “friendly” URLs automatically. It works by performing a 301 redirect to aliased path or by analyzing a visited link.
You must be thinking, why is this important? The answer is real simple, if a single page is accessible from multiple URL’s, for instance, contact-us is an alias for node/123, some other user visits node/123 directly what Drupal will do is that it will redirect back to contact-me page on your site. By doing so, it can impact negatively on your search ranking.
Create A Maintenance Page:
Make a custom maintenance page for the users who would visit your site during the time when you are upgrading or maintaining your site. Make it more user-friendly and professional. It’s pretty easy to create a custom maintenance page from Drupal 6 onwards. Check out official documentation for further information on theming Drupal 6 maintenance page.
Caching is the most important part. Before you launch, check your site’s caches are fully configured or not. By doing so, Caching will deliver significant performance boosts, particularly on high-traffic sites. Make sure to check if views module has done any pages or blocks or not, because they have to cache switched-off by default. Make sure to configure them as well.
Content and Publishing
Check Unpublished Content Is Not Visible:
Normally a developer forgets to check the status of a node before displaying any custom code for creating a view. That is why draft work could appear after you launched the site. So make sure to check that by checking the filters on your views. Check that any custom SQL includes a test of the status column.
Check Your Rss Feed:
RSS feed of your content is generated as a by default on your Drupal site, which includes the feeds for your taxonomy terms. You could use Views RSS module in Drupal, this module allows more tight control over what content or stuff should go into your RSS feed. It is critical to take care of that because, in Drupal, the published nodes are promoted to the front page by default. You can deny this access to rss.xml whenever needed.
Check Your Favicons:
If your sites have a favicon, then make sure that it’s displaying correctly. If it’s not, then you have to unselect the option for Drupal’s default favicon in your theme settings to display on your site.
Not only security and reliability of a site are a big concern but monitoring is also a big job to do. You can use core statistic module to do the job. Using Advanced Statistics settings companion module or you can use any service such as Google Analytics to monitor the site usage is a better option to do.
Did we miss anything? Make sure to let us know in the comment section below. Like! Share! Subscribe for more!
Latest posts by Wajid Hussain (see all)
- Top PHP Influencers You Should Follow In 2017 - February 24, 2017
- Most Common Mistakes That Every Drupal Developer Should Avoid - February 21, 2017
- How To Protect Your Magento Stores Against Ransomware Attacks - February 20, 2017