Maintaining a Drupal Over the Longterm

Meghan Sweet (@meghsweet)

29 June, 2012

LA Drupal Camp 2012

Site Launches!

Now What?

Empower Your Users

Drupal Web Team Training

• Learning Drupal Takes Time

• Train the Trainer

• Backup Expert Level Support

• Effective Documentation

Content Manager Training

• Onsite Training Sessions

• Help Videos

• FAQ / Forums

• Training Materials

DocumentationExtensive commenting Onscreen helpTraining Videos FAQ Capture

Support Best Practices

Communication Ticketing Tool

Expectation Management

Expect Ongoing Education

QA Best Practices

• Development, Testing & Production

• Stakeholder Sign-off by Review

• Regular Release Cycle

• Batch work

Prevention is better than cure

Audits and Monitoring

AuditingPeriodic Auditing is important!

Make a check-list.

Auditing Code Base

- Version Control

- Development Server Setup: Dev > Test > Prod

- Hacks- Hacked! module

- Custom Modules- what do they do?

- Contributed Modules- updates, errors?

- Drupal Core- update and/or upgrade?

Auditing Configuration

- Panels/Context/Display Suite, used properly?

- Live Updating? Feeds?

- Site Logs

- Permissions and Roles- PHP filter

- Spam Prevention

- Performance Optimization

- SEO: SEO Checklist Module

Auditing Theme

- Are themes up to date?

- Base Theme used? Or Hacked?

- Custom PHP logic in tpl files?

- Libraries and CSS structure

- Responsive- What techniques?

- Red flags- are tpl files out of control?

Monitoring- Most of the time in recovery is figuring out what’s broken

- Monitor Trends

Monitoring- Use Syslog to write Drupal logs to text file

- Monitor Servers, SEO

- Cron

-Total Admin Control or create admin views

- Drupalmonitor.com

- Are your admins educated?

- Every time you have an issue- start to monitor.

-Google Analytics

Security Review- Most security holes are created in the configuration and theme.

- Security Review module will help!

Security Review- File system permissions- Input format- Content (nodes, comments and fields in Drupal 7)- Error reporting- Private file- Allowed upload extension- Database error - Failed logins- Drupal admin permissions- Username as password- Password included in user emails- PHP access

Training is key.

Users need Drupal awareness!

Detecting Problems- Spam- number of nodes, emails being sent, comments, users. (Good to know trends) Mollom, Captcha, Admin Views

- Use Version Control to check diffs- revert to good version

- Hacked! Module - switch to unhacked contrib module

- Security Review Module will look for spam in content.

- Use a good hosting company

What to do with those error messages?

Security & Module Updates

UpdatesKeep on top of Updates- within 30 days for security updates.

Read the update notes for non-security updates.

Finding a bug in a contrib module.

Do Not Hack Core! No exceptions.

Planning for Custom Modules

Staying in tune with Advances in Community Modules

Version Upgrades

TimingCommunity Catch-up New ModulesConsider a Rebuild?TestingWhat’s the plan?

Community Connection

Groups.Drupal.orgInternal Knowledge SharingLocal User Group Meet-upsDrupal Camps, Cons & Summits

Taking Over Another’s Work

discoveryread the documentationtalk to all stakeholdersget clear line of sight to prioritiesreview the laundry list

Key PointsContinual Love & Attention

Keep Documentation Fresh

Use good communication and feedback/QA tools

Foster Drupal Talent

Community Contribution

Thank You!@meghsweet

@chapter_three