Drupal site audit

Drupal is like Lego. With Drupal, you can build a site in so many different ways. There are, however, good ways and not-so-good ways to build a site. In order to keep a site maintainable, reliable and secure, certain best practices need to be followed while taking the organisational and business context into account.

A site audit is an effective way to ensure your site follows best practices, as well as meets various non-functional requirements such as performance, security and reliability. There are various super-useful tools that automate such checks. Unfortunately, some checks can only be done manually and recommendations can also change depending on the site’s purpose and the context it is in.

Deciding on the scope of an audit is also very important. For example, if you are carrying out a performance audit, will it just cover the Drupal site’s configuration and code? Or does it include servers and infrastructure? If targeted audiences are accessing the site from different continents, should you also take latency into account? Clearly defining the scope of an audit helps you understand where problems lie and allows you to address those issues effectively.

In this presentation, I will explain:

• about different types of audits (general, performance, security)

• how to prepare for an audit

• how to use auditing tools

• what can only be checked manually

• when some best practices don’t apply

This session is for developers who are new to site auditing and will provide tips for devising effective audit strategies.