How to do a drupal audit
You want to know if your drupal website is secure?
Your drupal website is slow and you want to know what the problem is and get it fixed?
You have a drupal website that has been developed and you want to know the code quality so you know what to expect in maintenance costs?
You want to know if there is a more cost effective way to get extra drupal development?
Drupal Audit Procedure
The process of an audit can be summarised in: Objectives and standars, method data collection, data analysis, implementing change and re-evaulate and review.
The checklist below is an example to what an audit looks at. After this checklist it can deliver you a report and a score on how your site ranks. Then you should look how you can improve the current situation. Then you do the implementation. Then you evaluate the impact of the changes.
Indept Overview Of A Drupal Audit
When you start the drupal audit you do a checkout of your drupal project on a local environment. Then you verify the state of your drupal core and patches. Then you focus on the drupal modules and we analyse the code quality. You can then analyse your database and check for potential problems here. Then you start the profilling of the application. Use tools to go in depth and figure out what is slowing your site down.
Verify consistency core and code quality
override with downloaded version
Analyses core patches, verify code quality of patches
Analysis enabled modules. All justified?
Core drupal modules
Contrib drupal modules
Up to date?
Custom - verify code quality of custom module
Analysis drupal cache settings
Disable all drupal caching to get full page building for analysis.
Ask which pages are causing troubles.
Analysis table size
Analysis big tables
Analysis queries on trouble pages.
Are all queries needed?
Lots of flat data? Lots of joins?
Install tools to start profiling
Start profiling the bootstrap. Duration < ?
Start profiling the troubled requests.
Analysis called code
Check if everything is justified
After menu routing
How rendering? Loads?
Drupal On Test Environment.
In the previous topic we showed how a typical code quality/performance audit would look like. You can go further because drupal is rarely an application on its own. You can analyse the drupal website on a test environment where we can test calls to webservices and other integrations if needed. We can profile those calls and propose solutions.
Have full access to web service calls.
Profile the full request with web service calls
Push – pull?
Check other services?
Analysis Of The Infrastructure
To go even further and get a very detailed analysis of how the complete stack is performing you can install tools to keep improving continously.
Correct configuration of:
Caching mechanisms (varnish, memcached, apc)
To verify your infrastructure we need root access to your webserver(s). We check the configuration of your components and propose solutions to improve this part of the stack.
For complex stacks we collaborate with experienced infrastructure consultants.
Drupal Architecture Analysis
The analysis of the drupal architecture of your site goes more in dept. This checks if the choices that were made to build the website are logical.
Is the data model for the application correctly represented?
Check consistency of the content types, terms, users and other entities.
Are the functional requirements of the application met?
Depending on the nature of the application.
Install tools that can monitor your site in the long term. Alerting you when thing go the wrong way. A good tool is http://newrelic.com
What the state of your application is.
How to improve drupal performance.
How to improve drupal security.
How to improve drupal code quality.
Improve performance to improve overal user satisfaction, this results in more visits, more interaction, more leads, more conversion, more sales.
Improve security to steer clear from trouble and avoid painful loss of face.
Improve code quality to reduce maintenance costs and make future integration faster and more cost effectif.