How to do a drupal audit

Posted by: 
Dominique De Cooman

You want to know if your drupal website is secure?

Your drupal website is slow and you want to know what the problem is and get it fixed?

You have a drupal website that has been developed and you want to know the code quality so you know what to expect in maintenance costs?

You want to know if there is a more cost effective way to get extra drupal development?

Drupal Audit Procedure

The process of an audit can be summarised in: Objectives and standars, method data collection, data analysis, implementing change and re-evaulate and review.

The checklist below is an example to what an audit looks at. After this checklist it can deliver you a report and a score on how your site ranks. Then you should look how you can improve the current situation. Then you do the implementation. Then you evaluate the impact of the changes.

Indept Overview Of A Drupal Audit

When you start the drupal audit you do a checkout of your drupal project on a local environment. Then you verify the state of your drupal core and patches. Then you focus on the drupal modules and we analyse the code quality. You can then analyse your database and check for potential problems here. Then you start the profilling of the application. Use tools to go in depth and figure out what is slowing your site down.

  • Installation

    • Checkout code

    • Install database

    • Run drupal

  • Verify consistency core and code quality

    • check version

    • override with downloaded version

    • Analyses core patches, verify code quality of patches

  • Enable devel

  • Analysis enabled modules. All justified?

    • Core drupal modules

    • Contrib drupal modules

      • Ui

      • Essential

      • Up to date?

      • Patches?

    • Custom - verify code quality of custom module

  • Analysis drupal cache settings

    • Disable all drupal caching to get full page building for analysis.

  • Ask which pages are causing troubles.

  • Analysis database

    • Analysis table size

    • Analysis big tables

      • Flat?

      • Joins?

  • Analysis queries on trouble pages.

    • Are all queries needed?

    • Indexes?

    • Lots of flat data? Lots of joins?

  • Install tools to start profiling

    • Start profiling the bootstrap. Duration < ?

    • Start profiling the troubled requests.

    • Analysis called code

      • Check if everything is justified

  • Analysis Architecture

    • Custom modules

      • Justified functionality

    • Init loading

    • After menu routing

    • Theming layer

      • How rendering? Loads?

Drupal On Test Environment.

In the previous topic we showed how a typical code quality/performance audit would look like. You can go further because drupal is rarely an application on its own. You can analyse the drupal website on a test environment where we can test calls to webservices and other integrations if needed. We can profile those calls and propose solutions.

  • Have full access to web service calls.

  • Profile the full request with web service calls

    • All justified?

    • Cache able?

    • Push – pull?

  • Check other services?

    • Solr?

    • Memcached

    • Varnish

Analysis Of The Infrastructure

To go even further and get a very detailed analysis of how the complete stack is performing you can install tools to keep improving continously.

  • Correct configuration of:

    • Web server

    • Database server

    • Caching mechanisms (varnish, memcached, apc)

    • File system

    • Other
  • Code deployment

To verify your infrastructure we need root access to your webserver(s). We check the configuration of your components and propose solutions to improve this part of the stack.

For complex stacks we collaborate with experienced infrastructure consultants.

Drupal Architecture Analysis

The analysis of the drupal architecture of your site goes more in dept. This checks if the choices that were made to build the website are logical.

  • Is the data model for the application correctly represented?

    • Check consistency of the content types, terms, users and other entities.

  • Are the functional requirements of the application met?

    • Depending on the nature of the application.

Future Monitoring

Install tools that can monitor your site in the long term. Alerting you when thing go the wrong way. A good tool is


What the state of your application is.

How to improve drupal performance.

How to improve drupal security.

How to improve drupal code quality.


Improve performance to improve overal user satisfaction, this results in more visits, more interaction, more leads, more conversion, more sales.

Improve security to steer clear from trouble and avoid painful loss of face.

Improve code quality to reduce maintenance costs and make future integration faster and more cost effectif.

Add new comment