Supporting a Drupal Over the Longterm

Anne Stefanyk (@eskimoYogi) & Meghan Sweet (@meghsweet)4 November, 2012

BADCamp 2012

Site Launches!

Now What?

Empower Your Users

Drupal Web Team

• Learning Drupal Takes Time

• Early & Often Team Engagement

• Train the Trainer

• Backup Expert Level Support

• Effective Documentation

Content Manager Training• Onsite Training Sessions

• Web Team Trainers

• FAQ / Forums

• Help Videos

• Training Materials

DocumentationDetailed logs in source codeExtensive commenting Onscreen helpTraining Videos FAQ Capture

RecruitingSuccession Plans

Internships

Drupal Give

Stop Gap Solutions

Support Best Practices

Ideal Solid Foundation• UX Strategy

• Documentation

• Early Client Engagement

• QA by Web Stakeholders

• Scalable Architecture

Communication Ticketing Tool

Expectation Management

Expect Ongoing Education

QA Best Practices • Development, Testing & Production

• Stakeholder Sign-off by Review

• Regular Release Cycle

• Batch work

Prevention is better than cure

Audits and Monitoring

AuditingPeriodic Auditing is important!

Make a check-list.

Auditing Code Base

- Hacked! module

- Custom Modules- what do they do?

- Contributed Modules- updates, errors?

- Drupal Core- update and/or upgrade?

- Comments in code

- Drupal Coding standards

- Red flags

Auditing Development Environment

- Version Control

- Development Server Setup: Dev > Test > Prod

-What is the development workflow?

Auditing Configuration

- Panels/Context/Display Suite, used properly?

- Live Updating? Feeds?

- Site Logs

- Permissions and Roles- PHP filter

- Spam Prevention

- Performance Optimization

-SEO Checklist Module

Auditing Theme

- Are themes up to date?

- Base Theme used? Or Hacked?

- Custom PHP logic in tpl files?

- Javascript Libraries

- CSS structure

- Responsive- What techniques?

- Red flags- are tpl files out of control?

Auditing Performance

- Front End-PerformanceCaching, CSS/JS aggregation, Images

- Backend PerformanceSlow custom code, out-of-date modules, caching

- Server performance

- Traffic Levels- anonymous or logged in.

Monitoring- Most of the time in recovery is figuring out what’s broken

- Train your clients how to monitor and write good tickets

Monitoring- Use Syslog to write Drupal logs to text file

- Cron and caching configured and on?

- Total Admin Control or create admin views

- Are your admins educated?

- Every time you have an issue- start to monitor.

-Google Analytics

Security Review- Most security holes are created in the configuration and theme.

- Security Review module will help!

Security Review- File system permissions- Input format- Content (nodes, comments and fields in Drupal 7)- Error reporting- Private file- Allowed upload extension- Database error - Failed logins- Drupal admin permissions- Username as password- Password included in user emails- PHP access

Training is key.

Users need Drupal awareness!

Detecting Problems- Spam-Mollom, Captcha, Admin Views

- Use Version Control to check diffs- revert to good version

- Hacked! Module - switch to unhacked contrib module

- Security Review Module will look for spam in content.

- Use a good hosting company

What to do with those error messages?

Security & Module Updates

UpdatesKeep on top of Updates- within 30 days for security updates.

Read the update notes for non-security updates.

Finding a bug in a contrib module.

Do Not Hack Core! No exceptions.

Planning for Custom Modules

Staying in tune with Advances in

Version Upgrades

TimingCommunity Catch-up New ModulesConsider a Rebuild?TestingWhat’s the plan?

Community Connection

Groups.Drupal.orgInternal Knowledge SharingLocal User Group Meet-upsDrupal Camps, Cons & Summits

Taking Over Another’s Work

discoveryread the documentationtalk to all stakeholdersget clear line of sight to prioritiesreview the laundry list

Key PointsContinual Love & Attention

Keep Documentation Fresh

Use good communication and feedback/QA tools

Foster Drupal Talent

Community Contribution

Thank You!@chapter_three