37
Site Audit Drupal Best Practices and Content Analysis https://drupal.org/project/site_audit 2014.10.13 - SFDUG

Drupal Site Audit - SFDUG

Embed Size (px)

DESCRIPTION

 

Citation preview

Page 1: Drupal Site Audit - SFDUG

Site AuditDrupal Best Practices and Content Analysis

https://drupal.org/project/site_audit

2014.10.13 - SFDUG

Page 2: Drupal Site Audit - SFDUG

Jon PeckSenior Engineer at Four Kitchens

@FluxSauce - github.com/fluxsauce - drupal.org/u/fluxsauce

Page 3: Drupal Site Audit - SFDUG

What is an audit?

• official inspection of an individual's or organization's accounts

• validate the good things you’re doing

• highlight areas of improvement

Electrical inspector in Public Safety Building, 1957 Item 54948, Engineering Department Photographic Negatives

(Record Series 2613-07), Seattle Municipal Archives.

Page 4: Drupal Site Audit - SFDUG

Why audit sites?

• Learn about contents and structure

• Ensure optimal configuration

• Discover areas of improvement

Page 5: Drupal Site Audit - SFDUG

Every site is unique, but…

• Built with the same framework

• Similar architectural requirements

• One size fits most

http://www.flickr.com/photos/juliancolton/5360064817

Page 6: Drupal Site Audit - SFDUG

Effective auditing

• Consistent

• Quantifiable

• Contextually aware

• Easy to understand

• Actionable recommendations

Page 7: Drupal Site Audit - SFDUG

Static program analysis

• Performance & behavior gathering

• Does not execute

• Non-intrusive

• Automated

Page 8: Drupal Site Audit - SFDUG

What is Site Audit?

• Drupal 7 site analyzer

• Installed on target platform

• Provides reports in multiple formats

• Powers Launch Check on Pantheon

Page 9: Drupal Site Audit - SFDUG

Requirements

• Bootstrappable Drupal site

• Drush 5.10 or higher

• Shell access to target

Page 10: Drupal Site Audit - SFDUG

Installation

• Not a module

• Place in Drush commands folder

• Within user profile for just yourself

• Within Drush installation folder

Page 11: Drupal Site Audit - SFDUG

What does Site Audit check?• Best Practices

• Block

• Cache

• Codebase

• Content

• Cron

• Database

• Extensions

• Google Insights

• System Status

• Users

• Views

• Watchdog

Page 12: Drupal Site Audit - SFDUG

What doesn’t Site Audit analyze?

• DOM / front-end performance

• Usability and site experience

• Aesthetics

• Content

Page 13: Drupal Site Audit - SFDUG

Usagedrush  help  -­‐-­‐filter=site_audit

Page 14: Drupal Site Audit - SFDUG

drush audit_cache

Page 15: Drupal Site Audit - SFDUG

drush ac --detail

Page 16: Drupal Site Audit - SFDUG

HTML Output drush audit_best_practices --html --detail

Page 17: Drupal Site Audit - SFDUG

JSON output drush audit_cron --json

Page 18: Drupal Site Audit - SFDUG

Vendor support drush ae --vendor=acquia

drush ae --vendor=pantheon

Page 19: Drupal Site Audit - SFDUG

Audit All drush aa --skip=insights --html --bootstrap

Page 20: Drupal Site Audit - SFDUG

ReportsWhat and why.

Page 21: Drupal Site Audit - SFDUG

• Drupal Fast 404 HTML pages

• Multisite - informational

• PHP Filter - should be disabled

• Settings and configuration - exists, not symbolic

• settings.php

• sites/all

• sites/default

• Unnecessary files in sites

Best Practices

Page 22: Drupal Site Audit - SFDUG

Block

• Caching • Cache Report

Page 23: Drupal Site Audit - SFDUG

Cache

• Anonymous page caching

• Backends - list

• Bins - list any specified

• Default class

• Minimum cache lifetime - should be never expire

• Lock - display default locking mechanism

• Page Compression - should be on

• Expiration of cached pages - at least 15 minutes

• Aggregate and compress CSS, JS

Page 24: Drupal Site Audit - SFDUG

Codebase

• Size of entire site on disk

• Size of public files

• Managed file size, count

Page 25: Drupal Site Audit - SFDUG

Content

• Available content types and node counts

• Unused content types - consider removing

• Available vocabularies and term counts

• Unused vocabularies - consider removing

Page 26: Drupal Site Audit - SFDUG

Database

• Collation - check if anything isn’t UTF-8

• Engine - checks if anything isn’t using InnoDB

• Row count - reports tables with more than X rows

• Size in MB - including indexes and data

Page 27: Drupal Site Audit - SFDUG

Extensions (modules and themes)

• Count - 150 as arbitrary warning

• Dev - reports development modules, provider aware of dev env

• Disabled but not uninstalled

• Duplicate - checks for duplicates

• Missing - enabled, but code is missing

• Unrecommended - Short list of bad modules

• Version - specific problems in widely used modules

Page 28: Drupal Site Audit - SFDUG

Status

• Drupal status report

• Highlights errors and problems

Page 29: Drupal Site Audit - SFDUG

Users

• Who is #1, blocked?

• Count of all users

• Count of blocked users

• Role list, counts by role

Page 30: Drupal Site Audit - SFDUG

Views

• Count enabled

• Caching rendered output

• Caching query results

Page 31: Drupal Site Audit - SFDUG

Watchdog

• Number of 404s

• How old the logs are

• Count of entries

• PHP errors

• Syslog

Page 32: Drupal Site Audit - SFDUG

DevelopmentYes, it is extensible.

Page 33: Drupal Site Audit - SFDUG

Structure

• Object-oriented, abstract classes

• Checks - individual checks; treat like unit tests

• Report - collection of checks, run in a specific order. Can abort.

Page 34: Drupal Site Audit - SFDUG

• Extend abstract SiteAuditReport, SiteAuditCheck

• Drush hooks

• Add callbacks

• Add to audit_all

• README.md

Writing custom Checks and Reports

Page 35: Drupal Site Audit - SFDUG

Hacked! integration

Page 36: Drupal Site Audit - SFDUG

Drupal 8 version in development.

Page 37: Drupal Site Audit - SFDUG

Good configuration matters.https://drupal.org/project/site_audit

@FluxSauce - github.com/fluxsauce - drupal.org/u/fluxsauce

Applied site_audit recommendations.