Drupal Website Audit: Complete GuideShalini RawatSat, 01/09/2021 - 19:15
“A thorough website audit can clue you into the necessary changes and will help you drive significant results.”

Websites are complex beasts and the issues that arise are of inevitable nature. Being oblivious to these issues is quite common when you don’t conduct the site audit properly and regularly. What happens next is quite obvious - you fail to identify a wide range of website issues which interrupts the potential users to access your website, thereby acting as a major barrier to the growth of your business website. 

So, the question that arises here is - what is the best possible way to optimize your website in order to hit the predetermined goals?

Unless you have been living under a rock, you already know that website audit is the resonating answer for the same. Don’t you? 

Well, a website audit is the most common yet the most efficient approach that every organization undergoes who wish to achieve goals associated with the traffic and performance boost. As a matter of fact, a good website audit takes into account all the factors including performance issues, security vulnerabilities, general site maintenance, and site changes and upgrades that can undoubtedly influence your website’s success. 

Have you ever audited your website? No? Then, now is the right time!

A comprehensive Drupal website audit is a necessity today and is highly recommended to make sure that your website is up to date and performing well. Whether you are a small business trying to optimize your site for organic search, or an agency doing the same for a client, it can be a bit difficult to know where to begin from and how in-depth your analysis should go. No need to worry, we have got you covered.

In this blog we have put together several parameters that are of great importance when it comes to carrying out an in-depth analysis of your website. Subsequently, we will be providing you the tools that will help you glean the most useful information throughout the audit process. 

Illustration explaining Drupal website audit checklists with 'Drupal website audit' written at top and several boxes containing textual information below it


Before we run into the on-page audit components, let's start with few basic but important domain level checks that every organization, irrespective of their size and nature should be updated with.

Site Map

A site map is basically a blueprint of your website that helps search engines (Google, Yahoo, and Bing) to find, crawl and index all of your website’s content. Site maps can be good for SEO as they allow search engines to quickly find pages and files that are important to your site. 

SSL Certificate

SSL certificate is the backbone of the website that enables encrypted communication between a web browser and a web server. Websites need to have a validated SSL certificate in order to keep user data secure, verify ownership of the website, prevent attackers from creating a fake version of the site, and gain user trust. 

WWW resolution

WWW resolution assesses whether your website redirects to the same page with or without WWW (World Wide Web). It is better and more convenient for users when it does. 

Robots.txt 

Robots.txt is a file that lives at the root of your website to instruct your crawling preferences to various search engines. Not to mention, a Robots.txt file allows you to lock away areas of your website that you may not want crawlers to find.

On-page Site Audit Components

Apart from the aforementioned basic domain checks, there are several other components that are capable enough to influence the outcome of the website audit. Further, these influences can either have a positive effect on the quality of the website or can provide great repercussions on the reputation of the website on the face of the direct clients as well as end-users.

1. Drupal’s Best Practices

Creating and maintaining a Content Management System (CMS) like Drupal takes both time and effort. Further, you are required to follow some basic web development practices that can help you protect that investment and simultaneously provide a great user-experience. 

With that being said, the following pointers outline some best practices that are required to program with Drupal.

Drupal Architecture

  • The content structure must include all the fields and content types. 
  • Choose limited content types and files in your development plan to avoid confusion among content creators.
  • Use new entity type and single entity type for different and similar data types respectively.

Check the code

  • Use an indent comprising 2 spaces, with no tabs and the lines.
  • All binary operators should have space before and after the operator to serve the readability purpose.
  • To distinguish control statements from function cells, they should have one space between the control keyword and opening parenthesis
  • All lines of code should comprise a minimum of 80 characters.
  • Use short array syntax to format the arrays with a space separating each element (after the comma). 
  • Use require_once() and include_once() respectively when unconditionally and conditionally including a class file. 

Infrastructure

  • Stack size should be not too large, nor too small. 
  • Dive into logs to detect errors and prepare for growth and spikes. 
  • For security issues, it’s crucial to configure to protect from internal attacks as well as external attacks.

Optimise the front-end

  • Define component elements using their own classes. 
  • Exercise and test your site rigorously to resolve PHP errors, if any. 
  • Use a stable administrative theme during development. 
  • Use DRY CSS and group reusable CSS properties together and name these groups logically. 
  • Name components using design semantics. 
  • In order to keep your designs more organized, use SASS.

Test, error, repeat

  • Get your site reviewed by peers to get an additional idea on what to do next. 
  • Set up a testing environment to get your website tested easily and quickly. 

SEO Practices

  • Use Robots.txt, so the right pages and information is indexed. 
  • Bring navigational drop-down menus into action that silently contributes to search engine optimization.
  • Enable the URL aliasing with Pathauto to ensure the search engine understands what the webpage implies. 

Security Practices

  • Always keep your core updated. 
  • Arm yourself with some additional security modules.   
  • Make sure you only use modules approved by the security team. 
  • Don’t forget to keep your backup ready to face any uncertain events.

Maintenance Practices 

  • Keep your code under version control.
  • Maintain and update separate environments for the different stages of the site.
  • Limit access to the production site for all but the most trusted users.
  • Access all logs ever and again, including Apache, Drupal, and MySQL.
  • Review and assess your architecture frequently and make plans for the future.

To go through a detailed explanation of Drupal's best practices, read here.

2. Mobile Usability

Mobile usability testing helps you identify the potential issues/problems that are hindering a mobile friendly user-experience on your website. The need to conduct a mobile usability audit is extremely important because with the advancement in smartphone browsers, more people are visiting sites using their mobile phones. 

Below are some common yet important elements that can help you to produce great mobile-friendly sites. 

Responsive Design

It allows page elements to reshuffle as the viewport grows or shrinks. Responsive design plays a pivotal role as it allows you to create dynamic changes to the appearance of your website when there is a change in screen size and orientation of the device it is being viewed on. 

AMP URL

Originally developed by Google, Accelerated Mobile Pages (AMP) is an initiative to speed up the loading time of web pages on mobile devices. The biggest advantage that AMP URL offers is faster and simpler web pages that can be displayed equally well on all device types, including mobile and desktop.

Mobile Pages Audit Tools

There are a number of tools that can help you perfectly optimize your site for mobile. Here are a few tools that that you should have in your bookmarks-

  • Screenfly
  • Google Resizer
  • Browserstack
  • Ghostlab
  • Crossbrowser Testing

Check out this guide on mobile-first design approach to know more.

3. Speed

Performing a website speed audit is important as it helps you evaluate the speed and responsiveness of the website and further identify the areas that need quick improvement. 

Page load speed

It refers to the time taken by the website to fully display the content on a specific page which directly impacts user engagement and a business’s bottom line. Page load speed is important to users for the obvious reason - faster pages result in more efficient and better on-page user experience. An ideal page load speed should vary between 2-5 seconds. 

Page Speed Audit Tools:

Market is flooded with a variety of tools that can be used to test page load and improve the website speed. Following is a handpicked list of some common tools- 

  • Pingdom
  • Google pagespeed insights
  • Google analytics site speed
  • GTmetrix
  • Dareboost
  • YSlow

4. Performance

Website Performance Testing refers to a software testing process used to determine how a particular website behaves and responds during various situations. Conducting a website performance audit is incredibly important for websites because it helps you to identify and eliminate the performance bottlenecks in the software application.

Take a look at the following list of performance elements that contribute to the response time of the website and overall end-user experience.   

HTML/CSS/JS 

  • JS and CSS count: Delivering a massive amount of CSS and JS to the browser can result in more work for the browser when parsing the CSS/JS against the HTML and that makes the rendering slower. Try to send only the CSS/JS that is used on that page and remove CSS rules when they aren't used anymore.
  • CSS Size: Delivering a massive amount of CSS to the browser can result in more work for the browser when parsing the CSS against the HTML and that makes the rendering slower. Try to send only the CSS that is used on that page and remove CSS rules when they aren't used anymore.
  • Image Size: Avoid having too many large images on the page. The images will not affect the first paint of the page, but it will eat bandwidth for the user.
  • Page Size: Avoid having pages that have a transfer size over the wire of more than 2 MB on desktop and 1 MB on mobile.
  • Image scaling: Scaling images in the browser take extra CPU time and will hurt performance on mobile. So, make sure you create multiple versions of the same image server-side and serve the appropriate one.
  • Documents Redirects: You should never ever redirect the main document because it will make the page load slower for the user. Instead, redirect the user if the user tries to use HTTP and there's an HTTPS version of the page. 
  • Charset Declaration: The Unicode Standard (UTF-8) covers (almost) all the characters, punctuations, and symbols in the world. It is highly recommended to use that.

Header performance

  • Cached Header: Setting a cache header on your server response will tell the browser that it doesn't need to download the asset again during the configured cache time! 
  • Cached Header Length: Setting a long cache header (at least 30 days) is better as it promises to stay long in the browser cache. 

Servers

  • Fast render speed: Avoid loading JavaScript synchronously inside of the head, request files from the same domain as the main document (to avoid DNS lookups) and inline CSS or use server push for really fast rendering and a short rendering path.
  • CPU rendering time: You need to be able to render the page fast which is highly reliable on which computer/device you run on. It is important to note that the limit here is high i.e., spending more time than 500 ms will alert this advice.
  • No. of requests per domain: Avoid having too many requests per domain. The reason being, browsers have a limit on how many concurrent requests they can do per domain when using HTTP/1. 
  • CPU scripting time: Do not run too much JavaScript as it will slow down the page for your user. Again, this metric depends on which computer/device you run on but the limit here is high i.e., spending more time than 1000 ms will alert this advice.

Performance Audit Tools

Here are some common tools that you can use to run website performance tests in order to achieve optimal performance. 

  • GT Metrix
  • Webpage Test

Read this comprehensive guide on Drupal performance optimisation techniques to know more.

5. Accessibility 

An accessibility audit is a comprehensive evaluation of how well your digital properties meet the needs of people with any limited ability. It is important to conduct the accessibility audit as it provides a detailed look at how and where you can enhance your digital products/services to improve digital accessibility.

Here are some of the first steps you can take to check the type of experience your website delivers for people with digital access needs:

Check your page title

  • Make sure that every page has an input title. 
  • This is usually done through the 'view source' option available in most modern browsers.

Turn images on and off

  • This can be done using an advanced option. For say, google chrome provides access to turn images on and off, which makes it easy to look for ‘disappearing’ text. 
  • Subsequently, check your image alt text for issues such as the missing or incorrect description of the image contents.

Turn sound on and off

Using the computer's sound options, turn off sound to make sure that your website is conveying the same meaningful information, with or without sound.

Manage plug-ins

  • Using special plugins, you can easily apply different views on the top of the page. 
  • For example- you can test grayscale to ensure that people who are color blind have access to each and every information available on a particular page.

Keyboard accessibility 

  • Try to operate and navigate your website without a mouse or trackpad. 
  • Check if all the functions are operable using keyboard navigation alone. 

Check Zoom in 

  • People with visual impairments often enlarge the elements to see what is present on the screen. 
  • Therefore, zoom to 200 or even 300% to check if anything pixelates or not. 

Check-up page structure and hierarchy

  • Your heading text should be H1, followed by various subheadings i.e., H2, H3, and so on. 
  • For example - follow the order 1-3, so H2 cannot come before H1 and H3 cannot come before H2.

Check multimedia elements

As per the information issued by web content accessibility guidelines (WCAG), websites must specify important information contained within multimedia elements (video/audio/photo) in a text-based alternative.

Accessibility Auditing Tools

There are some free online tools that you can use to uncover the accessibilities issues that are present in your site. 

  • Wave Evolution tool
  • Google Lighthouse
  • Sortsite
  • Pay11y
  • Stark contrast checker  

Take a look at this web accessibility planning guide and how Drupal is ensuring web accessibility standards to know more.

6. Security 

Conducting security audits are befitting to examine and identify the existing/potential threats that can jeopardize the website. Further it also involves improving the security of the website to make online business safer.

Following is a quick and easy list of elements you can evaluate to detect the security risks lurking in your website.

Ascertain the assets to focus on 

  • List out the high priority assets required to monitor and scan, including sensitive customer and company data, internal documentation and IT infrastructure.
  • Do not forget to set out a security perimeter 

Checklist your potential threats

  • Name your threats to ensure what to look for and how to adapt your future security measures. 
  • Some common security threats you might put on your list include weak passwords comprising sensitive company data, use of malware, phishing threats, unwillingness to accept service attacks and maleficent insiders.

Determine the current security performance

Evaluate the current security performance of the website to keep hackers at bay, trying to invade the company’s systems. 

Establish configuration scans

  • Setting up a higher-end scanner will help you detect security vulnerabilities.
  • Run some configuration scans to detect configuration mistakes made.

Look out for reports

Do not forget to give a detailed look at the reports generated by your auditing tools.

Monitor DNS for unforeseen events

Always keep track of the credentials used for your domain. 

Scrutinize your website

This a must task when you wish to spot some hard-to-access files and directories on your website.

Carry out internal vulnerability scan

  • Install an agent on each computer in your organization to monitor the vulnerability level.
  • Performing an internal vulnerability scan in a month or 3 months would be a great option.

Perform phishing tests

  • Perform cybersecurity training by sending out fake phishing emails to team members.
  • Running such tests would give a close-to-real-life experience of what a phishing attack is. 

Security Auditing Tools

Now that you have a plan, you might need some tools to put your plan into action. For your convenience, we have listed down a few tools that you can use-

  • OWASP Testing Guide
  • Burp suite
  • Nessus
  • Qualys web apps scan
  • Rapid7 

Get a thorough understanding of Drupal security by going through why Drupal is the most secure CMS, its provision for open source security, importance of security modules for Drupal website and Drupal website's data security strategies.

7. Search Engine Optimization (SEO) 

An SEO audit is an important facet of the website which identifies and analyzes the foundational issues affecting the organic search performance of the website. Conducting an SEO audit is extremely essential for any website as it allows you to analyze  the current SEO efforts (irrespective of fact how prolific or sparse they are) and further take immediate action on those insights.

Below are some of the most important areas that an SEO audit covers to maximize optimization-

Find and fix indexation issues

  • Make sure your site is well-indexed in Google.
  • Look for the number of pages that Google has indexed for your domain.

Conduct on-page SEO check

  • Keywords: While auditing your on-page SEO, start with the keywords. Make sure both long & short-tail keywords are incorporated seamlessly throughout the content. Moreover, adding LSI keywords help improve organic visibility eventually.
  • Optimization of headers: Use keywords in the headers. It is to be remembered that search engines including Google use H1 tags to understand the primary topic of a page.  
  • Call to actions: Curate content with the right CTAs for the maximum conversions. Good CTAs make a site look more structured and professional, attracting visitors’ attention. 
  • Optimized URL: It’s also crucial to have keyword-rich URLs for the website to improve the organic click-through-rate (CTR). The shorter the URL, the better is the ranking.
  • Meta description: Meta description plays an imperative role in SERP as Google uses description tags to generate a search results snippet. Hence, every page on your site needs to have a 160 characters meta description with a primary keyword. 
  • Internal links: Using internal links to publish new content is a must. Internal links are instrumental in establishing site architecture and spreading link equity (ranking power) at large. It is recommended to use descriptive keywords in anchor texts to give readers a sense of the topics. 
  • Schema markup: Furthermore, use Schema markup, an advanced level on-page SEO technique to help the search engine bots crawl relevant information for users. The Schema markup uses a unique semantic vocabulary (code) in microdata.
  • Image optimization: Lastly, the optimization of images with keywords in the image alt text also carries weight. This practice increases the potential to rank in image search apart from boosting the SEO efforts of webpages. 

Detect and delete broken links 

  • Check for the broken links list and find which link has the most inbound links.
  • Work through this list and either delete or replace the errors found. 

Duplicate and thin content pages

  • Check for duplicate pages as they have an adverse affect on SEO. 
  • The pages should have a decent word count else it would be considered thin content poage and might not attain a better ranking over SERP or even not get indexed.

SEO Auditing Tools

Following are the tools that you can use to track and detect errors that are hindering your site from achieving the top spot on Google. 

  • Google Analytics
  • Google Search Console
  • SEMrush
  • WooRank
  • Moz
  • Ahrefs
  • SpyFu

Access this ultimate guide to Drupal SEO to know more.

8. Consent Management

Consent management is a process that allows websites to meet legal regulations such as GDPR and CCPA by obtaining user consent for collecting their data or information. With a good consent management platform (CMP) in place, websites are able to create better customer experience and further deepen relationships with their consumers.

9. Hosting Infrastructure 

Having a quality web hosting infrastructure is essential for any website as it helps you determine the loading speed, downtime, bandwidth, and SEO factors of the website.

If you use a free or cheap web host, it will create a lot of hosting problems like frequent downtime issues for you in the future. 

Here is a list of some important things that you should consider before you choose a web hosting plan.

Fast servers 

  • Profits are directly proportional to the speed that webpages load, therefore make sure your web host offers at least a T3 internet connection.
  • Internet users lack patience and need quick results. Make sure your web host does not exceed the 30 seconds time frame. 

Unrestricted CGI Access 

CGI programs are put-to-use by many professional sites at some point or the other, therefore look for a web host that can provide you with CGI-bin access.

SSH and FTP Access

  • You can easily encrypt the data moving between your computer and your website server with the help of SSH. Doing so helps you reduce the burden on your programming development time.
  • A good web host must qualify the need to utilize an FTP with an intent to transfer files back and forth from your local computers and your web server.

Access to Raw Server Logs

This feature allows you to gain access data relating to your website’s traffic, including traffic you get per week, time period of visitors on your site, etc. 

Server Backups

  • Server backups ensure that you don’t lose out on anything at the time of uninvited events. 
  • Not all web hosting services provide automatic database or server backups, in such situations you are required to pay an additional amount to create full backups for your whole sites.

Services, Scripts, and Software

  • A good web host should offer a vast library of scripts wherein you can add forms, statistics, and other extras to your website.
  • Besides this, the scripts should also provide some e-commerce features including shopping cart software, real-time processing availability and much more. 

Tech Support

A web host of good quality should provide technical support to the website. 

Conclusion

To conclude, conducting website audits may seem like a strenuous task, but it is an important responsibility that helps you identify issues that can hinder the growth process of your website. Not to mention, the entire process may sound a bit nerve-wracking however the end results derived are worth the hard work. If you want to maximize the business benefits of your website, then a website audit is all you need to put-into effect. 
 
Furthermore, a website audit is not a one-off process that you conduct once in a blue moon. In other words, conducting a website audit is a mindset that helps you gain deeper insights into your website which further helps you stay on top of your website maintenance before it gets too late. Being successful in the digital market space requires some degree of agility and adaptability, and guess what this goes for websites too. 

Would like to put yourself way ahead of your less-informed competitors? Feel free to contact us at hello@opensenselabs.com and our industry experts will help you conduct a comprehensive site audit the right way.

blog banner
black background and multi coloured graphical representations
blog image
two open laptops and a person's hand holding a pen scribbling on paper
Blog Type
Is it a good read ?
On