A Prelaunch Checklist for your Drupal WebsiteShefali Shetty23 Jan, 2020

Yes. “Prelaunch anxiety” is a thing. 
You have worked tirelessly on your Drupal 8 website for weeks/months together and now the most important day has arrived – the launch day! But wait! Have you done everything right to ensure your Drupal website does not run into any unforeseen issues? It is always best to compile a checklist of things to do a few days before the launch to make sure you have everything in place and that your website is not under any kind of risk. Don’t have a Drupal checklist yet? Put your mind at ease with our compiled prelaunch Drupal checklist for developers.

Are the File Permissions set right?

This is one of the top items in our pre-launch Drupal checklist. To secure your Drupal website, the first step you must take is to set the file permissions right. Make sure your web server is not given permission to edit or write the files that it executes. Automated tools to set and verify permissions like File Permissions and Security Review Module, can also be used. The PHP Filter Module under /admin/modules needs to be disabled, if your site is using Drupal 7. The settings.php file should be secure so that the database connection information is protected. 

Drupal Security Updates?

Drupal has been a choice of Content management system for various organizations but particularly so for organizations that deal with critical data. The reason why Drupal is known to become a secure CMS is because of the Drupal security team’s constant effort to keep it safe. With every major/minor release, security updates are shipped out. Many of them address immediate security risks. You will get warning messages when your Drupal security has lapsed.  Make sure your Drupal 8 release is up to date with all the security releases and patches. Keep your modules and core updated. You could also check for security updates manually by clicking on Reports and then checking for Available Updates.

Secure your admin’s account name

The Admin account is the root account that is used for any Drupal website development. Securing the root account is very important and should not be ignored. The installation is extremely vulnerable to hacker attacks as it isn’t hard to guess the username for the hacker. So the root account name should be changed to a more complex one (before launch at least) and a strong password must be used. You can use the Real AES module to tighten up your security. Also, when granting user permissions, ensure minimal permissions are given to anonymous users and all permissions granted to them should also be given to authenticated users.

Don’t let your users see those Error reports!

Because it can get very annoying. Error reporting should be turned off such that it must write the errors onto a log but does not display it to the users. To disable error reporting, go to Configuration > Development > Logging and Errors, set the option to None, which will disable all the error reporting. It should be ensured that 404 errors are handled well. Using Drupal modules like Search 404 helps in displaying more helpful content like search results based on the URL the user has been searching for.

search 404 module

Search 404 Result:

search 404 modules

Content and Search Engine Optimizing for your Drupal 8 website

You must ensure that all your site’s contents are displayed correctly. Don’t forget to run your site through the Lorem Ipsum scanner before launching. You might have missed to change all the dummy text when you have a lot of pages to go through. There are some great SEO modules that will boost traffic to your site after you launch.  Using the PathAuto Module is extremely important for Drupal web development as it will generate friendly URL’s instead of a URL that will look like this www.specbee[dot]com/node/3843. It is also recommended to use the Redirect Module along with PathAuto as it allows users to redirect from old URLs to new URLs. Because if you have two URL’s (with alias name) that represent the same content, it can be very harmful for your SEO ranking.

Redirect Module Settings

Redirection module

Redirection Module:

add url redirection

Check Your Drupal Modules

Unused Drupal modules end up taking up space and makes your website slow. Ensure only those modules that are being used are enabled. Removing unused modules will help with your website’s start-up time. You could also use a Drupal module for this – Unused Modules. Also, it is recommended to disable the Devel module and similar modules during launch. Make sure your modules are up to date with its latest releases. Using a Drupal 8 module like the Site Audit can be extremely beneficial as it analyses your website for performance and behavior. It gives you a report that tells you if you have followed best practices (else gives recommendations), website’s caching settings, codebase (size and file count), unused content types if any, and much more.

Server Configuration

Check the file upload sizes. This is to allow users to upload large media files from your Drupal website. To do this, you may need to adjust the server configuration. It is also important to check the execution time. You can do so by setting the max_execution_time in the server configuration. Also don’t forget to check that all the forms and modules are being sent to the correct email addresses.

Is your Drupal site optimized for performance?

There are many things a Drupal developer can do to optimize the performance of your Drupal website, like

  • Caching –configuring caching will boost the performance of your website. Caching for some modules are turned off by default – so make sure they are turned on. Drupal 8 core comes packed with modules like the Internal Page Cache module and the Internal Dynamic Page Cache module
  • CSS and Javascript – a typical Drupal website will have a lot of Javascript and CSS files which will increase the number of HTTP calls for each page. However, one can compress all these relevant files by enabling the Advanced CSS/JS Aggregation feature in the performance section.

CRON jobs?

These time-triggered actions can help in checking for updates, re-indexing the search mechanism, retrieving feeds, notifying other sites of updates and perform routine maintenance tasks. It is also recommended to configure CRON for security and performance reasons.

Shefali ShettyApr 05, 2017