Skip to main content

How to Avoid Mistakes Associated with Drupal Website Management

Roman C, PM

Drupal provides some truly outstanding website development and management opportunities out there. It is a powerful platform filled with convenient tools and features for maintaining every underlying aspect of a stably operating website. However, this can be achieved only through a savvy approach to capacities Drupal has to offer. For one thing, a Drupal specialist and even a regular website owner must know which underlying mistakes they must avoid for efficient management.

And there are a bunch of issues related to website performance optimization, SEO, content management, level of security, and more. Let’s take a look at what exactly these issues pose and how to handle them.

drupal-website-managament

Web content practices and mistakes

Content management is essential to the overall quality of your website so you need to keep it well-structured and maintained. For this:

  • Try to not overuse content types - it is best to standardize content types so as not to confuse content specialists; the best way around would be reusing and standardizing content types to make everybody’s lives easier.
  • Don’t create new fields for each content type - fields are better off standardized as well so as not to waste resources; to manage the reuse and standardization, go by the link to see the report on fields.
  • Manage your content residues - make sure no unused chunks of content are left in the system and clean everything up if there are.
  • Avoid creating node-free content types - unnecessary content types only make things extra complex; for this, make sure to filter out the content list and prioritize content types to remove any obsolete ones.

Website view practices and mistakes

You know that your website is accessible and convenient to view when it is easy to customize its visual UI and essential UX elements. This is called display architecture. And Drupal may readily help you manage panels, views, and context modules of your display architecture most conveniently, for instance, by subdividing content displaying by specific formats, regions, etc.

To handle this:

  • Plan out the display architecture - make sure it renders content only when necessary, without spawning additional complexity.
  • Streamline content use - put a heavy focus on content reuse and optimization.
  • Prioritize and separate - the internal logic and external presentation of content should be treated separately.
  • Make a sturdy foundation - carefully pick a reliable basic theme and study all of its ins and out.

Common mistakes

  • Creating new Views for every list - every other View you’re about to create must be studied to understand whether it is necessary or it can simply be replaced by a reused existing View; you can also set specific parameters for lists rendering using Contextual Filters.
  • Writing PHP code and other logic components in template or database files - it is no use writing either in database or .tpl/.php template files. All SQL queries, web service calls, and PHP bits should be specified either during theme preprocessing or in modules.

Website architecture practices and mistakes

The looks and feels, as well as the collection of modules and the way they interact with each other are outlined by the wholesome website architecture. To keep it smooth and comprehensive:

  • Keep it all clean and tidy - the smoothest working sites have as little code and as fewer modules integrated as possible, only the necessary things;
  • Don’t be shy to use contrib modules - why lose an opportunity to automate processes where possible in favor of more error-prone manual coding;
  • Check your Views - all Views are now located in Drupal 8 Core instead of a contrib module.
  • Keep up with standards - the best rates of custom coding are achieved through closely complying to Drupal coding standards;
  • Conduct regular overviews - reevaluate all architecture elements from time to time for possible revisions.

Common mistakes

  • Modules overload - you should revise and optimize your architecture if it has over 200 modules enabled at the moment. This is where regular reevaluation helps clean code by removing/disabling/uninstalling obsolete modules.
  • Roles overload - the more roles you have, the more complicated the overall tech and security maintenance becomes. All roles and permissions should be reassessed and grouped into hierarchical lists with inherited permissions.
  • Avoiding automation by contrib - custom code created where a contrib module handles things just fine is a very unnecessary effort that only complicates things. You may opt for the Webform modules, however, which is a well-tried-and-tested tool that grants more versatility in the work of website admins.
  • Hacking contrib or core modules - this is commonly done in order to achieve specific required functionality, yet it spawns unpredictable code behaviors and updating complications. Instead, it’s better to create a custom module based on hooks that would do the job you need. The Hacked! or Acquia Insight modules will help you handle such hacks inside an unfamiliar inherited website.
  • Incorrectly written custom code - a specialist may use Drupal API improperly or simply employ the wrong hooks. The whole process must be thoroughly planned, outlining the most fitting syntax and hooks (API documentation at drupal.org should help).

Tools we recommend using

  • Hacked! is a module you can use to scan the underlying Drupal architecture components like themes and contrib modules and indicate whether any changes have been implemented inside them. It can be combined with the Diff module to indicate the exact changed line of code through convenient results screens. But this is an unfitting scanning scenario for production websites.
  • Upgrade Status helps to verify codebase for deprecation errors and to upgrade sites in a safer way. The process is made easy, thanks to the ability to perform checks directly from the admin panel with a user-friendly interface.

Website security practices and mistakes

Drupal has all the necessary security opportunities built-in - all you need to do is employ them properly. Thus, you may efficiently achieve a sturdy protection from cybersecurity attacks and hacks. For this:

  • Don’t jeopardize security from the get-go - you may spawn security flaws in the process of its initial configuration. This requires planning - make sure that responsible permissions that may undermine security are only given to trusted users.
  • Update contrib and core modules - it is important to keep everything timely updated so as to stand fully armed in the face of potential security issues and attacks. To make your life easier, at Drupal.org, you may subscribe to notifications announcing all new security updates.
  • Reinforce passwords - only strong passwords grant a reliable first line of defense against hacker attacks and potential intrusions so keep this mind. Another great tip is to set password expiration.
  • Set proper upload limits - allowed file types uploads should be limited and restricted tReinforce passwords - only strong passwords grant a reliable first line of defense against hacker attacks and potential intrusions so keep this mind. Another great tip is to set password expiration.o the ability of trusted users only. Keep your content and file type permissions in check.

Tools we recommend using

  • Password Policy is a module that helps you specify conditions and constraints of setting user passwords.
  • Login Security module helps to enhance website security by protecting and restricting access with features such as: limited number of invalid data entering, deny access for specific IP adres, login email notifications etc.
  • Security Kit module helps to eliminate the probability of any security  loopholes on your Drupal website. Features such as Anti-XSS, Anti-CSRF, Anti-ClickJacking to set up a security policy and secure your data.

Website infrastructure practices and mistakes

Your website’s infrastructure is its backbone and it must be “fit” and sturdy in order to grant stable backend performance and smooth frontend operation. The end reliability of the site infrastructure depends on how it was structured and handled from the very beginning so thorough infrastructure planning and building is the essential tip here. On top of that, however, there are the following moments to keep in mind:

  • Tech stack issues - make sure to properly size and prepare your tech stack. It often happens so that a perfectly fitting server is used, but it is misconfigured to properly serve its functions. MYSQLTuner can be used to thoroughly analyze your database, configure it where need be, and avoid this.
  • Vulnerabilities from remote connections - you may want to connect certain tools to the database remotely relying on the external firewall alone and you shouldn’t. Otherwise, you are risking exposing the infrastructure to internal attacks, which are quite common.
  • Various bottlenecks - both hardware and resource-consuming processes can cause bottlenecks, which can be avoided if you maintain check logs and system spikes carefully enough.

Common mistakes

  • Misconfigured server hardware - the capacities of your server hardware are more than enough yet it still doesn’t work the way it should? This is probably due to certain misconfigurations. The overall stack configuration must be analyzed and considered thoroughly.
  • Varnish bypassed by traffic - misconfigurations may also lead to traffic going around Varnish and straight to the server. This is where you need to check page caching through response headers and make sure don’t set session variables without the need. 

Website performance practices and mistakes

Website performance-wise, numerous mistakes can be made, which make the overall user experience clanky and business-hindering in the long run. In this aspect, rather than discussing every point where you could go wrong, it is simpler to list what you shouldn’t do:

Don’t neglect website actions analysis - before actually implementing caching, it is best to check everything thoroughly and optimize everywhere possible. You can use a bunch of handy tools listed below for this.

Common mistakes

  • Lack of caching strategy - a specialist should take their time and comprehend how every type of content can be better cached - per user role, per group of users, etc.
  • Extra low-level caching - don’t neglect using Blocks or Panels pane caching instead of using views cache at very low-level caching.

Tools we recommend using

  • Devel helps conveniently view database queries running on every other page;
  • XHProf is a profiling tool great for indicating lots of underlying performance issues;
  • New Relic is a low-level website analysis tool that reports low-performance database queries, complicated pages, and external queries. However, It requires installation of the third-party software on the hosting which may or may not be possible depending on the hosting provider.

More Where That Came From

These are only some of the major mistakes related to the basic areas of your Drupal-based website. To tackle other issues and work on the whole scope of mistakes, contact specialized professionals to achieve the highest quality of your site.