If the dramatic evolution of algorithms, hackers and attention spans has you worried sick about your website’s survival, think audit! Your Drupal website needs regular auditing to make sure your site is still healthy, SEO-friendly, secure and performing well. Moreover, there's always an opportunity to improve and make the website more user-friendly. Routinely evaluating Drupal sites helps monitor their overall health and optimize its performance. If you’re responsible for auditing your Drupal website, make sure you read this handy guide.
Why do you need to audit your Drupal website
A website audit is typically performed quarterly as a regular check-up or before a migration.
- It is important to audit sites regularly to improve its performance and to prepare for future enhancements
- If you’re migrating your Drupal 7 (or 6) website to the latest version (Drupal 9), a migration audit is absolutely necessary for a successful migration. Read this article for a handy checklist before you migrate to Drupal 9.
- It pinpoints any issues with the website, offers competitive insights and guides you to the direction of digital fulfillment
- Drupal regularly releases updates, security patches and other updates in order to improve the website's security, personalization and performance. Regular auditing helps in staying up-to-date with the latest and best practices
A website audit covers a wide scope of elements which includes performance, SEO, security, site building and more. Make sure you remember the following before auditing your website.
SEO and Performance
- Check if the Sitemap and Meta Tag modules are enabled and configured properly. This helps search engines to rapidly identify important pages and files on your Drupal website.
- Check the Robots.txt file in your project's root directory. This file tells crawlers how you want your website to be scanned or indexed.
- Ensure that image formats such as WebP and AVIF are used. They offer superior compression than PNG or JPEG, resulting in faster downloads and reduced data usage.
- Make sure the server's initial response time isn't excessively long. Themes, modules, and server requirements all have an impact on this. To reduce the time the database takes to process queries, use Redis or Memcache on the server for memory caching. Optimize the application logic to prepare pages faster.
- Always keep your Drupal core up-to-date.
- To limit the possibility of web application vulnerabilities being exploited, use the Security kit contributed module.
- Move all important files from the public folder to the private folder and update the permissions on the private folder. This is very important as an attacker can change the file path to access various resources, some of which may contain sensitive information.
- Use of the Password Policy module. Attackers can easily guess weak passwords and gain access to the system, thus stealing all of the information and destroying or altering valuable data.
Site Building Overview
- Configuration Management - Make sure the config sync is properly set (see below).
- Uninstall modules that have been installed but are not in use.
- Make sure there are no errors in the console.
- Fix all Drupal errors & warnings that appear in status reports (see below).
- Security Updates for all contributed modules should be applied.
- Gitignore should be set up appropriately and all dependencies should be managed through the composer rather than Git. Make sure Git does not contain directories like vendor, contrib theme, contrib module, or Drupal core.
Best practices and Tools
Follow Drupal’s coding standards and best practices. Coder can help you with this. It is a command-line tool that scans custom modules and themes for compliance with the Drupal coding standard and generates a report. This is a very good measure of code quality.
You can audit your website using Lighthouse Chrome DevTools. It gives you valuable insights of your website’s performance, SEO standing, accessibility, speed and more.
Lighthouse Chrome dev tools
Site audit is a super useful Drupal module that helps generate an analysis report on various areas of your website. It also offers best practices and recommendations based on the analysis.
Site audit module
Leverage the Security Review module when you want a checklist of all security vulnerabilities and issues you should be aware of. It runs a ton of checks on your website before generating a comprehensive security report.
Security Review module