Drupal CheckDrupal quick tips and tricks before going live!

By default Drupal will keep people logged in for 23 days (2000000 seconds) by saving a cookie in their browser. This is nice, but a potential security problem if people are using the site from shared computers.

Consider editing the site's settings.php to have

instead of the default

With the former, the user's login will be forgotten when they close their browser window, even if they forget to log out explicitly.

When developping a module, we often use some commonly used PHP functions. As you may not know Drupal provides some overrides for these functions. They are often related to strings, they have the same name as their PHP native equivalent except that they are prefixed with drupal_. Here is a list of PHP functions you should replace with its Drupal equivalent:

• Replace strlen() with drupal_strlen()
• Replace strtoupper() with drupal_strtoupper()
• Replace strtolower() with drupal_strtolower()
• Replace ucfirst() with drupal_ucfirst()
• Replace substr() with drupal_substr()
• Replace eval() with drupal_eval()
• Replace clone with drupal_clone()

For more on this, you should read includes/unicode.inc and includes/common.inc.

Consider installing the Boost module to create static HTML versions of pages that are served anonymously. Cached pages don't even use PHP (they are served as .html files) let alone create or use queries in MySQL so caching is super fast. Cached pages can be cleared on a regular basis with cron. Works with multisites and provides speed improvements to almost any Drupal site. Requires modification of default .htaccess file.

Having an .htaccess file is a pain regarding performances. Apache needs to read it on every single request (the page, every image, CSS files, JS files, etc.).

It is strongly recommended to move rules defined in Drupal .htaccess file in your Apache global configuration or in your vhost configuration file. This way all rules are only loaded 1 time, during Apache start.

To achieve this, just copy/paste your .htaccess content in your Apache server configuration file and don't forget to surround it by the directory where your Drupal install resides.

Note that we added AllowOverride None to prevent Drupal .htaccess to be read by Apache.

Check for syntaxe error:

$ apachectl configtest

And restart Apache:

$ apachectl restart

Note that if you are on Plesk, you must use the following command before restarting Apache:

$ /usr/local/psa/admin/sbin/websrvmng -u --vhost-name=example.com

If you what Pathauto to transform caracters with accents into simple letters like:

• éèêë to become e
• àâï to become a

You must enable in Pathauto the option Transliterate prior to creating alias. But by default, you can't tick the checkbox.

You first need to rename a file. From within the Pathauto directory, rename i18n-ascii.example.txt to i18n-ascii.txt. Once renamed, you can enable the option from the Pathauto settings form.

Cron is a deamon which triggers certain actions (cron jobs) at configured times. Windows has an equivalent system called Task Scheduler. Calling cron.php at regular intervals will allow, amongst others, the indexation of content the content and to check for updates.

Setting up a cron job under a *nix system is fairly easy.

1. Create or edit a crontab by typing in a terminal crontab -e
2. Assuming that you have one of the following programs on your system, add one of the following line to trigger a request to cron.php every hour:
   • 0 * * * * /usr/bin/wget -O - -q -t 1 http://example.com/cron.php
   • 0 * * * *  /usr/bin/lynx -source http://example.com/cron.php
   • 0 * * * * curl --silent --compressed http://example.com/cron.php
3. Save and exit your editor.

Setting up cron jobs on Windows is almost as easy! See Resources below.

Drupal logs information about cron jobs. Once you have configured it, you should see entries in your logs (Administer > Reports > Status report and Administer > Reports > Recent log entries) indicating the status of the related tasks.

You can gain performances by disabling unecessary contributed modules from your live site. Here is a list of modules you can safely disable on a production site:

• Devel
• Devel generate
• Devel node access
• Performance Logging
• Theme developer
• Advanced help example
• ImageCache UI
• Views UI

By default Drupal front page lists all nodes promoted to front page. We will often want the front page to display something different (a View, a panel, a node, etc.). To do so:

• Go to Administer > Site configuration > Site Information
• Set Default front page to the path of your View, Panel, node or anything.
• Save your settings

Note that the default value for Default front page is node.

Sometimes, you need to enter email adresses in your content. Good examples are your About page, or even your Contact page. But this the better way to get spammed!

It is strongly recommened to install a module such as SpamSan:

• Download and activate SpamSan module
• Go to Site configuration > Input formats

For each of your input format do the following:

• Click on Edit
• Check that Hide email addresses is enabled and save
• Click the Rearrange tab and set Hide email adresses with a super high weight (10 for example)
• Click Save configuration

All email adresses are now spam protected.