7 Common Drupal Mistakes that you are Probably Making on your Website
Imagine your Drupal site as a... patient who has received the wrong diet (or who simply hasn't been told that he should stick to a special diet in the first place) and all the wrong medication, as well. A silly metaphor for the most common Drupal mistakes that you might have been making on your website.
... and whom (your website “patient”) you're now striving to train for the Olympics, meaning to boost its overall performance.
It's not going to work unless you “detect” those common issues deriving from improperly handling your site and from deviating from Drupal's best practices. And not before you get them fixed, obviously.
And how can you know for sure whether you are making these “popular” mistakes on your Drupal website?
Easy! You just give an honest answer to each one of the 7 questions from our little “investigation” here below.
Ready?
1. Have You Been Ignoring the Drupal Updates?
Just admit it!
And then try counting how many times you placed the Drupal Core and Contrib Drupal Security Advisory at the very end of your priority list. Or just how many times you ran the suggested upgrades selectively?
The more time has passed since you stuck to this “bad habit”, the more vulnerable your Drupal site's become.
This is, undoubtedly, one of the common Drupal mistakes and the “ultimate” source of the most security threats.
Note: For instance, if it's an unacceptably long period of time that we're talking about since you stopped maintaining your website properly (if it runs on a version older than Drupal Core 7.32), then it stands all the chances to have turned into an easy target for Drupageddon attacks.
2. Are There Any Unused Modules Left to Linger On Your Drupal Site?
- bogged down site performance (with your way too large database as a “culprit”)
- high impact security issues
- unnecessary overhead
This is precisely what you get when you're being negligent in managing your unused modules (or themes).
Those modules that maybe you just installed and took out for a quick spin, fascinated with their much-talked-about functionality, and that you no longer use. Yet you just leave them... be. And weight down your database with an unnecessary load of source code.
Some of them might be lingering there since... your site's early days. Think of all the developer and administration modules (e.g. Devel or View UI) which shouldn't be overburdening the production version of your website.
Yet, they still do!
They're just being tolerated and gradually turning themselves into some major security issues if no one in your team deals with Security Advisories regularly.
The solution to this issue, that can easily make it to top 3 most common Drupal mistakes, is as clear as daylight: uninstall all the modules and themes that you're no longer using! Don't just bundle up unnecessary overhead.
And while the solution is ridiculously handy, the benefits are definitely worth the time and “effort”:
- improved file system
- instantly boosted site performance
3. Is The PHP Filter Module Enabled? One of the Most Common Drupal Mistakes
Just skip this question if it's a Drupal 8 website that you own. For this specific module has been (thank God!) removed from Drupal 8 core.
Now, getting back to the PHP Filter module, which many site owners decide to enable (like you, probably), here's why you should rush to... uninstall it:
- practically it's an invitation for all ill-intended users to easily run PHP code right there, on your website
- once enabled, it's quite a challenge to.. disable it before you've reviewed your site's content thoroughly
and if you skip this step (the close reviewing of your site content), you risk displaying PHP code in plain text on your website (which could turn into a true security “crate” if not detected before you disable the module)
4. Are You 100% Sure the JS/CSS Aggregation Settings Have Been Correctly Configured?
If so, then the JavaScript and CSS files that Drupal renders in HTML can be easily bundled up and compressed.
But if not properly configured, your users' browsers will be forced to process far more requests in order to render your web pages' content. Which will inevitably impact your site's page load times.
5. Have You Managed to Avoid the Common “Overusing Roles” Pitfall?
Or not? Don't be too harsh on yourself if you have, indeed, “overused” the user roles system. It's, undoubtedly, one of the most common Drupal mistakes website owners make after all.
And what else could you have done when the default user roles that Drupal provided you with just didn't fit the specific permission levels you had in mind for your users, right?
You went ahead and created your own roles...
Unfortunately, these newly custom-made roles can easily:
- lead to Drupal admins being forced to edit each and every user role separately whenever he/she has to update the permissions
- cause “security craters” when not properly configured
- (overusing roles, along with their “collections” of permissions, can) impact your site's overall performance (particularly when you're striving to manage each and very set of permissions in their associated user roles)
6. Have You Configured The Full HTML Input Format for Your Most Trusted Users ONLY?
Or have you simply overlooked it entirely? Have you just disabled HTML filtering from the HTML Input Filter completely?
By configuring the Full Input Format for ALL your users, you're basically granting everyone permission to post HTML on your website. This way, you're just opening a gateway for any user to embed malicious code on your Drupal site.
Even a banal little thing such as an image tag can easily turn into an "injectable solution", a dangerous one, in the hands of an ill-intended user who can post HTML on your website just like that.
Now here's what you should do to avoid this scenario:
- make sure that your filter is configured for some users ONLY and, even then, that you set only the specific set of tags they'll need to use
- make sure your default and custom Input Filters are correctly configured so that they pose no security risks
- scan your database through and through identifying any possible suspicious code that might have been injected already
7. Are You Weighting Down Your Database With Too Many (Unused) Content Types?
Do you need ALL the content types currently overcharging your database (considering the fact that three database tables get added to your database with every new content type that you bring on)? Are you actually using them all?
For, it not:
- your database is unnecessarily overburdened
- your content editors' workflow is unnecessarily complex due to the whole network of confusing content types that they need to tangle themselves up in
And now the solution to this issue, for certain one of the top most common Drupal mistakes:
Just run an inventory of all your content types, sort them into used and no longer used ones and... just "trim the fat"! Get rid of those that are just filling in space in your database!
This is our top 7 mistakes that you, too, are probably making on your Drupal site (even if not all of them).
Now that we've exposed them to you we can't but end our post with a conclusion/piece of advice:
The handiest way to optimize your website's performance is by preventing performance issues to occur, in the first place. Now that you have them “brought to light” it should be easier, with a little bit of effort, to avoid them, shouldn't it?