SlideShare a Scribd company logo

Oxford DrupalCamp 2012 - The things we found in your website

H
hernanibf
Technology
1 of 38
Download to read offline
The  things  we  found  in  your  website   Hernâni  Borges  de  Freitas   Technical  Consultant   hernani@acquia.com   @hernanibf   Oxford,  23rd  June,  2012  
About  us   •  Expert Drupal Support •  Optimized Drupal hosting •  Dev Cloud •  Managed Cloud •  Foster Drupal adoption •  Commons •  Drupalgardens.com •  Dev Desktop The  things  we  found  in  your  website!  
About  me   •  .pt  /  Oxford   •  Acquia  Professional  Services   EMEA   •  Technical  Consultant   •  Drupal*  many  things   •  Passionate  about  web  and   communities   •  Travel  lover   The  things  we  found  in  your  website!  
@2011   The  things  we  found  in  your  website!  
What  my  team  does   •  Drupal  Jumpstarts   •  Architecture  Workshop   •  Discovery  workshops   •  Site  Audit   •  Performance  Audit   •  Security  Audit   •  On-­‐site  Consulting   The  things  we  found  in  your  website!  
Site  Audit   •  During  limited  time  we  look  to  your   website  assuring  it  is  following  best   practices  and  don’t  present  risks:   •  Architecture   •  Security   •  Performance   •  Infrastructure   •  Maintenance  headaches   The  things  we  found  in  your  website!  
Balance   •  Understand  the  project  history  /  constraints   •  Be  clear  that  there  is  no  single  right  way  of   solving  problems.   •  Everyone  do  mistakes.  And  should  learn  from   them!   •  Long  term  solutions  make  everyone  happier  than   short  term  patchwork.   •  The  best  tool:  the  one  you  know  how  to  use.   The  things  we  found  in  your  website!  
Content architecture “Editors don’t understand what to create. ” “The page content type article is similar to news. We just used it during some months to create special news in homepage.” “We needed to change this template because we wanted to show everything in that location and we use school_location and teacher_city.” The  things  we  found  in  your  website!  
Content  architecture   Symptoms   •  Similar  content  types   •  Fields  not  reused   •  Content  types  with  almost  no  nodes   Chasing it Take a look at field report page. Content type structure. Simple database queries Select count(*), type from node group by type The  things  we  found  in  your  website!  
Display architecture “Views_london, views_paris, views_porto shows jobs available in these cities” “The scores block in the sports section ? Some PHP code is controlling its visibility in block configuration..” “We need those node_load() in preprocess_page because we need to show those nodes in homepage.” The  things  we  found  in  your  website!  
Site  architecture   Chasing  it   •  Understand  how  pages  are  build.   •  Look  at  views  and  how  reusable  they  are.   •  How  much  custom  templates  do  you  have?   •  How  much  logic  do  you  have  in  templates.   •  How  easy  is  to  switch  theme  (mobile,   special  occasions?)     •  How  long  does  it  take  to  produce  a   totally  new  design  in  your  site?   The  things  we  found  in  your  website!  
Site  architecture   Symptoms   •  Modules  installed   •  Number  of  modules  that  are  not  useful  at  all.   •  Hacked  core  and  modules   •  “There  is  a  module  for  that”  –  does  not   mean  you  need  to  use  it!   •  Modules  used  for  things  they  were  not   designed  to  do.   •  PHP  Code  in  database   The  things  we  found  in  your  website!  
Reinventing the wheel “This is a custom module we designed to create forms on the fly that can be sent by email to site admins!” “ That custom module adds small hidden tokens to control SPAM in our website.” The  things  we  found  in  your  website!  
Extra complexity “We thought we needed content translation but in the end our website is just in english.” “Right now we only have one type of users, but in the future we might need to have more roles, so we already have content_access.” “ Authcache module is used to speed up pages for our 20 journalists.” The  things  we  found  in  your  website!  
Site  architecture   Chasing  it   •  Use  hacked!  module  ( http://drupal.org/project/hacked)  to   compare  code  versions  used.   •  Balance  custom  code  /  contributed  code   or  reusable  ways  of  solving  problems.   •  Couldn’t  that  query  be  a  view  ?   •  Couldn’t  context  or  panels  creating  that  page?   •  Couldn’t  that  custom  action  be  controlled  by  a   rule?   The  things  we  found  in  your  website!  
Custom  modules   Symptoms   •  Not  following  coding  standards   •  Can  be  a  warning  for  what  is  coming…   •  Not  using  the  right  hooks   •  Excessive  usage  of  hook_init,  hook_nodeapi   •  Not  using  the  API   •  Reinventing  something  that  Drupal  is  already  doing   well   •  Hardcoded  strings  (nids,  tids,  vids,  urls).   •  All  code  in  .module  file   The  things  we  found  in  your  website!  
Security “ That webservice path is impossible to find, it does not need authentication. Only the mobile app uses it.” “ You would need to be a administrator to access that page.” “ We are the only ones we can access the server, therefore we are just too worried about it.” The  things  we  found  in  your  website!  
Security   Basic  problems   •  Not  updated  core  and  contributed  modules.   •  Bad  configuration   •  Users  have  permissions  to  do  things  they  shouldn’t   •  Admins  have  easy  passwords  (similar  to   usernames,  hacked  email  accounts..)   •  File  upload  is  not  checked   •  Code  repository  contain  extra  gifts   •  Database  dumps,  files  with  information  that  should  no  be   there  ..   The  things  we  found  in  your  website!  
Security   SQL  Injection   •  db_query(“select  from  table  where  id=$_GET[‘id’]”);   •  Example.com/index.php?id=1;drop  database  yoursite;-­‐-­‐     XSS  –  Cross  site  scripting   •  <?php  echo  “Your  number  is  “.  $_GET[‘id’];  ?>   •  Index.php?id=<script>alert(“UAAAT??”);</script>   CSRF  –  Cross  site  request  forgery    $items[‘admin/cookies/%/delete’]  =  array(    'access  callback'  =>  'user_access',    'access  arguments'  =>  array('access  cookies'),    'page  callback'  =>  'cookie_delete'      );   The  things  we  found  in  your  website!  
Security   CSRF  –  Cross  site  request  forgery   •  HTML  Email   •  <img src=‘http://example.com/admin/cookies/10/delete’ /> •  HTTP Post to forms •  You  expect  the  request  to  come  from  your  site  but  it  can   come  from  anywhere   •  Drupal  protects  against  both  attacks  using  tokens  and  Form   API   The  things  we  found  in  your  website!  
Performance   What  is  your  website  doing   •  How  long  do  most  pages  take  to  load   (common  lists,  node  pages,  homepage?)   •  Why  do  they  take  so  long?  DB  queries,   application  requests?   •  What  about  edge  cases?  Clear  cache  for   instance?   •  What  is  your  caching  strategy?   •  What  are  your  logs  telling  you?   The  things  we  found  in  your  website!  
Performance   •  How  long  do  most  pages  take  to  load  ?   •  Devel  query  log  can  show  immediately  some  problems   •  XhProf  can  do  the  rest   •  NewRelic  (newrelic.com)  is  pure  gold!   •  Why  is  CPU  and  memory  wasted?   •  Typically   •  Complex  queries  that  take  too  much  time   •  Function  called  too  much  times   •  Edge  cases  that  are  happening  all  the  time   The  things  we  found  in  your  website!  
Performance   Why  is  the  database  so  slow?  Why  is  only  slow  now?   •  Databases  not  optimized  to  grow   •  Complex  queries  made  by  without  indexes  usage   •  Complex  queries  made  automatically   SELECT node.nid AS nid, users.picture AS users_picture, users.uid AS users_uid, users.name AS users_name, users.mail AS users_mail, node.title AS node_title, GREATEST(node.changed, node_comment_statistics.last_comment_timestamp) AS node_comment_statistics_last_updated FROM node node INNER JOIN users users ON node.uid = users.uid INNER JOIN node_comment_statistics node_comment_statistics ON node.nid = node_comment_statistics.nid ORDER BY node_comment_statistics_last_updated DESC The  things  we  found  in  your  website!  
Performance   Is  using  InnoDb  always  better?   SELECT COUNT(*) FROM (SELECT DISTINCT node.nid AS nid FROM node node LEFT JOIN og_ancestry og_ancestry ON node.nid = og_ancestry.nid INNER JOIN users users ON node.uid = users.uid INNER JOIN node_comment_statistics node_comment_statistics ON node.nid = node_comment_statistics.nid WHERE og_ancestry.group_nid = 5 ) count_alias •  Use  views  lite  pager   The  things  we  found  in  your  website!  
Performance   Can  it  be  cached?   •  Assure  caching  and  aggregation  are  set.  Yes,  look  at  it!   •  Review  caching  strategy:     •  https://www.acquia.com/blog/when-­‐and-­‐how-­‐caching-­‐can-­‐ save-­‐your-­‐site-­‐part-­‐2-­‐authenticated-­‐users   •  Guarantee  caching  is  effectively  helping  you.   •  Don’t  clear  it  too  often.   •  Not  used  only  by  a  minority.   The  things  we  found  in  your  website!  
Infrastructure   This  is  where  your  website  ends..   •  What  is  the  right  size?  How  do  you  grow?   •  Are  the  different  servers  well  tuned  ?   •  Apache  /  PHP   •  Mysql     •  Varnish   •  What  are  your  logs  telling  you?   The  things  we  found  in  your  website!  
Infrastructure   “Our DB Server has 48Gb of memory. Enough to handle all requests!”   •  My.cnf   •  Innodb_buffer_pool  =  1024M   •  Adjust  limits  according  to  your  resources.   •  http://mysqltuner.pl   •  Your  slowest  bottleneck  represents  your  overall   bottleneck.   The  things  we  found  in  your  website!  
Infrastructure   “We don’t need that many web servers. As varnish is set in front and working as a reverse proxy, most of the traffic will be cached.”   The  things  we  found  in  your  website!  
Infrastructure   “Our external firewall controls all sort of attacks. We don’t use any specific firewall in the servers.”   •  50/70%  of  attacks  are  internal.  Remote  connections  with  DB,   Memcached,  Solr  should  be  forbidden.   •  Hard  to  remember  about  details  on  fast  moving  environments.   The  things  we  found  in  your  website!  
Maintenance   This  is  going  to  be  must  of  the  work!   •  What  is  your  deployment  architecture?   •  How  hard  is  it  too  change?   •  How  do  you  test  changes?   •  How  relaxed  do  you  leave  your  desk?   The  things  we  found  in  your  website!  
Deployment “We just copy the code directly to the server by FTP.” “Any developer can just take a snapshot from production and install on their laptop.” “Don’t touch that module. We just did some changes from what it was originally.” The  things  we  found  in  your  website!  
Maintenance   Control  your  code!   •  All  piece  of  code  should  be  under  VCS.   •  Git,  Mercury,  Bazaar,  SVN,  CVS   •  Copying  to  backup  folders  is  not  VCS.   •  Yes,  those  log  messages  serve  for  something…   •  No,  your  holidays  pictures  should  not  be  under  VCS.   •  No,  your  database  dumps  shouldn’t  also  be  there.   The  things  we  found  in  your  website!  
Maintenance “We can only test that in production.” “Yes we have a staging environment. But its data is from last summer.” “Sometimes problems occur when we upgrade. But we have always a backup.” The  things  we  found  in  your  website!  
Maintenance   Do  once,  prepare  many!   •  Several  environments  should  exist   •  Development,  Staging  and  Production.   •  Should  be  possible  to  deploy  from  VCS  to  them!   •  Environments  should  be  up  to  date  and  accessible     •  Environments  should  be  as  possible  similar  to  real   life   •  Environments  should  be  easy  to  destroy  and   replicate   The  things  we  found  in  your  website!  
Maintenance   This  is  going  to  be  most  of  the  work!   •  Be prepared for changes •  You don’t control them most of times! •  Review periodically website architecture •  What you need today is not similar when you built it   •  Pay  attention  to  security  updates   •  Review  your  logs  periodically   The  things  we  found  in  your  website!  
Free  site  audit  ?   The  things  we  found  in  your  website!  
So,  before  your  questions.   I  do  have  a  question.   Would  you  like  to  join  Acquia?   We are hiring EVERYWHERE! •  Consultants •  Support •  Sales •  Engineering
QUESTIONS  ?  

Recommended

The things we found in your website
The things we found in your websiteThe things we found in your website
The things we found in your websitehernanibf
 
My site is slow
My site is slowMy site is slow
My site is slowhernanibf
 
Drupal content editor flexibility
Drupal content editor flexibilityDrupal content editor flexibility
Drupal content editor flexibilityhernanibf
 
Intro to drupal
Intro to drupalIntro to drupal
Intro to drupalhernanibf
 
Drupal architectures for flexible content - Drupalcon Barcelona
Drupal architectures for flexible content - Drupalcon BarcelonaDrupal architectures for flexible content - Drupalcon Barcelona
Drupal architectures for flexible content - Drupalcon Barcelonahernanibf
 
Deployer - Deployment tool for PHP
Deployer - Deployment tool for PHPDeployer - Deployment tool for PHP
Deployer - Deployment tool for PHPhernanibf
 
One Drupal to rule them all - Drupalcamp London
One Drupal to rule them all - Drupalcamp LondonOne Drupal to rule them all - Drupalcamp London
One Drupal to rule them all - Drupalcamp Londonhernanibf
 
My Site is slow - Drupal Camp London 2013
My Site is slow - Drupal Camp London 2013My Site is slow - Drupal Camp London 2013
My Site is slow - Drupal Camp London 2013hernanibf
 

Recommended

The things we found in your website
The things we found in your websiteThe things we found in your website
The things we found in your websitehernanibf
 
My site is slow
My site is slowMy site is slow
My site is slowhernanibf
 
Drupal content editor flexibility
Drupal content editor flexibilityDrupal content editor flexibility
Drupal content editor flexibilityhernanibf
 
Intro to drupal
Intro to drupalIntro to drupal
Intro to drupalhernanibf
 
Drupal architectures for flexible content - Drupalcon Barcelona
Drupal architectures for flexible content - Drupalcon BarcelonaDrupal architectures for flexible content - Drupalcon Barcelona
Drupal architectures for flexible content - Drupalcon Barcelonahernanibf
 
Deployer - Deployment tool for PHP
Deployer - Deployment tool for PHPDeployer - Deployment tool for PHP
Deployer - Deployment tool for PHPhernanibf
 
One Drupal to rule them all - Drupalcamp London
One Drupal to rule them all - Drupalcamp LondonOne Drupal to rule them all - Drupalcamp London
One Drupal to rule them all - Drupalcamp Londonhernanibf
 
My Site is slow - Drupal Camp London 2013
My Site is slow - Drupal Camp London 2013My Site is slow - Drupal Camp London 2013
My Site is slow - Drupal Camp London 2013hernanibf
 
One drupal to rule them all - Drupalcamp Caceres
One drupal to rule them all - Drupalcamp CaceresOne drupal to rule them all - Drupalcamp Caceres
One drupal to rule them all - Drupalcamp Cacereshernanibf
 
Zurb foundation
Zurb foundationZurb foundation
Zurb foundationsean_todd
 
5 Common Mistakes You are Making on your Website
5 Common Mistakes You are Making on your Website 5 Common Mistakes You are Making on your Website
5 Common Mistakes You are Making on your WebsiteAcquia
 
The WordPress University
The WordPress UniversityThe WordPress University
The WordPress UniversityStephanie Leary
 
Acquia Commons
Acquia CommonsAcquia Commons
Acquia Commonshernanibf
 
Top 8 Improvements in Drupal 8
Top 8 Improvements in Drupal 8Top 8 Improvements in Drupal 8
Top 8 Improvements in Drupal 8Angela Byron
 
WordPress as a CMS - Case Study of an Organizational Intranet
WordPress as a CMS - Case Study of an Organizational IntranetWordPress as a CMS - Case Study of an Organizational Intranet
WordPress as a CMS - Case Study of an Organizational IntranetTech Liminal
 
Creating Web Templates for SharePoint 2010
Creating Web Templates for SharePoint 2010Creating Web Templates for SharePoint 2010
Creating Web Templates for SharePoint 2010Mark Collins
 
Getting started with CSS frameworks using Zurb foundation
Getting started with CSS frameworks using Zurb foundationGetting started with CSS frameworks using Zurb foundation
Getting started with CSS frameworks using Zurb foundationMelanie Archer
 
BP-9 Share Customization Best Practices
BP-9 Share Customization Best PracticesBP-9 Share Customization Best Practices
BP-9 Share Customization Best PracticesAlfresco Software
 
Drupal
DrupalDrupal
DrupalIsriya Paireepairit
 
Academic Websites in Plone
Academic Websites in PloneAcademic Websites in Plone
Academic Websites in PloneJazkarta, Inc.
 
Introduction to Drupal
Introduction to DrupalIntroduction to Drupal
Introduction to DrupalTom Deryckere
 
From WordPress With Love
From WordPress With LoveFrom WordPress With Love
From WordPress With LoveUp2 Technology
 
Online exhibits in Plone
Online exhibits in PloneOnline exhibits in Plone
Online exhibits in PloneJazkarta, Inc.
 
72d5drupal
72d5drupal72d5drupal
72d5drupalMahesh Sherkar
 
What is Drupal? And Why is it Useful? Webinar
What is Drupal? And Why is it Useful? WebinarWhat is Drupal? And Why is it Useful? Webinar
What is Drupal? And Why is it Useful? WebinarSuzanne Dergacheva
 
Drupal - Introduction to Drupal and Web Content Management
Drupal - Introduction to Drupal and Web Content ManagementDrupal - Introduction to Drupal and Web Content Management
Drupal - Introduction to Drupal and Web Content ManagementVibrant Technologies & Computers
 
Urbanesia - Development History
Urbanesia - Development HistoryUrbanesia - Development History
Urbanesia - Development HistoryBatista Harahap
 
Georgia Tech Drupal Users Group - Local Drupal Development
Georgia Tech Drupal Users Group - Local Drupal DevelopmentGeorgia Tech Drupal Users Group - Local Drupal Development
Georgia Tech Drupal Users Group - Local Drupal DevelopmentEric Sembrat
 
Invito ricerca e_imprese_280610
Invito ricerca e_imprese_280610Invito ricerca e_imprese_280610
Invito ricerca e_imprese_280610Francesco Baruffi
 
CRISE - WEBINAIRE 2012 - Michel Tousignant - Le suicide en milieu autochtone:...
CRISE - WEBINAIRE 2012 - Michel Tousignant - Le suicide en milieu autochtone:...CRISE - WEBINAIRE 2012 - Michel Tousignant - Le suicide en milieu autochtone:...
CRISE - WEBINAIRE 2012 - Michel Tousignant - Le suicide en milieu autochtone:...Centre de recherche et d'intervention sur le suicide, enjeux éthiques et pratiques de fin de vie
 

More Related Content

What's hot

One drupal to rule them all - Drupalcamp Caceres
One drupal to rule them all - Drupalcamp CaceresOne drupal to rule them all - Drupalcamp Caceres
One drupal to rule them all - Drupalcamp Cacereshernanibf
 
Zurb foundation
Zurb foundationZurb foundation
Zurb foundationsean_todd
 
5 Common Mistakes You are Making on your Website
5 Common Mistakes You are Making on your Website 5 Common Mistakes You are Making on your Website
5 Common Mistakes You are Making on your WebsiteAcquia
 
The WordPress University
The WordPress UniversityThe WordPress University
The WordPress UniversityStephanie Leary
 
Acquia Commons
Acquia CommonsAcquia Commons
Acquia Commonshernanibf
 
Top 8 Improvements in Drupal 8
Top 8 Improvements in Drupal 8Top 8 Improvements in Drupal 8
Top 8 Improvements in Drupal 8Angela Byron
 
WordPress as a CMS - Case Study of an Organizational Intranet
WordPress as a CMS - Case Study of an Organizational IntranetWordPress as a CMS - Case Study of an Organizational Intranet
WordPress as a CMS - Case Study of an Organizational IntranetTech Liminal
 
Creating Web Templates for SharePoint 2010
Creating Web Templates for SharePoint 2010Creating Web Templates for SharePoint 2010
Creating Web Templates for SharePoint 2010Mark Collins
 
Getting started with CSS frameworks using Zurb foundation
Getting started with CSS frameworks using Zurb foundationGetting started with CSS frameworks using Zurb foundation
Getting started with CSS frameworks using Zurb foundationMelanie Archer
 
BP-9 Share Customization Best Practices
BP-9 Share Customization Best PracticesBP-9 Share Customization Best Practices
BP-9 Share Customization Best PracticesAlfresco Software
 
Academic Websites in Plone
Academic Websites in PloneAcademic Websites in Plone
Academic Websites in PloneJazkarta, Inc.
 
Introduction to Drupal
Introduction to DrupalIntroduction to Drupal
Introduction to DrupalTom Deryckere
 
From WordPress With Love
From WordPress With LoveFrom WordPress With Love
From WordPress With LoveUp2 Technology
 
Online exhibits in Plone
Online exhibits in PloneOnline exhibits in Plone
Online exhibits in PloneJazkarta, Inc.
 
What is Drupal? And Why is it Useful? Webinar
What is Drupal? And Why is it Useful? WebinarWhat is Drupal? And Why is it Useful? Webinar
What is Drupal? And Why is it Useful? WebinarSuzanne Dergacheva
 
Drupal - Introduction to Drupal and Web Content Management
Drupal - Introduction to Drupal and Web Content ManagementDrupal - Introduction to Drupal and Web Content Management
Drupal - Introduction to Drupal and Web Content ManagementVibrant Technologies & Computers
 
Urbanesia - Development History
Urbanesia - Development HistoryUrbanesia - Development History
Urbanesia - Development HistoryBatista Harahap
 
Georgia Tech Drupal Users Group - Local Drupal Development
Georgia Tech Drupal Users Group - Local Drupal DevelopmentGeorgia Tech Drupal Users Group - Local Drupal Development
Georgia Tech Drupal Users Group - Local Drupal DevelopmentEric Sembrat
 

What's hot (20)

One drupal to rule them all - Drupalcamp Caceres
One drupal to rule them all - Drupalcamp CaceresOne drupal to rule them all - Drupalcamp Caceres
One drupal to rule them all - Drupalcamp Caceres
 
Zurb foundation
Zurb foundationZurb foundation
Zurb foundation
 
5 Common Mistakes You are Making on your Website
5 Common Mistakes You are Making on your Website 5 Common Mistakes You are Making on your Website
5 Common Mistakes You are Making on your Website
 
The WordPress University
The WordPress UniversityThe WordPress University
The WordPress University
 
Acquia Commons
Acquia CommonsAcquia Commons
Acquia Commons
 
Top 8 Improvements in Drupal 8
Top 8 Improvements in Drupal 8Top 8 Improvements in Drupal 8
Top 8 Improvements in Drupal 8
 
WordPress as a CMS - Case Study of an Organizational Intranet
WordPress as a CMS - Case Study of an Organizational IntranetWordPress as a CMS - Case Study of an Organizational Intranet
WordPress as a CMS - Case Study of an Organizational Intranet
 
Creating Web Templates for SharePoint 2010
Creating Web Templates for SharePoint 2010Creating Web Templates for SharePoint 2010
Creating Web Templates for SharePoint 2010
 
Getting started with CSS frameworks using Zurb foundation
Getting started with CSS frameworks using Zurb foundationGetting started with CSS frameworks using Zurb foundation
Getting started with CSS frameworks using Zurb foundation
 
BP-9 Share Customization Best Practices
BP-9 Share Customization Best PracticesBP-9 Share Customization Best Practices
BP-9 Share Customization Best Practices
 
Drupal
DrupalDrupal
Drupal
 
Academic Websites in Plone
Academic Websites in PloneAcademic Websites in Plone
Academic Websites in Plone
 
Introduction to Drupal
Introduction to DrupalIntroduction to Drupal
Introduction to Drupal
 
From WordPress With Love
From WordPress With LoveFrom WordPress With Love
From WordPress With Love
 
Online exhibits in Plone
Online exhibits in PloneOnline exhibits in Plone
Online exhibits in Plone
 
72d5drupal
72d5drupal72d5drupal
72d5drupal
 
What is Drupal? And Why is it Useful? Webinar
What is Drupal? And Why is it Useful? WebinarWhat is Drupal? And Why is it Useful? Webinar
What is Drupal? And Why is it Useful? Webinar
 
Drupal - Introduction to Drupal and Web Content Management
Drupal - Introduction to Drupal and Web Content ManagementDrupal - Introduction to Drupal and Web Content Management
Drupal - Introduction to Drupal and Web Content Management
 
Urbanesia - Development History
Urbanesia - Development HistoryUrbanesia - Development History
Urbanesia - Development History
 
Georgia Tech Drupal Users Group - Local Drupal Development
Georgia Tech Drupal Users Group - Local Drupal DevelopmentGeorgia Tech Drupal Users Group - Local Drupal Development
Georgia Tech Drupal Users Group - Local Drupal Development
 

Viewers also liked

Invito ricerca e_imprese_280610
Invito ricerca e_imprese_280610Invito ricerca e_imprese_280610
Invito ricerca e_imprese_280610Francesco Baruffi
 
Document Databases In Online Publishing
Document Databases In Online Publishing Document Databases In Online Publishing
Document Databases In Online Publishing Irakli Nadareishvili
 

Viewers also liked (6)

Invito ricerca e_imprese_280610
Invito ricerca e_imprese_280610Invito ricerca e_imprese_280610
Invito ricerca e_imprese_280610
 
CRISE - WEBINAIRE 2012 - Michel Tousignant - Le suicide en milieu autochtone:...
CRISE - WEBINAIRE 2012 - Michel Tousignant - Le suicide en milieu autochtone:...CRISE - WEBINAIRE 2012 - Michel Tousignant - Le suicide en milieu autochtone:...
CRISE - WEBINAIRE 2012 - Michel Tousignant - Le suicide en milieu autochtone:...
 
Amonestracion 4 por pagina
Amonestracion 4 por paginaAmonestracion 4 por pagina
Amonestracion 4 por pagina
 
Document Databases In Online Publishing
Document Databases In Online Publishing Document Databases In Online Publishing
Document Databases In Online Publishing
 
Question 1
Question 1Question 1
Question 1
 
Microservices In Practice
Microservices In PracticeMicroservices In Practice
Microservices In Practice
 

Similar to Oxford DrupalCamp 2012 - The things we found in your website

How Not to Be Conned by Your Drupal Vendor!
How Not to Be Conned by Your Drupal Vendor!How Not to Be Conned by Your Drupal Vendor!
How Not to Be Conned by Your Drupal Vendor!pixelonion
 
Acquia Insight – the Ultimate Drupal Management Suite
Acquia Insight – the Ultimate Drupal Management SuiteAcquia Insight – the Ultimate Drupal Management Suite
Acquia Insight – the Ultimate Drupal Management SuiteAcquia
 
Creating a Documentation Portal
Creating a Documentation PortalCreating a Documentation Portal
Creating a Documentation PortalSteve Anderson
 
Intro to SharePoint 2010 development for .NET developers
Intro to SharePoint 2010 development for .NET developersIntro to SharePoint 2010 development for .NET developers
Intro to SharePoint 2010 development for .NET developersJohn Ferringer
 
Acquia Insight Sneak Peek: Analyze, Manage, and Tune Your Drupal Site like Ne...
Acquia Insight Sneak Peek: Analyze, Manage, and Tune Your Drupal Site like Ne...Acquia Insight Sneak Peek: Analyze, Manage, and Tune Your Drupal Site like Ne...
Acquia Insight Sneak Peek: Analyze, Manage, and Tune Your Drupal Site like Ne...Acquia
 
DIGIT Noe 2016 - Overview of front end development today
DIGIT Noe 2016 - Overview of front end development todayDIGIT Noe 2016 - Overview of front end development today
DIGIT Noe 2016 - Overview of front end development todayBojan Veljanovski
 
Zero to Sixty with Oracle ApEx
Zero to Sixty with Oracle ApExZero to Sixty with Oracle ApEx
Zero to Sixty with Oracle ApExBradley Brown
 
Android lessons you won't learn in school
Android lessons you won't learn in schoolAndroid lessons you won't learn in school
Android lessons you won't learn in schoolMichael Galpin
 
Understanding Content Management Services
Understanding Content Management ServicesUnderstanding Content Management Services
Understanding Content Management Services360ideas
 
Week01 jan19 introductionto_php
Week01 jan19 introductionto_phpWeek01 jan19 introductionto_php
Week01 jan19 introductionto_phpJeanho Chu
 
Week01 jan19 introductionto_php
Week01 jan19 introductionto_phpWeek01 jan19 introductionto_php
Week01 jan19 introductionto_phpJeanho Chu
 
On Again; Off Again - Benjamin Young - ebookcraft 2017
On Again; Off Again - Benjamin Young - ebookcraft 2017On Again; Off Again - Benjamin Young - ebookcraft 2017
On Again; Off Again - Benjamin Young - ebookcraft 2017BookNet Canada
 
eMusic: WordPress in the Enterprise
eMusic: WordPress in the EnterpriseeMusic: WordPress in the Enterprise
eMusic: WordPress in the EnterpriseScott Taylor
 
Going from Zero to Sixty in Drupal with Acquia
Going from Zero to Sixty in Drupal with AcquiaGoing from Zero to Sixty in Drupal with Acquia
Going from Zero to Sixty in Drupal with AcquiaAcquia
 
Prototyping like it is 2022
Prototyping like it is 2022 Prototyping like it is 2022
Prototyping like it is 2022 Michael Yagudaev
 
Single Page Applications - Desert Code Camp 2012
Single Page Applications - Desert Code Camp 2012Single Page Applications - Desert Code Camp 2012
Single Page Applications - Desert Code Camp 2012Adam Mokan
 

Similar to Oxford DrupalCamp 2012 - The things we found in your website (20)

How Not to Be Conned by Your Drupal Vendor!
How Not to Be Conned by Your Drupal Vendor!How Not to Be Conned by Your Drupal Vendor!
How Not to Be Conned by Your Drupal Vendor!
 
Acquia Insight – the Ultimate Drupal Management Suite
Acquia Insight – the Ultimate Drupal Management SuiteAcquia Insight – the Ultimate Drupal Management Suite
Acquia Insight – the Ultimate Drupal Management Suite
 
Creating a Documentation Portal
Creating a Documentation PortalCreating a Documentation Portal
Creating a Documentation Portal
 
Intro to SharePoint 2010 development for .NET developers
Intro to SharePoint 2010 development for .NET developersIntro to SharePoint 2010 development for .NET developers
Intro to SharePoint 2010 development for .NET developers
 
Wp 3hr-course
Wp 3hr-courseWp 3hr-course
Wp 3hr-course
 
Drupal at the EBI
Drupal at the EBIDrupal at the EBI
Drupal at the EBI
 
Acquia Insight Sneak Peek: Analyze, Manage, and Tune Your Drupal Site like Ne...
Acquia Insight Sneak Peek: Analyze, Manage, and Tune Your Drupal Site like Ne...Acquia Insight Sneak Peek: Analyze, Manage, and Tune Your Drupal Site like Ne...
Acquia Insight Sneak Peek: Analyze, Manage, and Tune Your Drupal Site like Ne...
 
DIGIT Noe 2016 - Overview of front end development today
DIGIT Noe 2016 - Overview of front end development todayDIGIT Noe 2016 - Overview of front end development today
DIGIT Noe 2016 - Overview of front end development today
 
Jumpstart Your Web App
Jumpstart Your Web AppJumpstart Your Web App
Jumpstart Your Web App
 
Zero to Sixty with Oracle ApEx
Zero to Sixty with Oracle ApExZero to Sixty with Oracle ApEx
Zero to Sixty with Oracle ApEx
 
Android lessons you won't learn in school
Android lessons you won't learn in schoolAndroid lessons you won't learn in school
Android lessons you won't learn in school
 
Understanding Content Management Services
Understanding Content Management ServicesUnderstanding Content Management Services
Understanding Content Management Services
 
Week01 jan19 introductionto_php
Week01 jan19 introductionto_phpWeek01 jan19 introductionto_php
Week01 jan19 introductionto_php
 
Week01 jan19 introductionto_php
Week01 jan19 introductionto_phpWeek01 jan19 introductionto_php
Week01 jan19 introductionto_php
 
On Again; Off Again - Benjamin Young - ebookcraft 2017
On Again; Off Again - Benjamin Young - ebookcraft 2017On Again; Off Again - Benjamin Young - ebookcraft 2017
On Again; Off Again - Benjamin Young - ebookcraft 2017
 
eMusic: WordPress in the Enterprise
eMusic: WordPress in the EnterpriseeMusic: WordPress in the Enterprise
eMusic: WordPress in the Enterprise
 
Why ruby and rails
Why ruby and railsWhy ruby and rails
Why ruby and rails
 
Going from Zero to Sixty in Drupal with Acquia
Going from Zero to Sixty in Drupal with AcquiaGoing from Zero to Sixty in Drupal with Acquia
Going from Zero to Sixty in Drupal with Acquia
 
Prototyping like it is 2022
Prototyping like it is 2022 Prototyping like it is 2022
Prototyping like it is 2022
 
Single Page Applications - Desert Code Camp 2012
Single Page Applications - Desert Code Camp 2012Single Page Applications - Desert Code Camp 2012
Single Page Applications - Desert Code Camp 2012
 

More from hernanibf

Drupal Europe 2018: Hackers automate but the drupal community still downloads...
Drupal Europe 2018: Hackers automate but the drupal community still downloads...Drupal Europe 2018: Hackers automate but the drupal community still downloads...
Drupal Europe 2018: Hackers automate but the drupal community still downloads...hernanibf
 
Aiming for automatic updates - Drupal Dev Days Lisbon 2018
Aiming for automatic updates - Drupal Dev Days Lisbon 2018Aiming for automatic updates - Drupal Dev Days Lisbon 2018
Aiming for automatic updates - Drupal Dev Days Lisbon 2018hernanibf
 
Fix me if you can - DrupalCon prague
Fix me if you can - DrupalCon pragueFix me if you can - DrupalCon prague
Fix me if you can - DrupalCon praguehernanibf
 
Drupal Performance - SerBenfiquista.com Case Study
Drupal Performance - SerBenfiquista.com Case StudyDrupal Performance - SerBenfiquista.com Case Study
Drupal Performance - SerBenfiquista.com Case Studyhernanibf
 
Drupal + selenium
Drupal + seleniumDrupal + selenium
Drupal + seleniumhernanibf
 
Drupal Recipe
Drupal RecipeDrupal Recipe
Drupal Recipehernanibf
 

More from hernanibf (6)

Drupal Europe 2018: Hackers automate but the drupal community still downloads...
Drupal Europe 2018: Hackers automate but the drupal community still downloads...Drupal Europe 2018: Hackers automate but the drupal community still downloads...
Drupal Europe 2018: Hackers automate but the drupal community still downloads...
 
Aiming for automatic updates - Drupal Dev Days Lisbon 2018
Aiming for automatic updates - Drupal Dev Days Lisbon 2018Aiming for automatic updates - Drupal Dev Days Lisbon 2018
Aiming for automatic updates - Drupal Dev Days Lisbon 2018
 
Fix me if you can - DrupalCon prague
Fix me if you can - DrupalCon pragueFix me if you can - DrupalCon prague
Fix me if you can - DrupalCon prague
 
Drupal Performance - SerBenfiquista.com Case Study
Drupal Performance - SerBenfiquista.com Case StudyDrupal Performance - SerBenfiquista.com Case Study
Drupal Performance - SerBenfiquista.com Case Study
 
Drupal + selenium
Drupal + seleniumDrupal + selenium
Drupal + selenium
 
Drupal Recipe
Drupal RecipeDrupal Recipe
Drupal Recipe
 

Recently uploaded

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 

Recently uploaded (20)

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 

Oxford DrupalCamp 2012 - The things we found in your website

  • 1. The  things  we  found  in  your  website   Hernâni  Borges  de  Freitas   Technical  Consultant   hernani@acquia.com   @hernanibf   Oxford,  23rd  June,  2012  
  • 2. About  us   •  Expert Drupal Support •  Optimized Drupal hosting •  Dev Cloud •  Managed Cloud •  Foster Drupal adoption •  Commons •  Drupalgardens.com •  Dev Desktop The  things  we  found  in  your  website!  
  • 3. About  me   •  .pt  /  Oxford   •  Acquia  Professional  Services   EMEA   •  Technical  Consultant   •  Drupal*  many  things   •  Passionate  about  web  and   communities   •  Travel  lover   The  things  we  found  in  your  website!  
  • 4. @2011   The  things  we  found  in  your  website!  
  • 5. What  my  team  does   •  Drupal  Jumpstarts   •  Architecture  Workshop   •  Discovery  workshops   •  Site  Audit   •  Performance  Audit   •  Security  Audit   •  On-­‐site  Consulting   The  things  we  found  in  your  website!  
  • 6. Site  Audit   •  During  limited  time  we  look  to  your   website  assuring  it  is  following  best   practices  and  don’t  present  risks:   •  Architecture   •  Security   •  Performance   •  Infrastructure   •  Maintenance  headaches   The  things  we  found  in  your  website!  
  • 7. Balance   •  Understand  the  project  history  /  constraints   •  Be  clear  that  there  is  no  single  right  way  of   solving  problems.   •  Everyone  do  mistakes.  And  should  learn  from   them!   •  Long  term  solutions  make  everyone  happier  than   short  term  patchwork.   •  The  best  tool:  the  one  you  know  how  to  use.   The  things  we  found  in  your  website!  
  • 8. Content architecture “Editors don’t understand what to create. ” “The page content type article is similar to news. We just used it during some months to create special news in homepage.” “We needed to change this template because we wanted to show everything in that location and we use school_location and teacher_city.” The  things  we  found  in  your  website!  
  • 9. Content  architecture   Symptoms   •  Similar  content  types   •  Fields  not  reused   •  Content  types  with  almost  no  nodes   Chasing it Take a look at field report page. Content type structure. Simple database queries Select count(*), type from node group by type The  things  we  found  in  your  website!  
  • 10. Display architecture “Views_london, views_paris, views_porto shows jobs available in these cities” “The scores block in the sports section ? Some PHP code is controlling its visibility in block configuration..” “We need those node_load() in preprocess_page because we need to show those nodes in homepage.” The  things  we  found  in  your  website!  
  • 11. Site  architecture   Chasing  it   •  Understand  how  pages  are  build.   •  Look  at  views  and  how  reusable  they  are.   •  How  much  custom  templates  do  you  have?   •  How  much  logic  do  you  have  in  templates.   •  How  easy  is  to  switch  theme  (mobile,   special  occasions?)     •  How  long  does  it  take  to  produce  a   totally  new  design  in  your  site?   The  things  we  found  in  your  website!  
  • 12. Site  architecture   Symptoms   •  Modules  installed   •  Number  of  modules  that  are  not  useful  at  all.   •  Hacked  core  and  modules   •  “There  is  a  module  for  that”  –  does  not   mean  you  need  to  use  it!   •  Modules  used  for  things  they  were  not   designed  to  do.   •  PHP  Code  in  database   The  things  we  found  in  your  website!  
  • 13. Reinventing the wheel “This is a custom module we designed to create forms on the fly that can be sent by email to site admins!” “ That custom module adds small hidden tokens to control SPAM in our website.” The  things  we  found  in  your  website!  
  • 14. Extra complexity “We thought we needed content translation but in the end our website is just in english.” “Right now we only have one type of users, but in the future we might need to have more roles, so we already have content_access.” “ Authcache module is used to speed up pages for our 20 journalists.” The  things  we  found  in  your  website!  
  • 15. Site  architecture   Chasing  it   •  Use  hacked!  module  ( http://drupal.org/project/hacked)  to   compare  code  versions  used.   •  Balance  custom  code  /  contributed  code   or  reusable  ways  of  solving  problems.   •  Couldn’t  that  query  be  a  view  ?   •  Couldn’t  context  or  panels  creating  that  page?   •  Couldn’t  that  custom  action  be  controlled  by  a   rule?   The  things  we  found  in  your  website!  
  • 16. Custom  modules   Symptoms   •  Not  following  coding  standards   •  Can  be  a  warning  for  what  is  coming…   •  Not  using  the  right  hooks   •  Excessive  usage  of  hook_init,  hook_nodeapi   •  Not  using  the  API   •  Reinventing  something  that  Drupal  is  already  doing   well   •  Hardcoded  strings  (nids,  tids,  vids,  urls).   •  All  code  in  .module  file   The  things  we  found  in  your  website!  
  • 17. Security “ That webservice path is impossible to find, it does not need authentication. Only the mobile app uses it.” “ You would need to be a administrator to access that page.” “ We are the only ones we can access the server, therefore we are just too worried about it.” The  things  we  found  in  your  website!  
  • 18. Security   Basic  problems   •  Not  updated  core  and  contributed  modules.   •  Bad  configuration   •  Users  have  permissions  to  do  things  they  shouldn’t   •  Admins  have  easy  passwords  (similar  to   usernames,  hacked  email  accounts..)   •  File  upload  is  not  checked   •  Code  repository  contain  extra  gifts   •  Database  dumps,  files  with  information  that  should  no  be   there  ..   The  things  we  found  in  your  website!  
  • 19. Security   SQL  Injection   •  db_query(“select  from  table  where  id=$_GET[‘id’]”);   •  Example.com/index.php?id=1;drop  database  yoursite;-­‐-­‐     XSS  –  Cross  site  scripting   •  <?php  echo  “Your  number  is  “.  $_GET[‘id’];  ?>   •  Index.php?id=<script>alert(“UAAAT??”);</script>   CSRF  –  Cross  site  request  forgery    $items[‘admin/cookies/%/delete’]  =  array(    'access  callback'  =>  'user_access',    'access  arguments'  =>  array('access  cookies'),    'page  callback'  =>  'cookie_delete'      );   The  things  we  found  in  your  website!  
  • 20. Security   CSRF  –  Cross  site  request  forgery   •  HTML  Email   •  <img src=‘http://example.com/admin/cookies/10/delete’ /> •  HTTP Post to forms •  You  expect  the  request  to  come  from  your  site  but  it  can   come  from  anywhere   •  Drupal  protects  against  both  attacks  using  tokens  and  Form   API   The  things  we  found  in  your  website!  
  • 21. Performance   What  is  your  website  doing   •  How  long  do  most  pages  take  to  load   (common  lists,  node  pages,  homepage?)   •  Why  do  they  take  so  long?  DB  queries,   application  requests?   •  What  about  edge  cases?  Clear  cache  for   instance?   •  What  is  your  caching  strategy?   •  What  are  your  logs  telling  you?   The  things  we  found  in  your  website!  
  • 22. Performance   •  How  long  do  most  pages  take  to  load  ?   •  Devel  query  log  can  show  immediately  some  problems   •  XhProf  can  do  the  rest   •  NewRelic  (newrelic.com)  is  pure  gold!   •  Why  is  CPU  and  memory  wasted?   •  Typically   •  Complex  queries  that  take  too  much  time   •  Function  called  too  much  times   •  Edge  cases  that  are  happening  all  the  time   The  things  we  found  in  your  website!  
  • 23. Performance   Why  is  the  database  so  slow?  Why  is  only  slow  now?   •  Databases  not  optimized  to  grow   •  Complex  queries  made  by  without  indexes  usage   •  Complex  queries  made  automatically   SELECT node.nid AS nid, users.picture AS users_picture, users.uid AS users_uid, users.name AS users_name, users.mail AS users_mail, node.title AS node_title, GREATEST(node.changed, node_comment_statistics.last_comment_timestamp) AS node_comment_statistics_last_updated FROM node node INNER JOIN users users ON node.uid = users.uid INNER JOIN node_comment_statistics node_comment_statistics ON node.nid = node_comment_statistics.nid ORDER BY node_comment_statistics_last_updated DESC The  things  we  found  in  your  website!  
  • 24. Performance   Is  using  InnoDb  always  better?   SELECT COUNT(*) FROM (SELECT DISTINCT node.nid AS nid FROM node node LEFT JOIN og_ancestry og_ancestry ON node.nid = og_ancestry.nid INNER JOIN users users ON node.uid = users.uid INNER JOIN node_comment_statistics node_comment_statistics ON node.nid = node_comment_statistics.nid WHERE og_ancestry.group_nid = 5 ) count_alias •  Use  views  lite  pager   The  things  we  found  in  your  website!  
  • 25. Performance   Can  it  be  cached?   •  Assure  caching  and  aggregation  are  set.  Yes,  look  at  it!   •  Review  caching  strategy:     •  https://www.acquia.com/blog/when-­‐and-­‐how-­‐caching-­‐can-­‐ save-­‐your-­‐site-­‐part-­‐2-­‐authenticated-­‐users   •  Guarantee  caching  is  effectively  helping  you.   •  Don’t  clear  it  too  often.   •  Not  used  only  by  a  minority.   The  things  we  found  in  your  website!  
  • 26. Infrastructure   This  is  where  your  website  ends..   •  What  is  the  right  size?  How  do  you  grow?   •  Are  the  different  servers  well  tuned  ?   •  Apache  /  PHP   •  Mysql     •  Varnish   •  What  are  your  logs  telling  you?   The  things  we  found  in  your  website!  
  • 27. Infrastructure   “Our DB Server has 48Gb of memory. Enough to handle all requests!”   •  My.cnf   •  Innodb_buffer_pool  =  1024M   •  Adjust  limits  according  to  your  resources.   •  http://mysqltuner.pl   •  Your  slowest  bottleneck  represents  your  overall   bottleneck.   The  things  we  found  in  your  website!  
  • 28. Infrastructure   “We don’t need that many web servers. As varnish is set in front and working as a reverse proxy, most of the traffic will be cached.”   The  things  we  found  in  your  website!  
  • 29. Infrastructure   “Our external firewall controls all sort of attacks. We don’t use any specific firewall in the servers.”   •  50/70%  of  attacks  are  internal.  Remote  connections  with  DB,   Memcached,  Solr  should  be  forbidden.   •  Hard  to  remember  about  details  on  fast  moving  environments.   The  things  we  found  in  your  website!  
  • 30. Maintenance   This  is  going  to  be  must  of  the  work!   •  What  is  your  deployment  architecture?   •  How  hard  is  it  too  change?   •  How  do  you  test  changes?   •  How  relaxed  do  you  leave  your  desk?   The  things  we  found  in  your  website!  
  • 31. Deployment “We just copy the code directly to the server by FTP.” “Any developer can just take a snapshot from production and install on their laptop.” “Don’t touch that module. We just did some changes from what it was originally.” The  things  we  found  in  your  website!  
  • 32. Maintenance   Control  your  code!   •  All  piece  of  code  should  be  under  VCS.   •  Git,  Mercury,  Bazaar,  SVN,  CVS   •  Copying  to  backup  folders  is  not  VCS.   •  Yes,  those  log  messages  serve  for  something…   •  No,  your  holidays  pictures  should  not  be  under  VCS.   •  No,  your  database  dumps  shouldn’t  also  be  there.   The  things  we  found  in  your  website!  
  • 33. Maintenance “We can only test that in production.” “Yes we have a staging environment. But its data is from last summer.” “Sometimes problems occur when we upgrade. But we have always a backup.” The  things  we  found  in  your  website!  
  • 34. Maintenance   Do  once,  prepare  many!   •  Several  environments  should  exist   •  Development,  Staging  and  Production.   •  Should  be  possible  to  deploy  from  VCS  to  them!   •  Environments  should  be  up  to  date  and  accessible     •  Environments  should  be  as  possible  similar  to  real   life   •  Environments  should  be  easy  to  destroy  and   replicate   The  things  we  found  in  your  website!  
  • 35. Maintenance   This  is  going  to  be  most  of  the  work!   •  Be prepared for changes •  You don’t control them most of times! •  Review periodically website architecture •  What you need today is not similar when you built it   •  Pay  attention  to  security  updates   •  Review  your  logs  periodically   The  things  we  found  in  your  website!  
  • 36. Free  site  audit  ?   The  things  we  found  in  your  website!  
  • 37. So,  before  your  questions.   I  do  have  a  question.   Would  you  like  to  join  Acquia?   We are hiring EVERYWHERE! •  Consultants •  Support •  Sales •  Engineering