Drupal Web site cutover checklist

Drupal Web site cutover checklist

I wrote up a doc detailing Drupal related stuff that needs to be done to launch a Drupal site. Here is the info for discussion and anyone who finds this useful.

Security

  • Set file permissions
    • Verify /sites/default/settings.php permissions set to 644
    • Verify /sites/default/files permissions set to 770
    • Verify /sites/default/modules permissions set to 770
    • Verify index.php set to 644
    • See http://drupal.org/node/244924 for more on file permissions security
  • Go to admin/settings/error-reporting and set Error reporting to “Write errors to the log” instead of “Write errors to the log and screen”
  • Check for core and contrib module updates at /admin/reports/updates
    • Download and apply updates for core and any module where security update required
  • Change passwords
    • Change user 1 (superuser) password and FTP password
    • Ensure that user 1, FTP and database passwords are strong (nothing vulnerable to a dictionary attack)
  • Verify non-trusted users do not have access to full HTML and PHP filters

Domain Change

  • Re-key domain specific services for the new/appropriate domain. (i.e. Google Maps API key, Mollom key, etc)

E-mail

  • Set same-domain email for non-local delivery if needed

Note: If your site is on the domain www.mydomain.com and email is hosted on another domain this will apply to you. You will not be able to send mail from the Web site to accounts on the mydomain.com domain. This occurs most frequently when domains use an Exchange service for email.

E-Commerce

  • Set payments to production gateway at admin/store/settings/payment/edit/gateways and admin/store/settings/payment/edit/methods
  • Set shipping settings to production at admin/store/settings/quotes/methods
    • Some shipping modules won’t need this. Others, like FedEx and UPS, will.
  • Ensure SSL works on the server (visit https://www.mysite.com)
  • Enable secure pages module and set appropriate HTTPS-only pages at admin/build/securepages
    • cart and cart/* should be sufficient paths for most ecomm sites

Basic Performance

  • Disable unused modules in admin/build/modules/list
  • On admin/settings/performance
    • Enable Page Compression
    • Optimize CSS files
    • Optimize JavaScript files
    • Clear cached data

Permission

  • QA user settings at admin/user/settings
    • Set appropriate account creation rules. Allow only site administrators to create accounts for intranets and brochureware sites.
  • QA permissions table at admin/user/permissions
    • Ensure appropriate CRUD rules for each content type and role
    • Ensure admin-like permissions only for admin roles
      • Admin only modules like Backup and Migrate
      • PHP use
      • Module administration

Clean Up

  • Set appropriate site-wide e-mail at admin/settings/site-information
  • Verify that all test orders and lorem ipsum content has been removed
  • Go to the status report page at admin/reports/status and follow steps to make it stop complaining
  • Configure site backup
    • For low traffic sites use backup and migrate module.
      • Schedule backup and migrate at dmin/content/backup_migrate/schedule
      • Weekly backup with 4 copies is generally sufficient
    • For high traffic community sites a custom backup solution is required
  • Set up cron
  • Redirect all users to www. Uncomment and follow instructions in line 90 or so of .htaccess

Version Control

  • Commit and tag release

Related Posts

Essential Checklist for a Successful Inbound Marketing Blog, Part 1

Tonya Cauduro
Read more

Essential Checklist for a Successful Inbound Marketing Blog, Part 2

Tonya Cauduro
Read more

Essential Checklist for a Successful Inbound Marketing Blog, Part 3

Tonya Cauduro
Read more

Socialize Your Drupal Site in 5 Easy Steps

Tom McCracken
Read more

Synchronize one drupal site with another using Drush

Dustin Currie
Read more

Content Migration From One Drupal 7 Site to Another

Ahmad Kharbat
Read more