Drupal Site Audit and Evaluation
Get your Drupal website or platform reviewed by our team of experts.
What areas does a Drupal Site Audit and Evaluation cover?
Drupal Audits tailored to your site
No two audits that we complete are the same, as no two Drupal sites are the same. Within the time that we allocate to complete an audit (based on size and complexity of your Drupal site), we try to focus our attention on the areas where we know our recommendations can have the biggest impact. We usually know this after spending a quick 10 minutes reviewing at a high-level each of the following areas, before commencing in to a deeper dive on potential problematic areas:
- Custom Modules
- Theme, Front-end (inc. Accessibility)
- Drupal Configuration Settings
- Code quality, and adherence to Drupal Coding Standards
- Server Configuration
- Architecture analysis
- Users / Permissions
- Technical on-site SEO
Tools that we use to help us carry out the Audit
Performing a Drupal site audit is a much more efficient process these days than it was in the past. Many of the checks that previously had to be carried out manually have now been scripted and automated. There are four important Drupal modules that we generally call upon during an audit that collectively save a lot of manual leg work, and enable someone who knows what they are doing to spend additional time on the manual review steps:
- Site Audit - A useful command line tool that pulls out the vast majority of areas of interest when performing an audit. The full report that it produces saves a great deal of time over manually reviewing the screens via the Drupal admin UI.
- Security Review - Performs a series of automated checks across the codebase, database and server that the site sits on.
- Hacked - Perhaps the most useful of the four tools here; this module scans the codebase including Drupal core, any contributed modules and themes that are used, and tells you if they are been modified in any way. It does this by downloading the original versions from drupal.org and comparing the local version, with the official version.
- Coder - Another command line tool that scans through the custom modules on a site, and provides a report on conformance to Drupal coding standards. This gives a good indication of the underlying code quality on site.
In addition to these Drupal based modules, there are several other tools that exist outside of the Drupal-sphere that can provide us with a great deal of insight into how your Drupal site has been constructed, and highlight any potential issues:
- SonarQube - A powerful static analysis tool that we have scripts to report against Drupal websites.
- Zed Attack Proxy - One of the Open Source penetration testing tools which we use for validating the security of a website.
Who completes the audit within the Zoocha team?
To complete an audit, specific skill-sets of various senior team members are brought together to perform the audit:
- Senior Drupal Developer (Acquia Triple Certified): Drupal configuration, architecture, security, code quality and custom module review.
- Senior Drupal Themer / Senior Front-end Developer (certified Acquia Front-end Specialist): Review of theming layer, including Accessibility review
- Senior System Administrator: Feedback on performance, server configuration and security.
Once feedback and analysis has been gathered from our specialists in each area, the Zoocha Technical Director will review the audit before securely sharing it with you.
Every audit that is undertaken will be led by an Acquia Triple Certified Developer who will also present the findings back to you and your team.
What is the process for an audit?
After commissioning Zoocha to complete a Drupal site audit / evaluation, you can expect the following:
- Zoocha to sign any required NDA, data confidentiality or information security agreement in order to legally protect your assets
- Zoocha will request a
drush archive-dumpof your site (or a full copy of your site by another means) and provide a suitable highly secure location for you to provide your site to us
- Zoocha set up the site on a private, secure internal server
- Zoocha review all the high-level technical aspects of the site, so that it is understood where best to focus efforts to give most value
- Zoocha will agree priorities and objectives for the audit with the customer
- Depending on how much time has been allocated for the audit, Zoocha specialists will then dig into, and highlight any problem areas and offer recommendations / solutions / mitigations for each problem identified
- The Zoocha Technical Director will then review the audit before passing it on to the client and presenting the findings back
What versions of Drupal can you audit?
Zoocha are able to perform audits against all versions of Drupal.
Drupal Audit Output
You can expect a detailed report, with a prioritised list of recommendations that span all areas of your site. We also include estimates of how long any remedial work, and implementation of our recommendations would take to action for a Drupal Developer to carry out. The report will also be presented back to your team.
If you would like an audit and evaluation of your existing Drupal site, then please give us a call on 01992 256700 or complete our Contact Us form.