What we do

Drupal Site Audit and Evaluation

What areas does a Drupal Site Audit and Evaluation cover?

No two audits that we complete are the same, as no two Drupal sites are the same. Within the time that we allocate to complete an audit (based on size and complexity of your Drupal site), we try to focus our attention on the areas where we know our recommendations can have the biggest impact. We usually know this after spending a quick 10 minutes reviewing at a high-level each of the following areas, before commencing in to a deeper dive on potential problematic areas:

  • Performance
  • Security
  • Custom Modules
  • Theme
  • Drupal Configuration Settings
  • Code quality, and adherence to Drupal Coding Standards
  • Server Configuration
  • Architecture analysis
  • Users / Permissions
  • Technical on-site SEO

Tools that we use to help us carry out the Audit

Performing a Drupal site audit is a much more efficient process these days than it was in the past. Many of the checks that previously had to be carried out manually have now been scripted and automated. There are four important Drupal modules that we generally call upon during an audit that collectively save a lot of manual leg work, and enable someone who knows what they are doing to complete an audit quickly:

  • Site Audit - A useful command line tool that pulls out the vast majority of areas of interest when performing an audit. The full report that it produces saves a great deal of time over manually clicking through the screens on the Drupal admin UI.
  • Security Review - Performs a series of automated checks across the codebase, database and server that the site sits on.
  • Hacked - Perhaps the most useful of the four tools here; this module scans the codebase including Drupal core, any contributed modules and themes that are used, and tells you if they are been modified in any way. It does this by downloading the original versions from drupal.org and comparing the local version, with the official version.
  • Coder - Another command line tool that scans through the custom modules on a site, and provides a report on conformance to Drupal coding standards. This gives a good indication of the underlying code quality on site.

In addition to these Drupal based modules, there are several other tools that exist outside of the Drupal-sphere that can provide us with a great deal of insight into how your Drupal site has been constructed, and highlight any potential issues:

  • SonarQube - A powerful static analysis tool that we have scripts to report against Drupal websites.
  • Zed Attack Proxy - One of the Open Source penetration testing tools which we use for validating the security of a website.

If you would like an audit and evaluation of your existing Drupal site, then please give us a call on 01992 256700 or complete our Contact Us form.

Who completes the audit within the Zoocha team?

We generally tap into the specific skill-sets of various team members to complete audit:

  • Drupal Developer: Drupal configuration, architecture, code quality and custom module review.
  • Drupal Themer / Front-end Developer: Review of theming layer.
  • System Administrator: Feedback on performance, server configuration and security.

Once feedback has been gathered from our specialists in each area, the Zoocha Technical Director will review the audit before returning it.

The Drupal developers who undertake the audit will be Acquia certified "Grand Masters".

What is the process for an audit?

After commissioning Zoocha to complete a Drupal site audit / evaluation, you can expect the following:

  1. Zoocha will request a drush archive-dump of your site, or a full copy of your site by another means.
  2. Zoocha set up the site on a private, secure internal server.
  3. Zoocha quickly review all the high-level technical aspects of the site, so that we know where the to focus our efforts to give most value.
  4. Depending on how much time has been allocated for the audit, Zoocha specialists will then dig in to, and highlight any problem areas and offer recommendations / solutions / mitigations for each problem identified.
  5. The Zoocha technical director will then review the audit before passing it on to the client.

Drupal Audit Output

You can expect a detailed report, with a prioritised list of recommendations that span all areas of your site. We also include estimates of how long any remedial work, and implementation of our recommendations would take to action for a Drupal Developer to carry out.