Common problems detected during a Drupal site audit

Dec 01, 2017
Common problems detected during a Drupal site audit

A site audit is a great opportunity to get a fresh pair of eyes on a website. The goals of audits are different. Your Drupal website may be suffering from slow page loading, a white screen or even hacking. Audits are also highly recommended before upgrading or just to make sure your website is up to date. Depending on your goals, the things to check on the website differ considerably: it can be a security audit, a performance audit or a SEO one. With a proper audit, you can evaluate what’s good about your website, where it needs improvement, catch many holes early and fix them. At Drudesk, we have worked on many Drupal projects and uncovered many mistakes that hampered performance. In this post, we’ll highlight some of the most common problems we find.

Common Drupal websites’ issues

Drupal core

Drupal does not stand still — it is constantly evolving. Each update of the Drupal core carries new opportunities. However, not all website owners enjoy this advantage and still use older versions. Among them there are web resources on Drupal 6, which is no longer officially supported. So, upgrading your website to the newest version is the only smart solution. Remember that ignoring updates makes your site easy to attack for hackers.

Custom code quality

It is necessary to create custom modules if you want to add some specific features to your website. When written inefficiently and without using the correct Drupal standards, they can cost you a lot. Security vulnerabilities may include cross-site scripting (XSS), malicious PHP/ASP code and its injections, remote file inclusion, file disclosure, directory traversal, and many more serious threats. There is also a threat of a SQL injection when a hacker tries to use an application code to access your database content. Then they can create, read, update, alter, or delete data stored in the database. That is why it’s important to entrust only experienced developers with that task. The top priority during our website audit process is to identify and address such problems.

Unused modules

Sometimes we identify a huge amount of unused modules on Drupal websites. Although at first glance having a hundred modules seems to be normal and not necessarily a security risk, it is. Not all of them are good. There are actually some that may slow down your website’s performance and are more likely to contain bugs or security issues. They present a potentially high risk from the perspective of the long-term maintenance. A website audit can help you determine whether you need them in use. These unused modules can be safely deleted by specialists.

Unused themes

You may say that themes don’t introduce a serious threat themselves. There are other holes that are much riskier for your Drupal website. However, in this regard there is a similar situation as in the previous paragraph with unused modules. The number of installed themes can reach into the dozens. If you are not managing Security Advisories within the given timeframe, you are risking security issues. So, be selective when choosing the right theme sets that are suitable for you and your business.

JS/CSS Aggregation

Turning off CSS and JS aggregation is another common mistake we often find during the website audit process. The aim of aggregation is combining and compressing JavaScript and CSS files to reduce the number of HTTP requests necessary to render the page content. When configured properly, these settings will significantly increase the page load speed and overall site performance.

Of course, we faced a number of other various issues as follows: no performance optimizing and caching modules installed on the website, Drupal core caching disabled, unused content types/roles, outdated contrib modules, and more. You’ve probably learned that a proper analysis helps “to lift a veil” from a web resource. As an owner, you should also consider a website audit to prevent problems in the future. Identifying and remedying the above issues will considerably improve your website’s performance. Contact us to get a professional site audit and save your time and money!

 Get new blog posts by email