Common problems detected during a Drupal site audit
A site audit is a great opportunity to get a fresh pair of eyes on a website. The goals of audits are different. Your Drupal website may be suffering from slow page loading, a white screen or even hacking. Audits are also highly recommended before upgrading or just to make sure your website is up to date. Depending on your goals, the things to check on the website differ considerably: it can be a security audit, a performance audit or a SEO one. With a proper audit, you can evaluate what’s good about your website, where it needs improvement, catch many holes early and fix them. At Drudesk, we have worked on many Drupal projects and uncovered many mistakes that hampered performance. In this post, we’ll highlight some of the most common problems we find.
Common Drupal websites’ issues
Drupal does not stand still — it is constantly evolving. Each update of the Drupal core carries new opportunities. However, not all website owners enjoy this advantage and still use older versions. Among them there are web resources on Drupal 6, which is no longer officially supported. So, upgrading your website to the newest version is the only smart solution. Remember that ignoring updates makes your site easy to attack for hackers.
Custom code quality
It is necessary to create custom modules if you want to add some specific features to your website. When written inefficiently and without using the correct Drupal standards, they can cost you a lot. Security vulnerabilities may include cross-site scripting (XSS), malicious PHP/ASP code and its injections, remote file inclusion, file disclosure, directory traversal, and many more serious threats. There is also a threat of a SQL injection when a hacker tries to use an application code to access your database content. Then they can create, read, update, alter, or delete data stored in the database. That is why it’s important to entrust only experienced developers with that task. The top priority during our website audit process is to identify and address such problems.
Sometimes we identify a huge amount of unused modules on Drupal websites. Although at first glance having a hundred modules seems to be normal and not necessarily a security risk, it is. Not all of them are good. There are actually some that may slow down your website’s performance and are more likely to contain bugs or security issues. They present a potentially high risk from the perspective of the long-term maintenance. A website audit can help you determine whether you need them in use. These unused modules can be safely deleted by specialists.
You may say that themes don’t introduce a serious threat themselves. There are other holes that are much riskier for your Drupal website. However, in this regard there is a similar situation as in the previous paragraph with unused modules. The number of installed themes can reach into the dozens. If you are not managing Security Advisories within the given timeframe, you are risking security issues. So, be selective when choosing the right theme sets that are suitable for you and your business.
Of course, we faced a number of other various issues as follows: no performance optimizing and caching modules installed on the website, Drupal core caching disabled, unused content types/roles, outdated contrib modules, and more. You’ve probably learned that a proper analysis helps “to lift a veil” from a web resource. As an owner, you should also consider a website audit to prevent problems in the future. Identifying and remedying the above issues will considerably improve your website’s performance. Contact us to get a professional site audit and save your time and money!