How to audit Drupal Sites

2016.08.13 | DrupalCamp Colorado 2016

about.me/jonpeck | @fourkitchens

Jon Peck

Software Architect at Four Kitchens

github.com/fluxsauce - drupal.org/u/fluxsauce

What is an audit?

  • Official inspection of accounts
  • Validate the good things
  • Highlight areas of improvement

Why audit sites?

  • Learn about contents and structure
  • Ensure optimal configuration
  • Discover areas of improvement

Every site is unique, but...

  • Built with the same framework
  • Similar architectural requirements
  • One size fits most

Effective auditing

  • Consistent
  • Quantifiable
  • Contextually aware
  • Easy to understand
  • Actionable recommendations

Auditing Tools

Yup, it's wood.

Site Audit

What does Site Audit report?

  • Best Practices
  • Block
  • Cache
  • Codebase
  • Content
  • Cron
  • Database
  • Extensions
  • Front End
  • Security
  • System Status
  • Users
  • Views
  • Watchdog

What doesn't Site Audit analyze?

  • Usability and site experience
  • Aesthetics
  • Semantic content

Read the Full Manual

drush help --filter=site_audit

Audit Cache

drush audit_cache

Show detailed results

drush ac --detail

JSON output

drush audit_cron --json

HTML output

drush audit_best_practices --html --detail

Audit All

drush aa --skip=insights --html --bootstrap

Extending Site Audit

Share your Checks and Reports!

Site Audit Drupal Console Support!

8.x-3.x-dev - work in progress...

Tools with Site Audit support

Unused Modules

Security Review

Hacked!

Sensitive Data

Cache Audit

PHP_CodeSniffer / Coder

PAReview.sh

PHP Tools

Git Tools

JavaScript Tools

Hosted Utilities

WebPageTest.org

Google PageSpeed Insights

WAVE Web Accessibility Tool

  • wave.webaim.org
  • Analyzes web pages for accessibility
  • Actionable recommendations on how to fix problems

Qualys SSL Server Test

Delivering an audit

Report Structure

  • Overview of scope, requirements
  • Actionable recommendations
  • Appendix
    • How to install and use tools
    • Raw results

GitBook for publishing reports

  • github.com/GitbookIO/gitbook
  • Book format and toolchain using Git and Markdown
  • Command-line, uses Node.JS
  • Outputs HTML, PDF, ebooks, and more
  • Incredibly useful for large structured reports

Editing GitBook structure

GitBook HTML Format

Site Audit co-maintainer wanted.

Interested? Submit an issue.

Good configuration matters.

Thank you! Feedback: goo.gl/8cg3Cn