One of the most important, yet often overlooked, aspects of running a Drupal site is regular site maintenance. Just like a car, your sharp new Drupal site is a well-oiled machine. To keep it in tip-top shape, though, you'll want to make sure you have it maintained properly too. The biggest part of Drupal maintenance involves keeping the code that runs your site up to date. Why should you do this?

1. Security

A Drupal site's code can consist of any or all of the following:
  • Drupal core application
  • Community contributed modules, providing features not found in core
  • Base themes
  • Libraries
  • Custom modules and themes.
Any of these can have bugs in them that may compromise the security of your site. Bugs, especially security holes, are just a fact of life when it comes to software. The good thing is that the Drupal community has developed a pretty solid process when it comes to dealing with security issues in its code. There's a security team that evaluates issues that have been reported and takes the lead on getting them fixed quickly and comprehensively before rolling out the fixes and alerting the community. The administrative section of your Drupal site (admin/reports/updates) will show you not only a list of modules needing updates, but also the ones that have important security updates waiting.



Drupal Security Update Report


2. Performance

Nothing's perfect, and that includes software. Just as the Drupal community is keeping an eye out for security vulnerabilities in its code, it is also watching for problems that can cause performance issues, such as pages that are slow to load. While there could be multiple causes for performance problems, there could be bugs in the code that are causing this. Again, you're in good hands with the Drupal community, because many other people are using the same code every day. They are always testing it and discovering issues. Chances are, if the problem you're experiencing is in Drupal-related code, it's already been reported and fixed.


3. Broken Features

One of the strengths of Drupal is its ability to integrate with external services such as Twitter, Google Analytics, Facebook, Salesforce, and TranslateThis. If there's a service out there, there is probably a contributed module that lets Drupal work with it. However, for that to happen there needs to be a way for Drupal and the service to communicate, often using an API (Application Programming Interface). Sometimes changes are made in how those services need to be accessed, and such changes can break the clients that are using them. The API may even be depreciated in some instances. If you find that certain features on your site have suddenly "stopped working," it could be that an upgrade of the module(s) providing those features is in order. Sometimes the underlying software running on your server gets updated, and the new version diminishes function calls that were being used in your Drupal application. Upgrading Drupal core or contributed modules can address this. Your site may also have custom code that uses those calls, and will also need to be examined and modified.

4. Saving Time

Performing regular maintenance on your site makes the overall task of keeping it up to date that much easier. Incremental updates naturally involve fewer code changes and less testing. Drupal updates come out regularly. It's a good idea to have your site checked periodically to see what updates are needed and perform them at that time; otherwise you could find yourself in the position months, or even years down the road, having to update virtually all of the modules your site uses.

Our Approach

Many of CommonPlaces' clients take advantage of our regular Application Maintenance Program, which gives them the peace of mind they need in order to know that they'll be running the latest and greatest code for their site. Quarterly, or even monthly, we'll examine what updates are needed and perform them on a site, along with a round of testing both by CommonPlaces and the client. When we perform maintenance on your Drupal site, we take a copy of it and the database, and then do the work on our development servers. This ensures no impact on your live site while we're doing our work. Version control allows us to track changes between updates and also roll back to the previous version in the event that problems are encountered during testing. All of our clients have their projects in version control, usually Git or Subversion. If it's a new project, we'll usually recommend that it be put into version control to make both the current and future updates easier, among other reasons. If necessary, we also conduct a full review of the code structure of the site to ensure that work performed by other developers conforms to best practices. For example, one of the mantras of Drupal is, "Don't hack core". This refers to changes that were made to the code which makes up the basic Drupal installation. It can be tempting to modify core files in an attempt to fix something, but as described at the above link there are very good reasons not to do so. Still, it happens, and it's not unusual for us to encounter a project where this has taken place.

Since core or module updates can involve files that were a) Modified, b) Added, or c) Deleted, we take care to use commands such as drush or rsync to guarantee that all of these different changes are reflected in your updated application. Of course, we'll also run any database updates that may be needed, since those often go hand in hand with code updates. We also review the release notes of the updates to look for possible "gotchas". Dependencies between modules often require both to be kept in sync with versions that will work together.

Sometimes an update to one module will break something another module is doing. At other times, an update will introduce new problems that didn't exist before. We like to see that updates have been vetted by the community. One way is to review the module's issue queue to see if any significant issues have been reported with the new version. In some cases, we'll hold off performing an update if the new version isn't ready for prime time yet. Once we've completed our own testing, we'll put the updated version of your site on a staging server and give you the opportunity to conduct your own testing. When approved, we work with you to determine the best way to roll out the updates to your production site. If downtime is needed, usually a half hour or less depending on the magnitude of the updates, we can perform the update at an off hour, and we'll put the site into "maintenance mode" to ensure that anyone who happens to visit it at that time gets a message letting them know. This way, you won't see errors that can result from trying to load a page before the process is complete. Finally, when we're done and the site is back online, we'll perform a sanity check and ask you to do the same, following the mantra of test, test and test again.


What's Next?

If you think your Drupal site could benefit from an evaluation and even a regular program of application maintenance, contact us. We'd love to help you. You've already taken the first steps by having a great site built on a terrific application framework -- Drupal. Maintaining it on a regular basis will ensure that it stays that way.

Website Security Consultation

Leave Your Comment