This document discusses best practices for long-term support of Drupal sites. It emphasizes the importance of documentation, training, communication, and continual updates and monitoring. Key aspects include empowering users through training, maintaining documentation, recruiting and succession planning, performing regular audits and security reviews, monitoring for issues, keeping modules and core updated, and staying engaged with the Drupal community. The overall message is that supporting a Drupal site over the long run requires ongoing care, education, and preventative maintenance.

1. Sacramento Drupal Camp 2012
Supporting Drupal Over the Longterm
Anne Stefanyk (@eskimoYogi) & Meghan Sweet (@meghsweet)
10 June, 2012

2. Site Launches!

3. Now What?

4. Empower Your Users

5. Drupal Web Team
• Learning Drupal Takes Time
• Early & Often Team Engagement
• Train the Trainer
• Backup Expert Level Support
• Effective Documentation

6. Content Manager Training
• Onsite Training Sessions
• Web Team Trainers
• FAQ / Forums
• Help Videos
• Training Materials

7. Documentation
Detailed logs in source code
Extensive commenting
Onscreen help
Training Videos
FAQ Capture

8. Recruiting
Succession Plans
Internships
Drupal Give
Stop Gap Solutions

9. Support Best Practices

10. Ideal Solid Foundation
• UX Strategy
• Documentation
• Early Client Engagement
• QA by Web Stakeholders
• Scalable Architecture

11. Communication
Ticketing Tool
Expectation Management
Expect Ongoing Education

12. QA Best Practices
• Development, Testing & Production
• Stakeholder Sign-off by Review
• Regular Release Cycle
• Batch work

13. Audits and Monitoring
Prevention is better than cure

14. Auditing what to look for:
- Version Control
- Hacks- Hacked! module
- Custom Modules- what do they do?
- Contributed Modules- updates, errors?
- Custom Theme
- Core- update and/or upgrade?
- Live Feeds?
- Site Logs
- Permissions- php filter, security risks.
- Spam Prevention
- Performance Optimization Periodic Auditing
- SEO Checklist Module is important!

15. Security Review
• Input formats
• File system permissions
• Error reporting
• Private files
• Allowed upload extensions
• Database errors
• Failed logins
• Drupal admin permissions
• Username as password
• Password included in user emails
• PHP access
Training is key. Users need
Drupal awareness!

16. Monitoring
- Most of the time in recovery is
figuring out what’s broken.
- Monitor Trends
- Use Syslog to write Drupal logs
to text file
- Monitor Servers, SEO
- Cron
- Drupalmonitor.com
- Are your admins educated?
- Every time you have an issue-
start to monitor.

17. Detecting Problems
- Spam- number of nodes, emails
being sent, comments, users. (Good to
know trends) - Mollom, Captcha,
Admin Views
- Use Version Control to check diffs-
revert to good version
- Hacked! Module - switch to
unhacked contrib module
- Security Review Module will look for
spam in content.

18. Security & Module Updates
What to do with those error messages?

19. Updates
Keep on top of Updates- within
30 days at least.
Finding a bug in a contrib
module.
Do Not Hack Core! No
exceptions.
Planning for Custom Modules
Staying in tune with Advances
in Community Modules

20. Version Upgrades
Timing
Community Catch-up
New Modules
Consider a Rebuild?
Testing
What’s the plan?

21. Community Connection

22. Groups.Drupal.org
Internal Knowledge Sharing
Local User Group Meet-ups
Drupal Camps, Cons & Summits

23. Taking Over
Another’s Work

24. discovery
read the documentation
talk to all stakeholders
get clear line of sight to priorities
review the laundry list

25. Key Points
Continual Love & Attention
Keep Documentation Fresh
Use good communication and
feedback/QA tools
Foster Drupal Talent
Community Contribution

26. Thank You!
@chapter_three