1 . 1

How to auditDrupal Sites

2016.05.11 | DrupalCon New Orleans

 | about.me/jonpeck @fourkitchens

1 . 2

Jon Peck

So�ware Architect at Four Kitchens

 ‐ github.com/fluxsauce drupal.org/u/fluxsauce

2 . 1

What is an audit?

Official inspec�on of accountsValidate the good thingsHighlight areas of improvement

2 . 2

Why audit sites?

Learn about contents and structureEnsure op�mal configura�onDiscover areas of improvement

2 . 3

Every site is unique, but...

Built with the same frameworkSimilar architectural requirementsOne size fits most

2 . 4

E�ective auditing

ConsistentQuan�fiableContextually awareEasy to understandAc�onable recommenda�ons

3

Auditing Tools

Yup, it's wood.

4 . 1

Site Audit

Drupal 7 and 8 site analyzerDrush command on target pla�ormPowers   on Pantheon

drupal.org/project/site_audit

Launch Check

4 . 2

What does Site Audit report?Best Prac�cesBlockCacheCodebaseContentCronDatabaseExtensionsFront EndSecuritySystem StatusUsersViewsWatchdog

4 . 3

What doesn't Site Audit analyze?

Usability and site experienceAesthe�csSeman�c content

4 . 4

Read the Full Manualdrush help --filter=site_audit

4 . 5

Audit Cachedrush audit_cache

4 . 6

Show detailed resultsdrush ac --detail

4 . 7

JSON outputdrush audit_cron --json

4 . 8

HTML outputdrush audit_best_practices --html --detail

4 . 9

Audit Alldrush aa --skip=insights --html --bootstrap

4 . 10

Extending Site AuditModules can implement both Checks and ReportsDocumenta�on in README.mdDrupal.org Issue QueueGitHub Pull Requests

4 . 11

Share your Checks and Reports!

4 . 12

Site Audit Drupal Console Support!8.x-3.x-dev ‐ work in progress...

5 . 1

Tools with Site Audit support

5 . 2

Unused Modules

Lists projects that can be safely deletedIgnores disabled child modules

drupal.org/project/unused_modules

5 . 3

Security Review

Checks site and hos�ng configura�on, site contentdrupal.org/project/security_review

5 . 4

Hacked!

Compares contrib with versions on drupal.orgdrupal.org/project/hacked

5 . 5

Sensitive Data

search content for sensi�ve informa�on, like credit card orID numbers

drupal.org/project/sensi�ve_data

5 . 6

Cache Audit

Caching se�ngs of Drupal core, Block, Views, PanelsPanels is unique (not in Site Audit)

drupal.org/project/cacheaudit

5 . 7

PHP_CodeSni�er / Coder

Use Drupal 8 version to analyze code on both 7 and 8Drupal and DrupalPractice sniffsDetect devia�ons from 

github.com/squizlabs/PHP_CodeSnifferdrupal.org/project/coder

Drupal Coding Standards

5 . 8

PAReview.sh

Automated reviews of drupal.org projectspareview.sh

6

PHP ToolsPHP Copy/Paste Detector ‐

PHP Mess Detector ‐ Possible bugs, subop�mal or unused code,overcomplicated expressions

PHP LOC ‐ Measures size and structure

github.com/sebas�anbergmann/phpcpdphpmd.org

github.com/sebas�anbergmann/phploc

7

Git Tools

GitStats ‐ gi�nspector ‐ 

github.com/hoxu/gitstatsgithub.com/ejwa/gi�nspector

8

JavaScript ToolsESLint ‐ Pluggable lin�ng u�lity for JavaScript and JSXOfficial configura�on in Drupal 8 

JSCS ‐ JavaScript Code Style

JSHint ‐ Detect errors, poten�al problems

eslint.org

core/.eslintrcjscs.info

jshint.com

9 . 1

Hosted Utilities

9 . 2

WebPageTest.org

webpagetest.org

9 . 3

Google PageSpeed Insights

developers.google.com/speed/pagespeed/insights

9 . 4

WAVE Web Accessibility Tool

Analyzes web pages for accessibilityAc�onable recommenda�ons on how to fix problems

wave.webaim.org

9 . 5

Qualys SSL Server Test

Analyzes SSL configura�onssllabs.com/ssltest

10 . 1

Delivering an audit

10 . 2

Report StructureOverview of scope, requirementsAc�onable recommenda�onsAppendixHow to install and use toolsRaw results

10 . 3

GitBook for publishing reports

Book format and toolchain using Git and MarkdownCommand‐line, uses Node.JSOutputs HTML, PDF, ebooks, and moreIncredibly useful for large structured reports

github.com/GitbookIO/gitbook

10 . 4

Editing GitBook structure

10 . 5

GitBook HTML Format

11

Site Audit co-maintainer wanted.

Interested? Submit an issue.

 |   | slides @fluxsauce @fourkitchens12

Good con�guration matters.Thank you! Feedback: goo.gl/8cg3Cn

 |   | slides @fluxsauce @fourkitchens12