When you publish your application, especially a new one, you should consider several issues. Since every application is unique, the details vary from project to project.
This documentation page includes a list of common issues that you should evaluate. Use it as a starting point to discover other tasks that might be necessary for your application. The exact location of these settings varies depending on the version of Drupal you are running. In the following examples, the locations given are for Drupal 7.
Performance
Enable caching, CSS, and JavaScript aggregation on the Configuration > Performance page.
Disable modules that you do not need when your website goes live (such as Devel and Views UI) on the Modules page.
Review the other performance considerations in Improving application performance.
Visitor interaction
Protect all visitor-accessible forms against spam and attacks.
Determine if you have enabled an anti-spam solution, such as CAPTCHA.
Ensure that all visitor-accessible forms are protected.
Examine the application-wide email address and the other information on the Configuration > Site information page.
Evaluate the contact form settings on the Structure > Contact form page.
Review all email addresses and messages generated by other modules (for example, Webform and Rules).
Web interaction
Examine the domain redirect options in the
.htaccess
file. Ensure that URLs beginning withwww
are redirected to URLs without (or vice versa).Make the necessary changes for external web services (such as Twitter, Google Apps, and New Relic) to work in your Production environment.
Update API keys.
Examine the Google Analytics configuration.
Security
Review the Reports > Status report page for any needed version updates for Drupal Core and your contributed modules.
Review Reports > Recent log messages for errors and warnings.
Ensure that the minimum possible number of website users have administrative privileges.
Be certain that error messages are not being displayed to visitors by setting Error messages to display to None on the Configuration > Development > Logging and errors page.
On the People > Permissions page, examine the permissions granted to anonymous and authenticated users. Make them as restrictive as possible, while still allowing your website to function.
Review the user registration and cancellation settings on the Configuration > Account settings page.
Visit your website as an anonymous user (sign out and then browse your website). Ensure that anonymous visitors can see and do only what they are supposed to be able to on your website. If necessary, correct the permissions on the People > Permissions page.
Quality Assurance
Delete placeholder and test content, including test users and files.
Examine the spelling and grammar of your content.
Use a link checking tool to examine your website for broken links, such as the W3 validator.
Verify that search is working as expected.
Go to Reports > Recent log messages to review any errors and warnings about missing files and URLs.