Publishing your application
When you publish your application, especially a new one, you should
consider several issues. Since every application is unique, the details
vary from project to project.
This documentation page includes a list of common issues that you should
evaluate. Use it as a starting point to discover other tasks that might
be necessary for your application. The exact location of these settings
varies depending on the version of Drupal you are running. In the
following examples, the locations given are for Drupal 7.
Visitor interaction
- Protect all visitor-accessible forms against spam and attacks.
- Determine if you have enabled an anti-spam solution, such as
CAPTCHA.
- Ensure that all visitor-accessible forms are protected.
- Examine the application-wide email address and the other information
on the Configuration > Site information page.
- Evaluate the contact form settings on the Structure > Contact
form page.
- Review all email addresses and messages generated by other modules
(for example, Webform and Rules).
Web interaction
- Examine the domain redirect options in the
.htaccess
file. Ensure
that URLs beginning with www
are redirected to URLs without (or
vice versa).
- Make the necessary changes for external web services (such as
Twitter, Google Apps, and New Relic) to work in your
Production environment.
- Update API keys.
- Examine the Google Analytics configuration.
Security
- Review the Reports > Status report page for any needed version
updates for Drupal Core and your contributed modules.
- Review Reports > Recent log messages for errors and warnings.
- Ensure that the minimum possible number of website users have
administrative privileges.
- Be certain that error messages are not being displayed to visitors by
setting Error messages to display to None on the
Configuration > Development > Logging and errors page.
- On the People > Permissions page, examine the permissions granted
to anonymous and authenticated users. Make them as restrictive as
possible, while still allowing your website to function.
- Review the user registration and cancellation settings on the
Configuration > Account settings page.
- Visit your website as an anonymous user (sign out and then browse
your website). Ensure that anonymous visitors can see and do only
what they are supposed to be able to on your website. If necessary,
correct the permissions on the People > Permissions page.
Quality Assurance
- Delete placeholder and test content, including test users and files.
- Examine the spelling and grammar of your content.
- Use a link checking tool to examine your website for broken links,
such as the W3 validator.
- Verify that search is working as expected.
- Go to Reports > Recent log messages to review any errors and
warnings about missing files and URLs.