Dano Manion

Drupal Notes




  • Learn a Theme really well.


  • Try to reutalize views. Don’t create a million views when you can use context sensative filters to reuse them.


  • Try to reutalize node types, don’t create a bunch of node-types for specific reasons. Try to keep it simple.
    • Examples: article-node and news-node should be the same node.


  • Check to make sure you still the modules you have installed, installed.
  • Use Contrib as much as possible.


  • Use Drupal’s API and not direct calls to the Database!
  • Sanitize input from users. Wrap all calls with proper sanitizing techniques.
  • Use Drupal’s Form API

Best Practices

  • Keep your code under version control.
  • Maintain separate environments for the different stages of the site, and keep them up to date.
  • Restrict access to the production site for all but the most trusted users.
  • Review all logs periodically, including Apache, Drupal, and MySQL.
  • Review and assess your architecture periodically, and plan for the future.
  • Keep Production, Staging and Dev up to date and in sync


  • Use XHProf to see website performance.
  • Disable unuused modules
  • Misconfiguring cron. See more about configuring cron.
  • Using the default views pager, which requires an additional COUNT query. Use Views Litepager, which provides pagers without the COUNT function.
  • DB Logging. Fix PHP notices and warnings to avoid filling up DB fast with crap data.
  • Use the Fast 404 module to serve static 404s for image, icon, CSS, or other static files, rather than bootstrapping Drupal.
  • Not aggregating CSS and JavaScript files. See how to turn CSS and JavaScript aggregation in Drupal.


  • Having no cache strategy at all. Not taking the time to understand how content can be cached
  • Caching at too low a level, such as using views cache instead of Blocks or Panels pane cache.
  • Using basic caching, such as block caching or panels pane caching.




Modules: Not to be used on Production

  • Devel
  • Hacked!: Runs a Diff on Modules to see if there have been any changes.
  • Security: The Security Review module automates testing for many of the easy-to-make mistakes that render your site insecure.



  • Changing the default currency on your store changes the symbol shown before or after the price value you set for each product, but does not attempt to convert values between currencies (see the Drupal Currency Exchange module for related functionality)