Drupal Site Audit: 3 Considerations to Keep in Mind


Drupal is one of the leading web content management platforms for enterprises across the globe. However, in recent years, its market share in the CMS space has dropped from 6.1% in 2011 to 2% in 2022, according to W3Techs. The drop mainly stems from better flexibility, speed, and customer experience from other alternatives such as Sitecore or Optimizely.

Drupal site audits measure a website’s performance, security, reliability, and stability. This article provides a guide on how to audit your Drupal site, and what to do if it isn’t up to par.

How to Quickly Carry Out a Drupal Site Audit

To properly conduct a Drupal site audit, there are several tools that you can use. These tools can provide you with valuable insight into your Drupal site’s security, performance, and stability.

Security Audit

You can use the following tools to vet the performance of your Drupal site:

  • Coder: Coder verifies your Drupal codes for compliance with industry standards and best practices. It uses the phpcbf command from PHP_CodeSniffer to fix any coding mistakes.
  • Qualys SSL Server Test: This tool conducts a comprehensive analysis of any SSL web server that is publicly accessible and gives you a grade on its performance.
  • Security Kit: This tool lets you reduce the risks associated with several Drupal website vulnerabilities. With it, you can enhance your security by preventing your website from CSRF, XSS, and clickjacking attacks.

Performance Audit

  • PageSpeed Insight: This is a free tool that you can use to diagnose and resolve issues that slow down your Drupal website. In addition, it provides you with a comprehensive picture of how customers are using your site.
  • YSlow: Like PageSpeed Insight, this tool analyzes web pages to see why they load slowly according to Yahoo’s high-performance site guidelines. It grades web pages and offers suggestions on how to improve them.
  • New Relic: This is a comprehensive Drupal audit module for monitoring various aspects of your site, including infrastructure, server, browser, and application. On top of that, you can track real-time traffic and performance by setting up different dashboards with graphs and charts.
  • Performance Monitor: With this tool, you can compare different servers/hostings and get a sense of how well your website is performing in real-time. Also, it evaluates the performance of the whole system as a whole, running tests on the database, file operations, and CPU.

Reliability and Stability Audit

  • Behat: This tool is an open-source test framework that you can use to automate tests using a behavior-driven development approach to ensure website stability.
  • PHPUnit: This is a unit testing tool for PHP. It comes with many flexible and simple assertions to help you test your code, especially if you are running tests on specific parts.
  • Code Sniffer: This Drupal audit tool is perfect for assessing the quality of your code and testing your website’s stability. This process includes checking the quality of your site links, SEO, documentation accessibility, and outdated modules.
  • Tugboat: Tugboat is a continuous integration tool that runs automated and linting tests and reports the results to developers before merging or reviewing the code.

Post-audit Consideration #1: Ignoring the Total Cost of Ownership

Once you’re done with your Drupal site audit, it’s now time to take a note of where your Drupal instance falls short. Without proper care, what seems like a minor issue can quickly escalate into a significant problem that affects your bottom line.

Unlike other enterprise CMSs, Drupal has a steep learning curve and isn’t very intuitive. Despite being open-source, you’ll need to invest heavily in maintenance and support costs for your site.

The cost of keeping track of, upgrading, managing compatibility of all the extra modules that are required to make your system minimally viable can be quite expensive. Also, building incremental features is harder in Drupal than it is in other enterprise CMSs. With other platforms, once you have your site established and platform in place, the incremental cost of doing new features is smaller compared to Drupal.

Other common issues that most enterprises have with Drupal include:

  • Inadequate documentation that fails to cover the whole of Drupal, making it difficult to locate relevant information about APIs and libraries.
  • An extremely slow and buggy system that uses up a lot of CPU resources in comparison to its competitors.This is partially due to the fact that it is based on PHP which is an interpreted language (compiled to bytecode at runtime) vs a compiled language (compiled to bytecode at deploy time).
  • Poor support for drag and drop functionality with limited customizations, forcing you to use subpar templates.
  • Upgrading from a particular version of Drupal to another may be exceptionally costly and problematic. For instance, if you carry out an automatic Drupal update, you may have to deal with a host of problems with your custom features and third-party modules and site performance.

These are only a few of the issues that enterprises encounter with Drupal. And they may limit your ability to innovate and deliver the best experience possible. This reason is enough for you to consider other enterprise CMS alternatives to Drupal.

Post-audit Consideration #2: Maintaining Your Heavy Reliance on Third-party Modules

With Drupal, you end up using a lot of custom code and a cocktail of modules to build your digital experience. Users without a coding background will face a learning curve when upgrading or integrating third-party modules with Drupal. That may mean getting extra development assistance on third-party app installation. For instance, a Drupal user on G2 had to seek help creating an additional social media icon.

Of course, third-party modules are great, but it can be difficult — sometimes impossible— to migrate modules and themes during Drupal migrations. For any one 3rd party module users may say that it “works” and “provides great value”. However, the issue is that this module may conflict with another module that also may work great on its own. When you need 15-25 modules in order to get the features you require for your site, managing how they impact each other becomes quite complex and difficult.

Post-audit Consideration #3: Ignoring Viable Drupal Alternatives

Many businesses end up getting stuck with Drupal because they have a technical person that they trust that knows and likes Drupal as well as the promise of a cheap open source solution. In the best case, this person just doesn’t know any alternatives and may have had success with Drupal. In the worst case, this person may see using Drupal as a way for them to keep their job.

The bottom line is that if people making business decisions are taking control of their destiny and doing package selection based on what will meet their needs, what will grow with them, what their staff are likely to adopt and evaluate a handful of packages against that criteria, they will not likely choose Drupal.

Drupal is a CMS with a large and active community, but the platform has some shortcomings. One of them is a seriously concerning security track record common with CMS platforms that heavily rely on third-party modules. These modules can also bring an increased risk of malfunctions or site breakage.

With enterprise CMSs like Sitecore and Optimizely, you don’t have to rely heavily on third-party extensions. There are several vendor-developed solutions with better security, performance, and support solutions for enterprises. Additionally, you can access marketplaces with fully functional extensions that are less rigid and much more secure. If you run into any of these issues during your Drupal site audit, be sure not to ignore other available alternatives.

Read More: Alternatives to Drupal? Sitecore and Optimizely

Uptime by Oshyn

Uptime provides a comprehensive, automated system for monitoring your website availability. It is a managed DevOps service that provides you with regular scanning and patches, website uptime monitoring, real-time reporting, bug detection and resolution, automated testing, and a holistic approach to website security.

If you’re unaware of various tools we mentioned, don’t know how to run them, or how to take action with the results, then you need a team dedicated to doing these things on your website. Oshyn’s Uptime service is the team, tools and process to give your business peace of mind for your important customer facing web systems.

Why Oshyn Champions Sitecore as a Drupal Alternative for the Enterprise

Modern enterprises need to be at the forefront of innovation, delivering the best digital experiences and value. If your enterprise currently uses Drupal, you’ll be unable to provide your users with a highly immersive, engaging, and intuitive digital presence. To make this possible, you should consider enterprise CMS options Sitecore.

Sitecore is a leading enterprise DXP platform. It is firmly cited as one of the top DXP platforms for enterprises in 2021, according to Gartner Magic Quadrant for DXP 2021. It offers several features and options for planning, orchestrating, developing, optimizing, and delivering user-focused digital experiences. Most importantly, it provides enterprises with the flexibility, security, and integrations necessary to cope with changing business needs.

Oshyn is a proven Sitecore implementation partner that can guide you in implementing a comprehensive, scalable, secure, and adaptive platform to power your web experiences. With experience working with several top enterprises and agencies globally, Oshyn is the ideal partner you need to develop your digital experience platform.

Want to find out how you can move your site to Sitecore? Have a look at this blog: How to Move to Sitecore