Best-Practices Drupal Development


Pixeldust Drupal Support Service Security Audit

Our Drupal Support Service site audit provides actionable insights for quantifiable improvements.

Drupal Support Service Security Audits

Issues Identified

Issues Remediated

While every site has unique configurations and content, they all have the same architectural requirements. Using static program analysis, it is possible for Pixeldust to provide recommendations that fit the majority of use-cases on any implementation. Our  Drupal Support Service security audit is non-intrusive. No installation or configuration is required.

Pixeldust Drupal Support Service Security Audit includes a 14-point comprehensive report that identifies common problems. The final audit report is delivered in an organized, color-coded html document that outlines actionable items with priority designations. We can also provide estimates to have critical issues remediated.

Why a Drupal Support Service site audit?

  • Security – Discover weaknesses in your Drupal Support Service implementation.
  • Performance – Identify areas where performance improvements can be made.
  • Site Acquisition – Do this before you buy a business as part of due diligence.
  • Implementation Verification – Check your site before it goes live to avoid critical issues that may appear under load.
  • Vendor Management – Make sure your current developer is doing a good job.
  • Support Transition – When moving to a new developer both sides need to know what they are working with.

Your Drupal Support Service security audit report is delivered within 3-5 days and includes analysis of the following areas:

  • Best Practices – We provide structural recommendations to keep the site in Drupal Support Service best development practices.
  • Block – Is caching enabled for all blocks?
  • Cache – What are the optimal Drupal Support Service caching settings?
  • Codebase – What is the size of the site; size and count of managed files?
  • Content – Are there unused content types, and vocabularies?
  • Cron – Is the Drupal Support Service built-in cron configured correctly?
  • Database – We check for issues in collation, engine, row counts, and size.
  • Extensions – Total count, development modules, duplicate modules, missing modules.
  • Insights – Analyze site with Google PageSpeed Insights.
  • Security – Checks for common security exploits, such as malicious menu router items.
  • Status – We check for failures in Drupal Support Service’s built-in status report
  • Users – blocked user #1, number of normal and blocked users, list of roles
  • Views – Are the caching settings on views correct?
  • Watchdog – We analyze Watchdog for 404 error count, age, number of entries, enabled, and PHP errors.
  • Remediation – We provide estimates for fixing key issues.

Joe Doyle, Director of Digital Strategy, HCB Health

The Pixeldust team are flexible and provide great service. We’ve hired them several times.

Tyler Harmeyer, VP of IT Operations, My Fit Foods

Pixeldust always exceeds our expectations. Day or night, we can count on Pixeldust to support our eCommerce system.

Philip Busker, CEO, Mattress Firm

Pixeldust helped us present a progressively competitive front during our recent merger negotiations.

Gaea Connary, Marketing Manager, Convio, Inc.

We were really impressed with Pixeldust’s level of expertise and commitment to the project.

James Scott, Business Manager, Cielo Wind Power, LLC

Pixeldust has always been responsive to our needs. They’ve redesigned our site three times over the past 10 years.

Shawn Rucks, CEO, Deverus

Pixeldust gave us exactly what we wanted and delivered it on time and on budget.

Pixeldust Interactive
Littlefield Building
106 E 6th S
Austin, TX 78701

DRUPAL Support and Maintenance

24/7, Worry-Free Support

What to Check When Doing a Drupal Support Service Security Audit

Check update status: The current running version of Drupal Support Service is available on the status report, as well as by running ‘drush status’ from the site root. “drush pm-list’ will show module statuses as well. If the update module is enabled (which it often isn’t on a production site), the status report will tell you whether Drupal Support Service and its modules are up-to-date. You can manually find the current version of Drupal Support Service at 

Check status report: The status report is color-coded to show any potential issues. Yellow ‘warning’ rows may just be less-performant versions of PHP libraries or a missing handler for functionality not used on the site. Red rows require attention, such as locking down file permissions or ensuring certain directories don’t execute PHP for security purposes. 

Check cron: The status report will tell you the last time cron was run. If it’s been more than 24 hours, cron for the site may not be configured correctly. It’s advisable to check the logs for cron tasks, and perhaps to manually run cron using “drush cron”, to ensure no errors appear during runs. 

Check caching settings: Production sites, unless they have very-quickly-changing content or functionality for non-logged-in users, should have at least a minimal amount of page cache enabled. Block caching should remain disabled, as it can interfere with JavaScript includes and other measures. 

Check JS/CSS Aggregation settings: Aggregated JavaScript and CSS, except in rare cases, is a quick win to enable. It makes the payload of the page smaller, resulting in faster load times. If aggregation is disabled, ensure that the public files directory is writable by the server, and that JavaScript is included on applicable pages in the correct manner. 

Check error reports: Reviewing the site’s database logs will show both activities on the site (which can be an indicator of areas to focus on with future updates), as well as technical errors. Filter the logs to PHP errors to see if there are any bugs or code compatibility issues. 

Check for unnecessary modules: There are a set number of modules that are typically advisable to disable on production sites.

Run Hacked!: Hacked! should be run on a snapshot of the code as it exists on production, but on a non-production environment. Hacked! is a module that finds any files that may have been edited by malicious parties.

Check for PHP in the database: If you have phpMyAdmin installed, a quick search of the whole database should find any instance where php may be inserted. Typically, you can be assured that PHP isn’t in the database if the PHP filter module is disabled (which it should definitely be). 

Common Drupal Support Service websites’ issues

Drupal Support Service core

Drupal Support Service does not stand still — it is constantly evolving. Each update of the Drupal Support Service core carries new opportunities. However, not all website owners enjoy this advantage and still use older versions. Among them there are web resources on Drupal Support Service 6, which is no longer officially supported. So, upgrading your website to the newest version is the only smart solution. Remember that ignoring updates makes your site easy to attack for hackers.

Custom code quality

It is necessary to create custom modules if you want to add some specific features to your website. When written inefficiently and without using the correct Drupal Support Service standards, they can cost you a lot. Free Drupal Support Service security audit vulnerabilities may include cross-site scripting (XSS), malicious PHP/ASP code and its injections, remote file inclusion, file disclosure, directory traversal, and many more serious threats. There is also a threat of a SQL injection when a hacker tries to use an application code to access your database content. Then they can create, read, update, alter, or delete data stored in the database. That is why it’s important to entrust only experienced developers with that task. The top priority during our website audit process is to identify and address such problems.

Unused modules

Sometimes we identify a huge amount of unused modules on Drupal Support Service websites. Although at first glance having a hundred modules seems to be normal and not necessarily a security risk, it is. Not all of them are good. There are actually some that may slow down your website’s performance and are more likely to contain bugs or security issues. They present a potentially high risk from the perspective of the long-term maintenance. A website audit can help you determine whether you need them in use. These unused modules can be safely deleted by specialists.

Unused themes

You may say that themes don’t introduce a serious threat themselves. There are other holes that are much riskier for your Drupal Support Service website. However, in this regard there is a similar situation as in the previous paragraph with unused modules. The number of installed themes can reach into the dozens. If you are not managing Security Advisories within the given timeframe, you are risking security issues. So, be selective when choosing the right theme sets that are suitable for you and your business.

JS/CSS Aggregation

Turning off CSS and JS aggregation is another common mistake we often find during the website audit process. The aim of aggregation is combining and compressing JavaScript and CSS files to reduce the number of HTTP requests necessary to render the page content. When configured properly, these settings will significantly increase the page load speed and overall site performance.

Of course, we faced a number of other various issues as follows: no performance optimizing and caching modules installed on the website, Drupal Support Service core caching disabled, unused content types/roles, outdated contrib modules, and more. You’ve probably learned that a proper analysis helps “to lift a veil” from a web resource. As an owner, you should also consider a website audit to prevent problems in the future. Identifying and remedying the above issues will considerably improve your website’s performance. Contact us to get a professional site audit and save your time and money!


Free Drupal Support Service Security Audit

Powered by Site Audit | Drupal Support

Site Audit is a Drupal Support Service static site analysis platform that generates reports with …
Google PageSpeed Insights; Security – check for common security exploits, …
Feel free to add vendor specific support, either through a patch or by …

Drupal Support Service Security, Website Security, Support, and Maintenance …

Pixeldust Security, Support, and Maintenance Services for Drupal Support Service 8/7 …
Complete website security audit, including website penetration testing, Drupal Support Service
security audit, and server security audit … Get Started With Your Free Assessment
Shopping Cart
There are no products in the cart!
Continue Shopping