Last updated March 20, 2014. Created by LeeHunter on February 19, 2005.
Edited by acmaintainer, silverwing, vnit969, abdo1.arec. Log in to edit this page.

If you are going to invest the time to set up a CMS, then you should protect your investment by following some simple best practices. These guidelines are only suggestions. It is up to you to decide what is appropriate for your site.

The following list contains some quick pointers (for more detailed information, see the list of articles at the bottom of this page):

  • Plan your site. Drupal provides a good toolset to help you build your site but you still need to plan. Good wireframes and proper planning can avoid significant misunderstandings and problems later.
  • Plan for the future. You should revisit and reevaluate your site each time there is a major version release of Drupal. This does not mean you have to upgrade it, but you should evaluate and plan for an upgrade approximately each 12-24 months.
  • Get involved in the community. This will help you follow development trends and, while helping others, you may just come across a cool idea that solves your own problem.
  • Back up your site. Back up both the database and the files on the web server. Test your backups! If you don't test them, you have no idea if you are doing it right.
  • Use PHP snippets sparingly and carefully. Drupal gives you a great deal of power and flexibility when using PHP code in blocks. Unfortunately, a stray character or a missing semi-colon breaks PHP. Drupal then attempts to evaluate this broken code on any requested page, the PHP interpreter chokes on it and therefore your whole site is broken. Worse yet, a PHP snippet entered by an unauthorized user can expose your entire website to hacker attack. An outsider who gains PHP access to your site will be able to read and write anything that is in your database and pretty much do anything they want. You should be careful not to grant permission to use the PHP format to anyone other than trusted site developers. When creating a block that uses the PHP input format, you can avoid the risk of having the block take down your entire website by first testing the code inside a temporary story or page node. Use PHP input format, write the code, and the Preview to debug your code. When you are satisfied that your code is working, copy then paste the code into the block.

The links below will explore some basic to intermediate best practices. If you're looking for advanced, programmer-type best practices, go to the Programming Best Practices pages.

Looking for support? Visit the Drupal.org forums, or join #drupal-support in IRC.