|Avoid common Drupal hosting mistakes for a reliable and secure site|
It seems everyone has fallen for Drupal, the open-source website content management system. Behind some of the most powerful people on the planet -- from the leader of the free world and WhiteHouse.gov to teen sensation Justin at bieberfever.com – you’ll find Drupal, one of the most durable, feature-rich and customizable applications in use.
Your site may not be that high-profile, but it still needs to be fast, reliable and secure in order to benefit you and your customers.
First, reliable and high-performance hosting begins with good planning. One of the most common mistakes is also one of the most obvious: not anticipating surges in demand. Whether you’re the site owner, developer, or hosting provider, it’s critical to prepare for increased use. Every sales promotion, publicity event or change in user base can cause commercial sites to experience an uptick. If your hosting environment isn’t capable of scaling quickly to accommodate changes, you could end up frustrating users and losing potential revenue.
Secondly, maintaining a secure site can repel attacks and avoid unnecessary problems. Drupal’s popularity has made it a favorite target for those seeking information or publicity. Mean-spirited visitors sometimes attempt to deface or disrupt sites they can’t access. Others might attack sites carrying messages with which they disagree. And any site that deals with credit cards, social security numbers or other confidential information must be prepared to repel criminals and their ever-evolving methods of breaking in. To counter these assaults, your hosting infrastructure should go beyond standard firewalls and port filtering to include firewall rule sets such as Access Control Lists. Web application firewalls also can prevent specialized attacks such as SQL injection, remote command execution or cross-site scripting.
The overall performance of your site, however, depends on how well the infrastructure is optimized for Drupal’s unique characteristics. To ensure efficient operation, your provider should go beyond the typical Apache-PHP-MySQL solutions.
For example, Drupal response times are directly linked to effective data caching. Varnish, an open-source product, is a reverse proxy cache that will increase data availability. As a supplement for Apache servers, Varnish is custom-designed to cache content based on HTTP headers. APC (Alternative PHP Cache) and Memcached are other enhancements that can reduce external data calls and speed site responsiveness. Using these hosting service provider add-ons will help avoid site slowdowns.
Next, to improve your Drupal site’s search capabilities, find out if your provider uses Solr, a platform for Drupal search, which is faster than Drupal’s native search.
Performance can be further increased by load-balanced application servers. To ensure that your Drupal databases aren’t adversely impacted, the system also should employ some form of replication and failover at the database layer. Such customized improvements, while seemingly technical in nature, have a big impact on the durability and scalability of your Drupal site.
Finally, before your Drupal site is deployed—and periodically thereafter—ask your provider to load-test your site to make sure it can handle anticipated traffic. A reputable hosting partner also will be there for you with 24/7 monitoring and fast response to alerts when issues come up.
JASON BURNETT is Director of Infrastructure for NeoSpire (www.neospire.net), a premier Dallas-based Managed Hosting Services company. He can be reached at firstname.lastname@example.org.