Back to top

Drupal Site Audit

Have an existing Drupal site and need new developers? This is the place to start. Before we can set any kind of realistic expectations of what it will take to do the work you need done, we need to understand the state of your current site. We've seen sites from other experienced Drupal developers that are well organized and a joy to work with -- but far more often we find sites built by people who did not know a thing about Drupal best practices.

A few examples of poor Drupal best practices include: core code and modules hacked instead of overridden, making updates dangerous; business logic put in themes that blow up when you try to change them; themes with hundreds of template files; PHP logic that re-invents what Drupal could do much better; and the list goes on....

This Site Audit can be an excellent tool for you, even if you're not hiring us to actually work on your site. We can identify problems, areas that were built with poor choices, and even do some testing to determine if it works the way you think it works.

Here's a partial list of what we check for:

  • Is the Drupal core up to date with all security releases?
  • Are all modules up to date?
  • Have the core and/or contributed modules been modified/patched/changed in a way that might cause problems to upgrade?
  • Is the website built with an appropriate set of modules?
  • Are there files that reveal the specific Drupal version or module information to the public?
  • Review content types, and whether they are used most effectively
  • Review the menu, suggest other items to show
  • Review the theme, JavaScript, and CSS for code quality and adherence to Drupal standards and proper validation
  • Review custom modules for code quality and adherence to Drupal standards
  • Check for proper theming on generated pages (search results, login/registration pages, etc)
  • Check the roles/permissions for appropriate settings
  • Check for RSS feeds as desired
  • Check that error reporting is turned off, to discourage hacking
  • Get a Sense of What’s Running
  • Complete a Module Security Review
  • Outline the information architecture of website
  • Identify if upgrades and fixes are necessary

You’ll receive a PDF report with a full list of recommendations, snapshot rating of your site, and our feedback. We will also identify a good starting point for you in moving forward with updating and upgrading your website as necessary.

We include a INsReady snapshot rating of your site. This includes a "CEO-Friendly" (for those who may not be tech savvy) rating in these areas:

  • Performance
  • Security
  • Maintainability
  • Usability
  • Ease of making changes going forward
  • Scalability
  • Expected useful life remaining

In most cases, where these rank low we can provide recommendations for improvement, often things that can be done with minimal budget. (We hear about frustration with Drupal a lot, but often the complaints are very easy to resolve!)

It is highly recommended that all new clients who have an existing Drupal website receive a Drupal Site Audit – at the minimum.

Because there is a wide range of complexity in existing websites, we have a base price with two custom add-on options.

Site Audit Options:

Site Audit

If you have a basic site without a lot of things going on, we can do a relatively in-depth audit of what you have. Sites with less than 7 - 8 content types, less than 3 - 4 roles, less than 2 - 3 custom modules generally fall under this category. We can always do a quick analysis of even complex sites, but that might not give us enough information to give an overall audit if there is a great deal going on.

At this level, we basically identify everything we can find that we consider to be non-standard (and if that's nothing, it means you should have a good site to work on). We also take a look at the theme in use and assess whether it has code that should be in a module, whether the themer used Drupal conventions, or what dragons lie there.

Add-on: Custom Code Analysis

If your site had a lot of custom work done, the simple site aduit won't necessarily be deep enough to understand whether that work was done in a secure best-practices way, or if it's a sizable mess.

If you have doubts about your previous developer and know there is custom code that nobody else knows anything about, we can do some custom code analysis and identify how the code integrates with Drupal. We often identify major security holes in these sorts of reviews.

We will review up to 6 custom modules, with up to 2000 lines of custom code for a flat rate add-on. Larger custom code-bases may require further review on an hourly basis – we can prioritize this review and get the most critical bits assessed, then recommend a budget.

Add-on: Scenario Testing

When your web site is supposed to work in a specific way, but it doesn't appear to be working that way, we can develop an automated test to replay on your site. This provides a great tool that verifies it's working incorrectly, then later it enables us to verify a fix. This is the start to identifying, at a very concrete level, the user stories for a particular scenario.

If you know your site isn't behaving properly, but don't know exactly how, our Scenario Testing add-on can help get to the bottom of it.

We will create up to 4 automated test scripts for specific scenarios and document how it's supposed to work – along with how it actually does. We will do this in a safe “testing” environment to avoid any disruption to customers/employees during our testing process.

Included in your Report

  • A "CEO-Friendly" rating of your site (The the attached example below).
  • An introductory high-level overview and narrative of the site development practices, distribution, overall analysis of content types and how they are being used, user counts, any e-commerce functionality, etc.
  • Our general recommendations based on our analysis of the site.
  • Site statistics summary of nodes, content types, webforms, etc.
  • Module analysis.
  • Content type analysis.
  • Theme analysis.
  • Code base analysis.
  • Custom module analysis.*
  • Develop automated scenario testing.**
  • Noteworthy pages/features and miscellanea.

* These items are enumerated in the site review, but for a more detailed analysis, they must be purchased as add-ons to the site review.
** This is only included in the Scenario Testing add-on.

Our Audit Environment

Any INsReady Drupal Site Audit covers the cost of getting a copy of your site setup on our development servers (where our assessment tools are available and running), doing a complete backup of your site's database and code base, and putting your site into source code management. So by the time the site audit is done, we're ready to get started on development of your site, getting it up-to-date, and launch into your list of improvements straight away!


Drupal Site Audit: 1,500 USD
Site Audit Add-ons:
Scenario Testing, +1,000 USD
Code Analysis, +1,500 USD