If you have a Drupal site and you need to go to production, here is the list of going to production for the first time.

Server side configurations
Configure reverse proxy

Making sure the reverse proxy configurations are set and Drupal can know the real IP of each user.

[security] Restrict access to some folders

Make sure to restrict access to these folders and files: `/core/tests` AND `/core/scripts` AND `/core/install.php`.

[security] Hide X-Generator header

As a security move, you should hide any common things that will allow visitors to know the scripts that you are using on your site. One of the simple things is the generator information.

Contrib modules
Configure a password policy for your site users

If you have users you may want to download and enable the password policy module to help your users to protect themselves.

[security] Setup Captcha

If you still don't believe in Captcha, you should do, please. At least you can use some smart ways to prevent spammers. Make sure the captcha or any solution that you will use is working well on your website. Especially on Contact us form or any form for visitors.

Antibot : Prevent forms from being submitted without JavaScript enabled.
CAPTCHA : Provides CAPTCHA for adding challenges to arbitrary forms.
Honeypot : Mitigates spam form submissions using the honeypot method.
CleanTalk : Antispam service from CleanTalk to protect your site.
Human Presence Form Protection : Human Presence is a fraud prevention and form protection service that uses multiple overlapping strategies to fight form spam.
Recaptcha Element : Provides a Webform Handler that allows you to enable reCAPTCHA protection on a webform using the webform UI.
[security] Set the proper Content-Security-Policy header

You can download and configure the CSP contrib module. This is a powerful module. Beware that this module might broke your site CSS and JS while it is enabled since it will block some external files like some CDN and any external services. And you need to allow these URLs in the configuration section of this module.

Review if you need to have any analytics services

In case you use Google Analytics check if you already finished the setup of Google Analytics or you should do so.

Site configurations
Disable UI modules

When you are going to production, it's better to disable any UI modules and some modules like `Update manager` module to avoid any performance issues.

Review user registration access

If your site does not need any visitors to register by themselves make sure to disable user registration. You can navigate to Home > Administration > Configuration > People > Account settings.

Review site basic information configuration

Check the site name in and the site mail and the default home page. You can navigate to Home > Administration > Configuration > System > Basic site settings

Review your site favicon

If you still didn't upload your Favicon you may want to upload yours now.

Disable /node page

For me, this is the first thing that I do always. The `/node` page is created via Views and can be disabled from the views page list. Make sure you are not using it as a home page before disabling it.

Review views permissions

Review all views permissions. Are the domain will be public. Are you sure your views not exposing any private content?

Disable showing errors

Check and disable showing errors from Config > Development > Logging

After going live
Setup a cronjob

Setup the cronjob every minute. You can do that by running the needful drush command.

Test files folder permissions on your server

Files folder permissions. Make sure Drupal can create folders inside the file. (try to upload any test file).

Double check Google Analytics

If you are using Google Analytics, after going production double-check the Google Analytics and make sure it is working well and counting your visitors. Sometimes you may realize that you missed it.

Test email sending functionality

Test email sending functionality on production. Can users reset passwords?


Do you like this checklist and want to see more? visit the Checklist everything. This website will give some sample checklists and checklists that you can have as samples to create your own list. Every checklist on this website is printable as PDF.

Follow us: