Error message

Deprecated function: Array and string offset access syntax with curly braces is deprecated in include_once() (line 20 of /homepages/38/d491100171/htdocs/drupalden/includes/

Drupal site go-live checklist

Here's a list of the most basic stuff I usually check when putting a site live. Of course this will change depending on what modules you have used and that sort of thing, but should be applicable to most Drupal sites.

  • Enable your Performance settings
    This is an important one! Enable page caching, as well as compression and aggregation of your CSS and Javascript files (/admin/config/development/performance). This will improve your page load times substantially and reduce your database load. It's also a good idea to include all JS and CSS files within your themes .info file so that they are aggregated and compressed too.
    Besides only using the default in-site caching you should also consider using things like APC, Memcache, Varnish...
  • Ensure your settings.php file is read-only
    When in development you may have been making regular changes to your settings.php file. Make sure it's read-only on the production environment.
  • Check robots.txt file
    Make sure that this is configured correctly, particularly if you’ve disallowed all pages in order to stop the search indexes from spidering your site prior to go-live.
  • Check your BaseURL and Cookies settings
    If you have either of these set in your settings.php file - they aren't by default - then update them to your live domain settings.
  • Update your database settings
    Change your database connection settings to reference your production database.
  • Change your admin & account passwords to something secure
    Quite often you use a simple password, like 'password' while in development phase.
  • Check the account creation & administration settings
    Check the details of who can create accounts, and what the process is around that. If your site is only going to be accessed by anonymous users you'll probably want to set it so that only Administrators can create new accounts. This isn't set by default and you're likely to end up with a load of spam account creation requests.
  • Check you have enabled your Analytics tagging
    I usually disable analytics for in-dev sites so as not to impact on the live site stats. In fact even on live I usually disable analytics for users logged in as admin.
  • Check your file system configs
    Update your file system paths if they happen to be different on your production environment (/admin/config/media/file-system).
  • Disable & uninstall modules that aren't being used
    Quite often you may end up with modules that aren't being used. Disable, uninstall and delete these completely as they can still impact on your sites performance.
  • Disable Developer Modules and any other debugging
    Unless you have a specific reason you should disable these on production sites. This includes things like the Views UI, Context UI & Field UI.
  • Remove the Drupal 7 generator meta tag
    By default a meta tag is included on D7 sites which identifies them as being built on Drupal. This is unnecessary and from a security perspective could be used to identify Drupal specific sites for attack. If you use the metatag module you can disable this under the global settings, otherwise there is a specific module for this:
  • Once live check you've disabled maintenance mode
    Not something you're likely to forget, but worth mentioning just in case
Drupal version: 
Justin Chevallier

Justin Chevallier

Avid Drupal site builder & user for +10 years.

Add new comment

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.