Last updated November 10, 2015. Created on August 10, 2012.
Edited by ashish_nirmohi, hkovacs, HongPong, serjas. Log in to edit this page.

Basic settings

  1. Configure cron job (for drupal 6 )
  2. Make sure all cache tables are clearing properly especially cache_form
  3. Enable cache options in performance page
  4. (For Drupal 6, )

Theme optimization

  1. Manually Remove blankspaces and comments from .tpl
  2. No indentation in .tpl
  3. Turn on CSS and JS aggregation in the performance page
  4. Manually reduce css file size by removing duplicate and combine similar together
  5. Move codes to functions which should be in a custom common module. Use functions for similar problems instead of coding separately. Refer core API

Coding standard and proper use of already existing core API


Secure codes


DB Query optimization in codes

  1. Join db queries whenever possible
  2. For Db update and insert, use core API
  3. Use drupal standard

DB table optimization


Disable unnecessary modules

  1. Devel
  2. Statistics
  3. Update status
  4. Use syslog instead of Database logging

Remove unnecessary contents and others

Cache modules

  1. Make use of Memcache module to reduce Database overhead ( ) Or
  2. APC (for drupal 7, )
    (for drupal 6, + (optional) )
  4. Some module may help improve (or )

    Make changes according to Google Pagespeed and yahoo YSlow suggestions

    MySQL Settings

    1. Cache Size say 32MB in MySQL

    Apache settings

    1. DNS lookup : OFF
    2. Set FollowSymLinks everywhere and never set SymLinksIfOwnerMatch
    3. Avoid content negotiation. Or use type-map files rather than Options MultiViews directive
    4. KeepAlive on, and KeepAliveTimeout very low (1 or 2 sec)
    5. Disable or comment access.log settings
    6. Enable mod_deflate or mod_gzip
    7. Install APC server with higher memry limit apc.shm_size = 64

Looking for support? Visit the forums, or join #drupal-support in IRC.


jaisenan’s picture

Thanks Serjas,
These tips are very helpful.

yngens’s picture

Quoting Locutus of Virtualmin project from

It would seem to me that the Drupal guys doesn't overly care about security, if they instruct users to apply the insecure FollowSymlinks everywhere.

They should be made aware of this potentially serious issue and make their software work with SymlinksIfOwnerMatch.

It would be nice if some kind of consensus over this controversial "SymLinksIfOwnerMatch" security thing would be arrived to.

jalilkhan’s picture