Last updated June 1, 2015. Created on August 10, 2012.
Edited by hkovacs, HongPong, serjas, jaisenan. Log in to edit this page.

Basic settings

Theme optimization

  • Manually Remove blankspaces and comments from .tpl
  • No indentation in .tpl
  • Turn on CSS and JS aggregation in the performance page
  • Manually reduce css file size by removing duplicate and combine similar together
  • Move codes to functions which should be in a custom common module. Use functions for similar problems instead of coding separately. Refer core API

Coding standard and proper use of already existing core API

Secure codes

DB Query optimization in codes

DB table optimization

Disable unnecessary modules

  • Devel
  • Statistics
  • Update status
  • Use syslog instead of Database logging

Remove unnecessary contents and others

Cache modules

Make changes according to Google Pagespeed and yahoo YSlow suggestions

MySQL Settings

  • Cache Size say 32MB in MySQL

Apache settings

  • DNS lookup : OFF
  • Set FollowSymLinks everywhere and never set SymLinksIfOwnerMatch
  • Avoid content negotiation. Or use type-map files rather than Options MultiViews directive
  • KeepAlive on, and KeepAliveTimeout very low (1 or 2 sec)
  • Disable or comment access.log settings
  • Enable mod_deflate or mod_gzip
  • Install APC server with higher memry limit apc.shm_size = 64

Looking for support? Visit the forums, or join #drupal-support in IRC.


jaisenan’s picture

Thanks Serjas,
These tips are very helpful.

yngens’s picture

Quoting Locutus of Virtualmin project from

It would seem to me that the Drupal guys doesn't overly care about security, if they instruct users to apply the insecure FollowSymlinks everywhere.

They should be made aware of this potentially serious issue and make their software work with SymlinksIfOwnerMatch.

It would be nice if some kind of consensus over this controversial "SymLinksIfOwnerMatch" security thing would be arrived to.

jalilkhan’s picture