HomeDrupalHow We Achieved 513% ROI with a Drupal Site Audit

How We Achieved 513% ROI with a Drupal Site Audit

You’ve invested heavily in a Drupal website. But are you losing money every day through missed opportunities and increased costs? Here’s how we’ve helped clients – from start-ups to nonprofits to big brand names – increase their website ROI 513% starting with an inexpensive but in-depth Drupal audit.

You researched thoroughly, and decided that Drupal was the best solution for your needs.  You invested a substantial amount, both of time and money, and worked with a trusted partner to get the website deployed. But ever since then, you’ve had issues with updates, unexpected slowness or latency, abandoned shopping carts if you’re in e-commerce, and a variety of confusing problems.  And these are just the things you are aware of.

Your web presence is a critical component of your organization’s overall ability to achieve its goals in today’s increasingly competitive landscape. Furthermore, a single under-performing aspect could mean the difference between success and failure. Regular audits can help maintain peak performance as well as identify pain points that need to be addressed. For example, are the issues you’re experiencing related to the site itself, or is it the underlying infrastructure, or is it some 3rd-party dependency?

Recently, we were lucky enough to work with a non-profit client on a comprehensive audit of their Drupal site. Through a variety of issues initially identified, and then corrected by our team, we were able to improve the site’s overall performance by 277% while reducing the cost of site management by 45%. This combined improvement ROI improvement of 513% was not unique. In fact, it’s not even that unusual.

Find out more about our Drupal audits by requesting a free consultation

If you’ve ever bought or sold a home, you are probably familiar with the stress associated with the inspection process. A single crack in a house’s foundation can put the entire deal in jeopardy because a lender might not be willing to take on the risk’s associated with an expensive mortgage. While this may be a frustrating discovery for all parties involved, its better to find as soon as possible so that these issues can be fixed before they get even worse and (possibly) unresolvable.

If you’ve ever owned or operated a business with a web presence, you’re probably equally aware of the stress associated with keeping these safe from hackers, human error, and random acts of god. A single vulnerability can be exploited to take down a critical piece of IT infrastructure necessary to keep a business going and growing. This is becoming even more important as companies are beginning to rely more and more on their web and IT properties to find new customers, create new revenue streams, manage sensitive customer or employee data, and so on.

Request a free Drupal audit consultation now

Similar to the obvious need for inspecting a house prior to taking on a mortgage, there is great value in performing routine audits on all web properties to pinpoint any possible pain points and prevent them from progressing past the point of no return. This is especially important when a site has been operational for many years because new functionality is often gradually introduced to and bolted on top of old functionality in an ad-hoc manner because of company’s evolving needs. An audit can provide the opportunity to step back and review the impact of all these changes. Audits can also be valuable from the perspective of establishing a relationship with a new vendor prior to taking on an upgrade or a complete replacement of an existing system.

In short, audits are a great way to verify that a website is doing the best job it can for your business or organization. And there are a variety of free tools available that you can use to perform this yourself, at least at a moderate level.

Automated Reporting Tools

At NEWMEDIA, we use a combination of automated tools and manual inspections when evaluating a Drupal site. The benefit of using automated tools is that they can often quickly generate reports to give an “at a glance” overview across many different topics. A great example of this is the Site Audit module. With a single drush command, you can get a easy to read and color coded report that reviews everything from cron to aggregation and caching settings. It also provides specific information as to why it’s an issue as well as recommendations on how to resolve it.

Here is a full list of tools we use to help automate the audit process as much as we can:

In addition to modules that help identify issues, here are some useful modules that will help you lock down a site:

Manual Inspection

Tools that can provide automated reports are incredibly valuable by themselves (particularly from cost perspective), but they are not sufficient in guaranteeing a thorough audit. For starters, some of the recommendations are generalized and may not be appropriate for your specific needs. A common example would a recommendation to cache all views when a particular website may require that a view to update on every page load. In these instances, a recommendation to change this setting should be ignored.

Another shortcoming of publicly available automated testings tools is that there are only so many things that they can test against before they become site specific. And any website that is more complicated than a brochure website is likely to have custom functionality, configurations, and code. If those areas are not investigated further, a single missed item could expose a vulnerability that can undermine everything else.

Here’s a great example that’s still valid as of this article’s publish date (July 16th, 2014). Stripe for Ubercart is a payment processor that helps reduce the risks associated with accepting credit card payments online. The Stripe API does this by allowing the browser to, through the use of their JavaScript library, directly post the customer’s credit card details to their servers and then use a one time token to validate that order on a Drupal site. If done properly, the credit card information is never sent to the Drupal website.

Unfortunately, the Ubercart Stripe module doesn’t use the Stripe API in the manner it was intended. Instead, it follows the pattern used by other Ubercart payment modules and it temporarily stores the users credit card on the order object. This completely undercuts one of the primary reasons for using Stripe in the first place! The worst part about this is a person deciding to use this module would never know this as a result of using an automated tool to audit the module itself. We know this because we discovered this exact security snafu for a client, who has since opted to change to another (and far more secure) payment gateway solution.


You can’t fix what you’re not aware of, and our clients are consistently surprised with just how much is uncovered. That’s the bad news. The good news is that there are usually a few areas that can make a big impact on performance and security. Addressing a site’s caching strategy can significantly reduce page load times and the server resources needed to maintain them. Fixing role permissions and the input filters can help protect your site from malicious cross site scripting attacks. And the more issues that you address, the more stable, secure, and performant your website will be, which will ultimately improve your ability to maintain and grow your business or organization.

Getting Started

We’d love to work with you. We can provide a wealth of knowledge and experience, and save you time and money, dramatically streamlining the process along the way. Simply call us at 303-860-6050, or fill out our contact form and we’ll get back to you shortly. There’s no cost, or obligation.