Knowledge Base

How to identify and avoid harmful Drupal modules

This article provides recommendations about how to detect Drupal modules that can negatively affect site and server performance.

General recommendations

While most modules are not malicious, many developers do not consider the performance impacts their features can have on a site and server. Poorly designed modules can negatively affect a site's:

  • Stability
  • Performance
  • Security

Therefore, a module's reputation is very important. Before you download and install a module, research its online reviews. Does it have consistently negative reviews (or no reviews at all)? If so, you should be cautious.

Some useful search terms for investigating a module are as follows (replace module with the name of the module you are researching):

  • "module issues"
  • "module performance"
  • "module security"

If you are suspicious about a particular module, there is often another module with the same functionality that has a better reputation, support, or performance.

The following sections discuss the specific types of modules that most commonly affect server performance.

Image manipulation modules

It may seem convenient to be able to crop and resize a batch of images using a module. However, when you use the web server to do back-office image processing, it can generate a significant load on the processors.

If you use an image manipulation module, be aware of the original size of the images you are trying to process. If you can, use a local computer to resize images to an appropriate web-safe size before you upload them to the server.

Modules that do a one-time optimization of images when they are first uploaded generally do not cause a problem.

Related post and related product modules

A large part of the success of online shops is the ability to offer suggestions to customers based on products that they have viewed or are currently viewing. Modules generally use one of two methods to provide this functionality (these methods also apply to generating related posts for blogs):

  • The first, and more appropriate, method is to pre-process related products in batches and store a cached copy of related products. The application can then use the cached copy to generate page content faster.
  • The second, and less preferred, method is to offer a new customized list of related products every time a page is loaded.

Try to determine which method a module uses to generated related content. It can have a significant impact on your site's performance.

Audit logging modules

It may seem like a good idea to log every single activity that happens on a site in the database. Then if there is a problem, you can find out what happened, right? Unfortunately, excessive logging can generate huge database tables that make a site and its server progressively slower, outweighing any potential diagnostic benefits.

On a more practical note, to track down a problem you must find any relevant data among all of the irrelevant data in the log. Processing this data can be a very processor-intensive task. If you must use audit logging, keep the amount of data logged to a minimum, and make sure that old log data is purged after a few days. This will help prevent database tables from growing to unmanageable sizes.