Are you not on DNN right now? No worries. Many of these tips can be applied to most other platforms and solutions.
Once you have DNN installed, you're in the prime position to configure everything exactly how you want it. If you were a painter, this is the moment when you have all of the paints ready and your white canvas is untouched, sitting in front of you.
By the way, this is one of the original reasons why I fell in love with DNN to begin with. You're literally only limited by your creativity when it comes to the type of website you want to build. Then, everyone in the organization can help manage it, regardless of their technical expertise.
When it comes to the steps below, some of them may be or feel subjective. Not every website is the same. If you need to do more or less in your environments, then you should. Oh, and it's worth noting that everything listed here can be done through existing configuration features found in the Persona Bar.
Update the Site Settings
There are a large number of potential updates that can be immediately done in the Site Settings area. The ones we focus on most often are below.
- Default Metadata: In addition to the Site Name saved and automatically used for pages that don't include their description and keywords.
- Logo: Even if your theme (incorrectly) overrides the logo feature in DNN, you should add the logo here so that it correctly shows in all areas where the logo setting is used.
- Favicon: Lots of people (incorrectly) override the favicon in another way as well, but this setting is the correct way/place to do that. Once the cache is cleared in DNN and the web browser will begin to show this in the tabs and bookmarks for your website.
- Copyright: The copyright should accurately reflect the legal name of your organization (e.g., Upendo Ventures, LLC). Just be sure to leave in the
[year] token. This will ensure that you never need to remember to update the copyright on your website every year. That is, as long as your theme was (correctly) built to use it.
- Time Zone: This is not a 100% required thing to update, but it sure will help to reduce weird oddities that sometimes occur related to the differences in time zone with the website, logging, and user profiles.
- Disable Private Messaging: Unless you are building a website that makes use of the social features, this should be disabled. Historically, this has been exploited by folks to spam other users in the website.
- Copyright & DNN Improvement Program: These settings are right next to each other. You generally don't want to include the copyright in the HTML output of the web pages. Disabling this helps to reduce the payload of each page your website serves, but it also is a good thing to turn off for the sake of security. The improvement program was never really used. Turn it off to stop sending usage data to DNN Corp.
There are other settings in this area that we adjust, and they're discussed below.
There are two very specific security settings that we set immediately.
- Registration: When it comes to registration, we will turn it off immediately on any website that doesn't require visitors to register. If you must have registration enabled, we'd suggest using either
- Enable SSL: Even in local development environments enabling SSL (a.k.a., HTTPS) is important. Honestly, you shouldn't release any website anymore that isn't secured by SSL. Enabling this in all environments ensures easier transitions between them, as well as consistent management and testing.
Update Privacy Settings
Found in the Site Settings, there are a couple of settings to consider if you're at all concerned about being compliant with GDPR and other regulations across the world.
- User Profile Fields: There are profile fields that are added by default that you may not need. We often delete many of them, including address, phone number, etc. If we don't store the information, then we don't need to worry about protecting it.
- Cookie & Data Consent: There are relatively new settings found in DNN 9.3.xx and 9.4.xx where you're able to choose to enable and adjust how cookie and data consent is handled on your website.
Set-Up the E-Mail Server
DNN and many custom and third-party extensions tend to send e-mails out. You'll not only want to ensure that this setting is correctly configured to use your SMTP relay provider (e.g., SendGrid), but you'll likely have this setting use different settings in each environment. Production may have a different provider and/or authentication compared to your staging/testing environment. Likewise, it's very common to use a completely different provider in development environments where using a relay is unnecessary altogether with tools like Smtp4Dev existing.
This setting is found in the Servers view of the Persona Bar.
Adjust the Performance Settings
Performance is important for every website out there. Like with most other things, we tend to want to built and test using an environment that's as much as possible configured the same way as production. Unless websites have a specific requirement to do something else, we enable the following performance settings.
These settings are found near the SMTP settings.
- Page Output Cache Provider: Choose
Memory unless you have a reason not to.
- Cache Setting:
Heavy) is almost always the best choice here. This helps cache information for a longer period of time. (In some versions of DNN, you might find this to be the default.)
- Authenticated/Unauthenticated Cacheability: On almost all websites, we typically enable the
Public setting so that cache may be stored on remote cache servers. Depending on the nature of the website, we may make a different choice for authenticated end-users.
- Client Resource Management: We often enable the CRM setting to allow composite files to be created and used. While this is usually safe to do, you'll want to be careful with the minify settings.
No matter what settings you use here, be sure to test your changes to be sure that nothing breaks.
Update Google Analytics
By default, you'll see DNN ship with an older implementation of Google Analytics at the moment. So this update is where we update the script using the Config Manager to use the Universal Tracking Code and then save the GA tracking number as well.
Turn Off Auto-Upgrade
Also using the Config Manager, this and the remaining configuration options need to be changed in the web.config.
In most cases, the default period of time for password expiration is not desirable. It expires far too quickly. We update the web.config to adjust the following values.
PersistentCookieTimeout: from 0 to 20160 (minutes)
timeout: from 60 to 120 (minutes)
Change the Update Service
Mitch Sellers did a great job of building, rolling out, and documenting an alternative update service for DNN. This replacement service will give us as a community the ability to actually see and use the information that the update service is storing.
Enable a CDN Service/Provider
Finally, we always implement a CDN type of service/provider for nearly every public-facing production website. Our most common one is CloudFlare. We love the entry-level pricing of free, as well as how easy it is to manage. This helps the website serve even less content (higher performance), control access to the website on the edge through firewall rules, as well as reverse implement proxy settings that are very useful for security. Oh, and it does a great job of detecting and stopping bots from ever getting to your website. If you have a budget for it, we also recommend Incapsula as an alternative to CloudFlare. Its bot detection appears to be a bit better, in my experience.
There are more things that we do sometimes, but they're currently slated to be adjusted already for us in an upcoming release of DNN, very soon.
How about you? Did we miss something you do? Let us know in the comments?