19 September I’ve Installed DNN. What’s Next? September 19, 2019By Will Strohl | 6 MIN READ Sometimes it’s easy to forget some of the simple things when you've been working with something over a long period of time. When this happens, it's easy to overlook how technical, difficult, hidden, or simply not obvious things. You end up in something of an auto-pilot mode. This article helps to outline some of the quick-and-easy things that we often do after first installing DNN. Are you not on DNN right now? No worries. Many of these tips can be applied to most other platforms and solutions. Once you have DNN installed, you're in the prime position to configure everything exactly how you want it. If you were a painter, this is the moment when you have all of the paints ready and your white canvas is untouched, sitting in front of you. By the way, this is one of the original reasons why I fell in love with DNN to begin with. You're literally only limited by your creativity when it comes to the type of website you want to build. Then, everyone in the organization can help manage it, regardless of their technical expertise. When it comes to the steps below, some of them may be or feel subjective. Not every website is the same. If you need to do more or less in your environments, then you should. Oh, and it's worth noting that everything listed here can be done through existing configuration features found in the Persona Bar. Update the Site Settings There are a large number of potential updates that can be immediately done in the Site Settings area. The ones we focus on most often are below. Default Metadata: In addition to the Site Name saved and automatically used for pages that don't include their description and keywords. Logo: Even if your theme (incorrectly) overrides the logo feature in DNN, you should add the logo here so that it correctly shows in all areas where the logo setting is used. Favicon: Lots of people (incorrectly) override the favicon in another way as well, but this setting is the correct way/place to do that. Once the cache is cleared in DNN and the web browser will begin to show this in the tabs and bookmarks for your website. Copyright: The copyright should accurately reflect the legal name of your organization (e.g., Upendo Ventures, LLC). Just be sure to leave in the [year] token. This will ensure that you never need to remember to update the copyright on your website every year. That is, as long as your theme was (correctly) built to use it. Time Zone: This is not a 100% required thing to update, but it sure will help to reduce weird oddities that sometimes occur related to the differences in time zone with the website, logging, and user profiles. Disable Private Messaging: Unless you are building a website that makes use of the social features, this should be disabled. Historically, this has been exploited by folks to spam other users in the website. Copyright & DNN Improvement Program: These settings are right next to each other. You generally don't want to include the copyright in the HTML output of the web pages. Disabling this helps to reduce the payload of each page your website serves, but it also is a good thing to turn off for the sake of security. The improvement program was never really used. Turn it off to stop sending usage data to DNN Corp. There are other settings in this area that we adjust, and they're discussed below. Security Updates There are two very specific security settings that we set immediately. Registration: When it comes to registration, we will turn it off immediately on any website that doesn't require visitors to register. If you must have registration enabled, we'd suggest using either Private or Verified (self-service). Enable SSL: Even in local development environments enabling SSL (a.k.a., HTTPS) is important. Honestly, you shouldn't release any website anymore that isn't secured by SSL. Enabling this in all environments ensures easier transitions between them, as well as consistent management and testing. Update Privacy Settings Found in the Site Settings, there are a couple of settings to consider if you're at all concerned about being compliant with GDPR and other regulations across the world. User Profile Fields: There are profile fields that are added by default that you may not need. We often delete many of them, including address, phone number, etc. If we don't store the information, then we don't need to worry about protecting it. Cookie & Data Consent: There are relatively new settings found in DNN 9.3.xx and 9.4.xx where you're able to choose to enable and adjust how cookie and data consent is handled on your website. Set-Up the E-Mail Server DNN and many custom and third-party extensions tend to send e-mails out. You'll not only want to ensure that this setting is correctly configured to use your SMTP relay provider (e.g., SendGrid), but you'll likely have this setting use different settings in each environment. Production may have a different provider and/or authentication compared to your staging/testing environment. Likewise, it's very common to use a completely different provider in development environments where using a relay is unnecessary altogether with tools like Smtp4Dev existing. This setting is found in the Servers view of the Persona Bar. Adjust the Performance Settings Performance is important for every website out there. Like with most other things, we tend to want to built and test using an environment that's as much as possible configured the same way as production. Unless websites have a specific requirement to do something else, we enable the following performance settings. These settings are found near the SMTP settings. Page Output Cache Provider: Choose Memory unless you have a reason not to. Cache Setting: HeavyCaching (or Heavy) is almost always the best choice here. This helps cache information for a longer period of time. (In some versions of DNN, you might find this to be the default.) Authenticated/Unauthenticated Cacheability: On almost all websites, we typically enable the Public setting so that cache may be stored on remote cache servers. Depending on the nature of the website, we may make a different choice for authenticated end-users. Client Resource Management: We often enable the CRM setting to allow composite files to be created and used. While this is usually safe to do, you'll want to be careful with the minify settings. No matter what settings you use here, be sure to test your changes to be sure that nothing breaks. Update Google Analytics By default, you'll see DNN ship with an older implementation of Google Analytics at the moment. So this update is where we update the script using the Config Manager to use the Universal Tracking Code and then save the GA tracking number as well. Update the Terms of Use and Privacy Statement There is luckily a Terms of Use and Privacy Statement that ships with DNN that you can use out-of-the-box. This is a great thing since it saves you a ton of time and expense. However, unless your company resides in San Mateo, San Mateo County, California, you'll want to review both using the Languages feature for accuracy and make any other updates you find. In fact, it's not a bad idea to have your legal counsel review them. Turn Off Auto-Upgrade Also using the Config Manager, this and the remaining configuration options need to be changed in the web.config. Password Expiration In most cases, the default period of time for password expiration is not desirable. It expires far too quickly. We update the web.config to adjust the following values. PersistentCookieTimeout: from 0 to 20160 (minutes) forms > timeout: from 60 to 120 (minutes) Change the Update Service Mitch Sellers did a great job of building, rolling out, and documenting an alternative update service for DNN. This replacement service will give us as a community the ability to actually see and use the information that the update service is storing. Enable a CDN Service/Provider Finally, we always implement a CDN type of service/provider for nearly every public-facing production website. Our most common one is CloudFlare. We love the entry-level pricing of free, as well as how easy it is to manage. This helps the website serve even less content (higher performance), control access to the website on the edge through firewall rules, as well as reverse implement proxy settings that are very useful for security. Oh, and it does a great job of detecting and stopping bots from ever getting to your website. If you have a budget for it, we also recommend Incapsula as an alternative to CloudFlare. Its bot detection appears to be a bit better, in my experience. There are more things that we do sometimes, but they're currently slated to be adjusted already for us in an upcoming release of DNN, very soon. How about you? Did we miss something you do? Let us know in the comments? Let's Chat! We'd love to work with you. Let's talk about how. Contact Us September 19, 2019By Will Strohl Technology, Website Best Practices, Branding, DNN, DNNCMS, Performance, Security, Website Design, Websites About the Author Will Strohl Founder & CEO Upendo Ventures Overall, Will has nearly 20 years of experience helping website owners become more successful in all areas, including mentoring, website development, marketing, strategy, e-commerce, and more. Please enable JavaScript to view the comments powered by Disqus. blog comments powered by Disqus Related Posts DNN-Connect 2019 Recap: The Next Phase of Our Journey I’m not yet out of Europe. I’m sitting in my hotel room in Paris, enjoying the sounds of the city, just blocks away from the Eiffel Tower. I spent about an hour last night after midnight, exploring the city. I can’t help but reflect on what DNN has done for my life. It’s quite literally changed it, for the better, time and time again. As a minor and superficial example, over 15 years ago when I started with it, I never thought it would lead me to Switzerland or France, much less riding a scooter around the Eiffel Tower after midnight. I’ve come a long way over the years, and so has our community. We’ve all grown, and this conference marked an important new milestone in our mutual journey. DNN Summit Session: DNN Upgrades Made Simple Our second and final session at DNN Summit 2021 was about upgrading DNN. After having upgraded literally thousands of DNN websites over the past 18 years, this session is the culmination of everything I've learned over that period of time. Most of the issues we run into tend to be completely avoidable. DNN Awareness Group August 2018 Meeting Recap The Awareness DNN Ecosystem Advisory Group held its August meeting yesterday. We had new members and some exciting updates, including new DNN extensions, interesting blog posts, and a DNNSoftware.com website proposal. Our group continues to do a great job of creating and spreading DNN-based content around the world. This is especially exciting since many people have been having their vacations recently. An Interview with David Poindexter About nvQuickPulse and More If you've been around DNN for a while, you may vaguely remember a monthly show that existed where myself and Joe Brinkman spoke about the various interesting news items of the month, and we also interviewed various folks in the DNN community. Well, it's back! That's right. This is the first of many DNN Hangout shows for you to enjoy. DNN Awareness Group September 2018 Meeting Recap The Awareness DNN Ecosystem Advisory Group held its September meeting yesterday. We had new members and some exciting updates, including DNN Open Friday, interesting blog posts, and updates on the upcoming community dashboard. Our group continues to do a great job of creating and spreading DNN-based content around the world. We are about to turn a couple important corners. Exciting! Get Support Today. Get Glanton Next Week. We’re proud to officially announce the launch of Upendo DNN Support, our new subscription-based service for DNN Platform users. This offering has been in the making for some time, and it reflects our ongoing commitment to helping businesses succeed with DNN — with confidence, clarity, and continuity.