This is a collection of tips focused on bringing newbies up to speed on understanding important concepts, settings, and techniques that will form the basis for more advanced use of Drupal.
It will initially include a lot of stubs (placeholders) for future tips as I think of them (so they won’t be forgotten), to be completed later when I have time. Feel free to comment on any stub ideas though and I will incorporate feedback into the tips. If there are already Drupal docs on a stub/idea here (entirely possible, quite likely really), please help out by posting a link to it in the comments.
Ultimately, the tips will be put into some semblance of an ideal order, walking a Drupal newbie from a state of uber-noobdom towards the much-coveted title of Drupal Ninja :)
Stub
For improved security you should not use the main administrator account (user 1) on a day-to-day basis. Instead, you should create a “site admin” role for your personal account.
Option of using the Admin Role module to maintain full permissions for the site admin role automatically as new modules are installed, and/or tip about using Web Developer toolbar’s Forms > Populate Form Fields feature to automatically check all permissions for the site admin role.
Stub
The default (and suggested, since it is much safer to use) “Input format” in Drupal is called Filtered HTML. What this does is allows only HTML tags that have been predetermined to be allowed for use in content on your Drupal site. Anything that is not in the list of pre-allowed HTML tags will simply be ignored by Drupal and won’t show up on the page. You can use the Full HTML Input format if you must (which allows “almost” all HTML through besides particularly dangerous code), however it is a good habit to use Filtered HTML whenever possible (and you should “never” allow any user on your site besides yourself or trusted staff to use anything other than Filtered HTML, or they could accidentally - or purposefully - cause problems on your site ranging from basic formatting issues all the way to completely compromising the security of your site). Here’s a good example that illustrates why you should not use Full HTML (especially for both anonymous and normal registered users, though again, don’t use it at all if you don’t have to).
The suggested method is to add only the HTML tags you know your site’s content requires. You can do that by going to Administer > Site configuration > Input formats > Filtered HTML > Configure (admin/settings/filters/1/configure).
In the Allowed HTML tags field, delete the short default list of tags, and enter the following more-complete list of HTML tags:
<a> <em> <i> <strong> <b> <u> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <p> <br> <h1> <h2> <h3> <h4> <h5> <h6> <div> <span> <blockquote> <img>Feel free to add or remove other tags if you are certain that you need to use them in your content, and if you are certain that they are safe.