Subscribe to Planet Drupal feed
Drupal.org - aggregated feeds in category Planet Drupal
Updated: 10 hours 52 min ago

Promet Source: Real Solutions for Online Accessibility

Tue, 2019/10/01 - 7:21pm
If ADA compliance was not on your radar screen at the time your website was developed, you are in good company. But in the current environment, accessibility of your digital assets may be an ADA-mandated fact of life. A recent flood of lawsuits is driving home this reality and the fact is, sometimes the search for fast fixes can lead to unintended consequences. Of course, your objective is to get your website into conformance as efficiently and cost-effectively as possible. 
Categories:

Drupal Modules: The One Percent: Drupal Modules: The One Percent — Views Send (video tutorial)

Tue, 2019/10/01 - 4:10pm
Drupal Modules: The One Percent — Views Send (video tutorial) NonProfit Tue, 10/01/2019 - 09:10 Episode 54

Here is where we bring awareness to Drupal modules running on less than 1% of reporting sites. Today we'll investigate Views Send, a module which permits you to execute personalized mass mailings to recipients referenced in a view.

Categories:

Sooper Drupal Themes: Drupal accessibility: 20 Tips and More

Tue, 2019/10/01 - 11:43am
Drupal accessibility is vital for your website

It is vital to create accessible content on your website. Among your audience, people with impairments will also be included. On top of that, the website itself will become more user-friendly and you will better meet the Drupal accessibility standards that exist today. In this blog post, we will go over 20 tips that will improve your content and website accessibility, then I'm going to make a brief description of W3C and the WCAG guidelines and finally, I'm going to suggest 5 Drupal modules that will aid you in your quest to improve your Drupal accessibility. Let's get started.

1. Incorporate a Site Map

A site map is a beneficial tool that lets a user of your website assess the logical structure of your website. This, in turn, will make it easier for the user to be able to overview the content of your website. On top of that, it makes the content on your website easier to be accessed and increases your Drupal accessibility. 

2. ALT attributes to describe pictures

Alt attributes are a very important part of enabling your website to have accessible content. The main purpose of ALT attributes is that is going to help the search engines and website better be able to describe and understand what the picture is all about. This can be very helpful for people who can’t see and receive their image descriptions through audio feedback. Probably your website was built from the start with alt attributes in the content, but you need to train your writers and site maintainers to not skip over the alt attributes when updating the website.

3. Clean and distraction-free content

Another paramount point to make your content more accessible is to host your content on a clutter-free website. This will enable easier access to the content on your website. Which in turn will make it less frustrating for impaired people to navigate your website and to get to the important parts of it.

4. Clear and simple language

Language is another factor that has to be taken into account if you want to make accessible content. It’s important to adapt your language to be able to be understood by a wide range of people. That is why, even in writing, it’s important for the language level to remain conversational. That means no fancy words that can make it more difficult for the screen reader to do its job. If you install the Yoast SEO Drupal module you'll get a real-time score of how easy-to-read your content is! 

5. Meaningful link text

It is important that the link text is as clear as possible. Link texts like “click here” or “read here” are not descriptive enough. Instead, try to link a sentence or group of words that are describing what the link is about. This will lead to a decrease in frustration for users that are unable to see and use a reader.

6. Ensure keyboard accessibility

People that have motor disabilities, visual impairment or are amputees, often have trouble using a keyboard or any device that requires a high degree of motor coordination. That’s why keyboard accessibility is so important. The main point of keyboard accessibility is to make every element or link be selectable by using the TAB key. In order to test if your website has this functionality, just press TAB and see if every element will be able to be selected. This way, you will greatly reduce the struggles of impaired people.

7.Provide videos and audios with transcripts or captions

In order to make accessible content, video and audio should have transcripts or captions. This is a crucial step in making the content on your website accessible. With this, screen readers will be able to aid the visually impaired by reading the text, while the deaf will be able to read the text. 

8. Support screen readers

Screen reader support is the most important piece for improving your Drupal accessibility. With this kind of software support, your website will be able to read out loud the text that it’s being displayed on your website. Basically, it lets blind people hear the text from your website. On top of that, paired with captions and translations, the screen reader can also read what is happening in a multimedia video. Also, the screen reader gives two types of feedback, either through speech or through braille. A general awareness of how screenreaders work is a great first step in training your writers on accessibility.

9. Don’t use automated media

What is automated media? Automated media is the media that starts automatically after a website is accessed. It either can be an ad or a video. In both cases, it can be annoying for somebody with an impairment to have to find and mute or close the media windows. This is why automated media should be turned off on your website.

10. Review your website using automated accessibility assessment tools

It’s always a good idea to assess your website's Drupal accessibility with an automated testing tool for accessible content. This tool will automatically scan and see how compliant your website is. After this, you can see the areas of your website were your doing great and the areas were you could still improve on your accessibility.

11. Make your website seizure proof

It’s really important to make sure that your website is not causing some unwanted seizures in your audience. For example, someone that suffers from epilepsy can have it triggered by rapid flashing animations. A simple rule to avoid such an unfortunate event is to not have content that flashes for more than 3 times per second. This way you will make sure that you’re not going to trigger any photosensitive seizures.

12. Content that has to be input by the user has clear instructions

If a website requires its users to input content, then instructions have to be crystal clear in order to avoid confusion. The easy way to do this is to provide labels for every form control. Examples of such control are drop-down menus, text fields, and checboxes. On top of that, the labels have to describe the function and purpose of the control. This will make sure that the assistive technology will refer to the correct form, increasing your Drupal accessibility.

13. Character key shortcuts

If a website supports keyboard shortcut that consists of numbers, letters, punctuation or symbols, then it should have the option to be able to be turned off. This will make sure that people will not trigger accidentally a shortcut in by pressing on the wrong button.

14. Users are allowed to turn animations off

Another important feature that your website has to have in order to be more inclusive and accessible has to be the function to turn animations off. It’s important to have this feature because animations can be distracting and can make the navigation on your website harder.

15. Pointer gestures

Complex actions such as pinching for zooming or swiping should also be able to be done through other means. This will ensure that the people of your audience that cannot perform for various reasons, will not be left out. This is a vital point for your Drupal accessibility.

16. Motion actuation

The interaction that can be used by moving your phone, for example shaking it, should also be able to be done through the interface, without the need of physically doing the interaction. This will increase the Drupal accessibility, inclusiveness, and user-friendliness of your website.

17. No time limits

Having no time limits is really important. Imposing time limits on your website can make people with motor, visual or hearing disabilities have a hard time reaching their goal in a timely manner on your website. This, in turn, can lead to an increase in user frustration. In order to avoid that, disabling time limits is the way to go.

18. Text resizability

Another important aspect of improving your Drupal accessibility is text resizability. Basically, your website has to allow its users to zoom to up to 200% from the original size. This will ensure that even with some sort of visual impairment might be able to read the text or view your photos.

19. Visual presentation

This is another important criteria when you are considering making your website more inclusive. Adhering to this guideline will give our end users the ability to choose how to visualize your website. This includes the colors, the line spacing, and sizes. This will give your users the freedom to choose the visual representation of your website however it suits him best. 

20. Bypass Blocks

Another tip to make your website more inclusive and user-friendly is to create the opportunity for the users to be able to bypass blocks. This is important because a screen reader will read all the navigation links, header links and all sorts of repetitive content that is present on a website, regardless of how long the links are. Now, you can imagine how frustrating it can be for a person to have to sit and listen to a high number of links, that may be irrelevant for them, before actually getting to see or hear the content that they were originally searching for. This may lead to a lot of your visitors becoming frustrated and leaving your page. So, in order to avoid this situation, the easiest way is to provide a skip to content link in your header. With this, you create better Drupal accessibility for your website.

WCAG Guidelines

WCAG was developed by the W3C (World Wide Web Consortium) as a set of regulations that help make digital content accessible to all users, including those with disabilities.

 

There are 3 versions of these regulations. These are WCAG 1.0, WCAG 2.0 and WCAG 2.1. The latter two have at their core four basic principles that have to be met in order for a website to be compliant. These principles are as follows: 

  • Perceivable: The information and user interface has to be presented to the user in a way that can be perceived.

  • Robust: The content has to be robust enough to be able to be interpreted by many types of users, including assistive technology and future technology.

  • Operable: Navigation and user interface components have to be operable.

  • Understandable: Information and user interface have to be understandable.

 

On top of that, each guideline has a level of compliance that is assigned to it. The levels of compliance are as follows:

 
  • A: This level of compliance usually has the highest priority and is the easiest to achieve out of them all.

  • AA: This is a more extensive guideline. It is usually regarded as the standard to meet.

  • AAA: This is the most extensive design standards to meet. It is also more strict, thus it is the one that is the least common to meet.

 

Currently, most laws require websites to be WCAG 2.0 compliant. Only if the laws in your country explicitly state that your website should comply with the standards of WCAG 2.1, then you should adopt that. However, the W3C does suggest that the new website should be built in compliance with the WCAG 2.1 since they tend to be more inclusive and user-friendly.

Drupal Modules that help with your Content accessibility

Now that you have an idea of the compliance levels for accessibility, it’s time to see a list of Drupal modules that can help you improve the Drupal accessibility of your website and become more user-friendly and inclusive.

Automatic alternative text

This Drupal module makes it easy for the images on your website to have an alternative text, even if there is none specified by the user. This module uses Microsoft's Azure Cognitive Services API. It basically identifies what the image is about and makes a description or more based on the confidence level.

Text resize

This module allows the text on your website to be adjusted to the needs of your user. This module is available for both Drupal 7 and 8. 

Style Switcher

This module provides a high degree of functionality for the users that are suffering from colorblindness. It gives the ability for themers to create themes with alternative stylesheets. This, in turn, gives the ability for the user to select the right color scheme for their particular type of colorblindness.

Accessibility Scanner

This module allows you to perform website accessibility assessments in order to see where your website can be improved. This module has to be used in conjunction with achecker. On top of that, the websites that can be asses are both local and remote.

Fluidproject UI Options

This module provides the user with the ability to control and modify a page’s font size, font style, height, contrast and link style. On top of that, those preferences are remembered on the website by using cookies. A perfect module to ensure a higher degree of customizability for all its users.

Conclusion

Hopefully, now that you find out those tips and have a better understanding of the WCAG guidelines imposed by the W3C, you can put your newfound knowledge into practice and use the suggested Drupal modules to make the most amazing, inclusive and user-friendly website that you can make. These will get the Drupal accessibility of your website to new heights!

Categories:

qed42.com: Building custom skill for Alexa multi-turn dialog management

Tue, 2019/10/01 - 10:31am
Building custom skill for Alexa multi-turn dialog management Body

We have witnessed rapid developments around voice assistants over the past few years. With mobile users increasing exponentially every passing day it would be fair to assume that voice searches will rise simultaneously. Fiction has transformed into the truth, one can pose questions to a device and get human-like reactions, stunning isn't it? This is what millions of users are doing every day with Alexa, Apple pod, Google assistant, etc. User interfaces have changed over time, and with each new user interface, a bundle of new difficulties has emerged. 

 

Conventional user interfaces are displayed as controls in an application (text boxes, buttons) or web pages. They are vigorously utilized and have been demonstrated to be sufficiently effective for human-machine interaction. 

| The question persists, why build voice assistants? What are the advantages of having voice assistants? 
  1. The magic of conversational interfaces is that users don’t have to learn how to use them. Alexa skill (android app) should leverage the power of natural language understanding to adapt to the user’s word choices, instead of forcing them to memorize a set of commands. 
  2. As someone said, “Don’t play the odds, play the man”. The voice assistant will be able to do that as voice search keywords are normally longer than text search which is why they are more conversational. 
  3. One of the significant benefits of voice assistants is their machine learning capabilities. The more we interact with these devices, the more the assistants grasp. After a period, they can return highly customized outcomes.
  4. With voice assistants, you can take into account the customer based on who they are and not simply their behavior. While it's still early for personalization of the customer experience through voice assistants, this is tremendous for businesses.
  5. Conversations are classified into two types, single-turn, and multi-turn dialogs.
| Single-turn Vs Multi-turn Dialog with Drupal

Single turn: Dialogs where the conversation ends with one question and one response in return. For example: Asking Alexa to set an alarm, a reminder, play a song, adjust the volume, is not a technical conversation. This is called a single-turn conversation.

Let’s consider an example in context with the Drupal and Alexa module. Here we have created Alexa skill which provides information related to Drupal. The user asks Alexa ‘who is the founder of Drupal?’ she responds ‘Dries’. But when you ask her “Which year it open-sourced?”. Alexa fails to determine the context of the question i.e “Drupal” and treats it as a brand new query. 

A few questions cannot be answered in a single turn. A user may pose a question that should be filtered or refined to determine the correct answer. That is where Multi-turn conversations come in to picture.

  | Dialog Management

Genuine conversations are dynamic, moving among topics and thoughts smoothly. To make conversational Alexa skills, structure for adaptability and responsiveness. Skills ought to have the capacity to deal with varieties of discussion, contingent gathering of information, and switching context mid-discussion. Dialog management makes these regular communications conceivable. - Definition from Alexa docs

| How do you make this work? Create an Alexa skill: 
  • Amazon Alexa skills are equivalent to Android apps. You have to create a custom Alexa skill using the Alexa skill kit (ASK) on the Amazon developer console. 
  • You define an interaction model and point it to your Drupal site.
Interaction model: 
  • With the Alexa Skills Kit, you can create skills with a custom interaction model. 
  • You implement the logic for the skill, and also define the voice interface through which users interact with the skill. 
  • To define the voice interface, you map users' spoken input to the intents your cloud-based service can handle.
Components for Alexa custom skill:
  • Use an invocation name to start a conversation with a particular custom skill. For example, if the invocation name is "Drucom", the users can say “Alexa, open Drucom”.  
  • An invocation name can be called to get things going or you can combine invocation name with intent such as “Alexa, open Drucom, order wine”.
  • Each intent corresponds to something that the Alexa skill is capable of doing. Intent can capture the things that your users want to do. You might design intents to capture the details. Each intent in the Alexa skill contains the following:
  1. Intent name
  2. Utterances
  3. Slot (optional)
  • Utterances are nothing but an invocation phrase for intents. Users can express the same intent using different statements. For example, if we were building a help intent, there are different ways one can express that he/she requires help:
  1. I need help
  2. Help me
  3. Alexa, can you help me?
  • The way Alexa works is, it will parse what the user says. It will not just send the raw sentence but it will pass the intent that’s being triggered too. 
  • The utterances you provide to an intent do not have to be perfect which covers all the cases and scenarios, it is training data for Alexa to figure out what the intent here is.

Let's start with implementing the interaction model for the Add to cart functionality.

Step 1:  Create a new skill with Drucom as the skill name
Step 2: Set an invocation name   Step 3: Create an intent

For our interaction model, we will create an intent called AddToCartIntent, which will be responsible for handling the utterances for adding items to the cart. Adding utterances: When users interact with our skill, they may express additional things that indicate what they want to order.

Looking at the above utterances we can say that the AddTocartIntent will only be invoked when the user tries to add Red Wine to cart but it will not invoke if a user tries to add some other product and that's where custom slot types come to the rescue. 

Step 4: Create slot types and using them in AddToCartIntent
  • Glancing through the utterances above, we can identify the two slots that we have to catch i.e productName and quantity.
  • We have to create one custom slot type for productName and will use one built-in slot type AMAZON.number for quantity.
  • Custom slot types are a list of possible values for a slot. They are utilized for a list of things that are not secured by the built-in slot types provided by Amazon.

 

Once we have set up the slot types, it’s time to apply them in our intent. Once you are done with the changes our intent will look something like this:

  Step 5: Activating Dialog management

To activate the dialog, you will have to mark at least one slot as ‘required’.

Slot form - you need to provide the sample prompts which Alexa will use while asking questions to the user,  along with these sample utterances the user might also add a slot value. Now our interaction model for AddToCartIntent is ready.

Conclusion

I have covered what single-turn and multi-turn conversations are, and how multi-turn conversations with Alexa and Drupal are vital. I have also described the steps to create a custom Alexa Skill. In my next blog, we will learn more about Configuring a Drupal site.

anand.toshniwal Tue, 10/01/2019 - 14:01
Categories:

Third & Grove: Should You Jump Ship Before Drupal 9?

Tue, 2019/10/01 - 5:52am

Because of the horror stories of migrating to Drupal 8, you just might be considering other CMS options to finally yourself of the upgrade pains every few years. We hear your concerns but we can promise you this: now is the absolute worst time to jump ship to another CMS.

We’ve reached a remarkable point in Drupal’s evolution: the Achilles heel (upgrades that require major efforts) will be repaired with the release of Drupal 9. That means once you make it to Drupal 8, everything is going to be a hell of a lot easier for you. We’ll do our best to address each of the major concerns below.
 

Categories:

Tag1 Consulting: Drupal Automatic Updates - TagTeamTalk #003

Mon, 2019/09/30 - 9:39pm
Automatic updates are coming to Drupal at the end of October! Long one of the most commonly requested features in the Drupal community, Drupal 7 and D8 will soon have an automatic updater that will allow Drupal installations to stay up-to-date more easily. How does Drupal's new auto updater work, and what do you need to know about it? In this Tag1 Team Talk, we dive into not only Drupal's new automatic updates feature itself but also its architecture, components, and roadmap, as well as why it's such an important part of Drupal's Core Strategic Initiatives. Join moderator Preston So (Contributing Editor, Tag1 Consulting) and guests Lucas Hedding (Senior Architect and Data and Application Migration Expert, Tag1), Tim Lehnen (CTO, Drupal Association), Fabian Franz (Senior Technical Architect and Performance Lead, Tag1), and Michael Meyers (Managing Director, Tag1) for a deep dive into the nuts and bolts of Drupal's groundbreaking automatic updates feature, directly from the module maintainer, and the strategic initiative sponsors including the Drupal Association, MTech, Tag1, and the European Commission. ------------------------------------ Further reading ------------------------------------ Automatic Update - Module https://www.drupal.org/project/automatic_updates Automatic Updates - D7 and D8 Documentation Pages https://www.drupal.org/docs/7/update/automatic-updates https://www.drupal.org/docs/8/update/automatic-updates Automatic Updates - Issue Queue https://drupal.org/project/issues/automatic_updates To provide your... Read more michaelemeyers Mon, 09/30/2019 - 12:39
Categories:

OpenSense Labs: Roles Facilitating Successful Drupal Development

Mon, 2019/09/30 - 2:00pm
Roles Facilitating Successful Drupal Development Shilpi Mon, 09/30/2019 - 17:30

All about Drupal development and the people behind.

More and more businesses look for Drupal developers as the market has been skyrocketing for the past decade. Drupal has emerged to be an enterprise-level content management system compared to rivals Wordpress and Joomla.  

As Drupal development involves various segments, there is always a scope of confusion regarding skill sets and responsibilities. We, at OpenSense Labs, comprise of Drupal Developers, Architects, Themers and Back-end experts. All of us lay the foundation for any project we pursue. 

Welcome to our first of the three series articles on Drupal developers. Let’s dive in and understand the distinct categories and their skills which make Drupal development a success. 


The entire development process in Drupal comprises of various segments which contribute equally to the overall well-being of the website. From laying the foundation of the website to providing it a UX-friendly design, it is collaboration at its peak. Let us decode every single role here:

Drupal Site Builder 


Site building is the core Drupal competency which is much needed for the site creation. It includes, getting Drupal up and running, and configuring the options to build a full-fledged functional website.

One of the most rewarding features of site-building is that a Drupal site builder approaches building sites with the only point and click on the admin UI (user interface), without writing a single line of custom code.  Site Builders are known to lay the foundation of any Drupal website. 

Meaning, they build the taxonomy, content types, image presets, lists with views, layouts, menus, rules and setting up roles and permissions.

By understanding, a completely functional Drupal website is curated with a lot of  Drupal core and contributed modules (such as References, Scheduler, and Automatic Nodetitles). A site builder has a sound experience of these core and contributed modules.

They have the skills to play with a combination of modules, along with the limitations which might result in resolving a respective problem or a set of problems. Every module in itself is grounded to some capabilities which the site builders understand. Except for the earlier mentioned, the site builders also have:

  • The general understanding of the working of the web, installation of dynamic web applications are the important prerequisites for Drupal site-building. In addition to that, familiarity with HTML, CSS with a code understanding is an aid.
     
  • Can install and setup Drupal manually or by using an application or a service, configure core, add new features and evaluate the contributed modules.
     
  • Capable to test out the configuration changes before deploying or configuring them on a live website.
Drupal Themer


A Drupal themer, also known as a Front-end developer has a seat in between the designer and the developer. They are the specialist in front-end designing and development and are responsible for maintaining the implementation of the client-facing architecture of an application or a website. Along with HTML, CSS expertise, they know:

  • Front-end technologies like Javascript, JQuery and AngularJS.
     
  • Basic theming skills like installing themes, creating sub-themes, and tweaking sub-themes with CSS and custom template files. They use some PHP in template files and in Drupal 8, Twig is used for templating.
     
  • They have expertise in the Drupal theme layer. They ought to have the capacity to take a design and transform it into a functional issue like implementing responsive design.
     
  • The expert front-end developers create "glue code" modules or functions in PHP that expose configuration options to site builders. 
Drupal Backend Developer

A click on the front-end is of no-use if there is no functionality implementation in the backend. A backend developer writes the code that hooks distinct sections altogether for the proper functioning of an application as a whole.

Also known as the Drupal Module Developer, they are proficient coders who write a lot of code in PHP and other server-side languages. The backend developers in Drupal are fully aware of the basic site building architectures and best practices. In addition to that they are:

  • Well versed in creating and executing the new modules. They are also adequately equipped to customize and extend the existing Drupal modules.
     
  • Involved in the advanced side of theme layers, automated tests, consume web services, automated deployment, etc.
     
  • Along with the knowledge of HTML, CSS, JS/JQuery and JavaScript, a clear and in-depth understanding of back-end tools like PHP and MySQL.
     
  • For D8, they know the concepts related to architecture and planning, development of custom modules and D8 performance and security concerns. 
Drupal Architect

Drupal architect has an understanding of complete project architecture and they provide the direction to the project path. A lead role in the Drupal development process, a Drupal architect performs backend development, various front-end tasks and theming in the project. Following is the must-have skills for a Drupal architect:

  • Strong understanding of front-end and back-end development tools and other web development aspects.
     
  • Well-versed with the optimization of Drupal.
     
  • Highly proficient in languages such as PHP, SQL, JQuery, and CSS.
     
  • Well versed with the implementing tools like Varnish, GeoIP, Commerce, Ubercart, Solr, and CRM integration, to name a few.
Drupal DevOps/Sysadmin Engineer

DevOps is known with a variety of definitions as a culture, trends, perspective, etc. A Drupal DevOps Engineer wields the tasks of both software development and information technology operations. They run the live stack and deploy Drupal websites from the development environment to the live server environment. Additionally, a DevOps Engineer handles performance-related hurdles that might interrupt business operations or cause any sort of harm, such as setting up Varnish, CDN, and Memcache, etc. 

Following are the skills of a Drupal Sysadmin that every Drupal ecosystem requires:

  • Linux is a mandate for a Drupal DevOps engineer, that includes proficiency in managing the Linux servers, an expert in internals and Linux Kernel working.
     
  • Bash Scripting, Continuous Integration (CI) so as to automate the time-consuming and repetitive tasks in the application development process, like deployment on the server, backups, restores, refreshes of the databases, etc. 
     
  • Hands-on in automation technologies such as Chef, Puppet, Ansible, etc. for configuration management and deployment.
     
  • A DevOps Engineer needs to be capable of performing multifaceted roles, such as Site Reliability Engineer (SRE), Build Engineer (BE), System Operations Engineer (SOE), Database Administrators (DBA).
     
  • Solid understanding of Infrastructure as Code (IAC) in order to manage the networks, virtual machines, load balancers, and connection topology in a descriptive model for source code versioning.
Drupal QA Engineer

The profile which imitates as an end-user and has the skills of a developer is a Drupal QA engineer. This profile ensures the quality of product deliveries. They run the manual as well as automated tests to meet quality thresholds. 

To ensure quality delivery of projects, a Drupal QA engineer develops corrective action programs as a part of the Quality Assurance process. Following are the must-have skills for a Drupal QA engineer:

  • Sound understanding of the product or industry-specific requirements.
     
  • Experience in testing web technologies. 
     
  • Well versed with Drupal 7 and higher.
     
  • Strong command in various programming languages, such as HTML, CSS, and JS. 
     
  • Ability to document test cases, capture the test result details, setting up an automated test environment, etc.  
Drupal Project Manager/Scrum Master

Also known as the Scrum Master who ensures agile practices in the entire term of the project. They manage and run scrum teams, take responsibility for daily progress in the project to meet project delivery timelines. A quality project manager who acts as a central node between the client and the team while ensuring transparency for both ends. Following are the must-have skills of a Drupal project manager:

  • Skilled in client servicing domain, plus sufficient technical expertise to regulate the workload of the team. 
     
  • Capable to forecast/foretell potential risks and mold the project plan accordingly. 
     
  • Well versed with the content strategy, implementation and other existing, emerging technologies in order to integrate it with the Drupal CMS. 
     
  • Knowledge of SEO and reporting tools like Google Analytics to check how the content is performing across the web.
Drupal Designer

A Drupal designer accelerates the process of user experience (UX) and user interface (UI ), so as to create the best experience for end-users. They know what the technology stack is capable of, thus delivering to design requirements and win over stakeholders before development kicks off. Following are the must-have skills of a Drupal Designer:

  • Knowledge of the capabilities of Twig is imperative for the upcoming Drupal versions.
     
  • Knowledge of HTML, CSS and Javascript.
     
  • A clear understanding of the basics of theme creation and site-building.
Drupal Product Owner

Most of the time, product owners are the clients who have the final sign off of all the project changes. But they can be the people from the drupal development team too. A product owner (PO) comes up with the requirements of a project and has extensive experience in various industrial domains. They work in close coordination with the project managers to prioritize the backlogs. Following are the must-have skills of a Drupal product owner:

  • They should be capable of seeing how things integrate and work together to decide the future or usability of the project.  A clear vision and commitment of a product owner will set up a strong base for a Drupal project.
     
  • Also known as the organizers of the project, they should have excellent communication skills to deliver their message across the application development teams.
     
  • Excellent reporting and record-keeping capabilities to measure the current state of the project. 
     
  • With excellent decision-making skills and the power of managing the business feedback, product owners should be capable enough to drive projects towards its successful completion. 
Content Marketer 

How to market the content so that it delivers the maximum output is the major concern of a content marketer. They own the complete content publishing process and ensures that the content matches with the latest search engine optimization (SEO) and search engine marketing (SEM) practices.  Following are the must-have skills for a content marketer:

  • Well versed with the latest Drupal versions.
     
  • Knowledge of administration functions and perform changes that don’t require any coding related upgradations in the project. 

So we saw, similar to other web development life cycles, projects developed under the Drupal roof requires a range of roles streamlining the seamless process of building and support of the Drupal website and applications. 

Stay tuned for more!

Conclusion

Drupal has brought a major paradigm shift by being a leading content management system for enterprise-level organizations. A successful Drupal website is powered by a list of different roles having substantial knowledge and skills of the platform. 

Want to join the Drupal league? There are seemingly unlimited opportunities for a person who is crazy about Drupal. With over 15+ years of experience in the Drupal community, we at OpenSense Labs are the growth-bound team of architects, developers, designers, themers and more.

We love contributing to resolve community hurdles and help escalate the potential of Drupal as an Enterprise Content Management System. Let's speak for your enterprise needs at hello@opensenselabs.com

Or you can connect with us on our social media channels: Facebook, LinkedIn, and Twitter.

blog banner blog image Drupal 8 Drupal Drupal development Backend Developer Drupal Developer Site Builder Themer Content Marketer Drupal DevOps Engineer Drupal Architect Drupal QA Engineer Drupal Project Manager Drupal Designer Drupal Product Owner Blog Type Articles Is it a good read ? On
Categories:

Lullabot: Lullabot Podcast: 31 Days of Drupal Migrations with Mauricio Dinarte

Fri, 2019/09/27 - 9:52pm

Matt and Mike are joined by Mauricio Dinarte, who recently completed his "31 Days of Drupal Migrations' series, as well as migration-expert April Sides.

Categories:

Srijan Technologies: Essential Drupal SEO Modules to Boost Traffic On Your Website

Fri, 2019/09/27 - 6:30pm

Search engine optimization (SEO) is the chief ingredient in preparing the recipe of top ranking on Google. SEO assist websites in acquiring traffic from organic, natural, or editorial search engine results. There are several other factors also that affects the ranking of the website, such as quality of content, site loading time, backlinks, and responsive designs.

Categories:

Agiledrop.com Blog: Interview with Lullabot’s Cristina Chumillas, co-organizer of the Drupal Admin UI and JavaScript Modernization initiative

Fri, 2019/09/27 - 11:22am

For our latest interview, we chatted with Cristina Chumillas, designer, and front-end developer at Lullabot and one of the organizers of Drupal's Admin UI and JavaScript Modernization initiative. Give it a read to learn more about Cristina, the supportive and welcoming attitude of her colleagues at Lullabot, and her work on modernizing Drupal's administration UI.

READ MORE
Categories:

qed42.com: Recap of my DrupalCamp Pune 2019 experiences

Fri, 2019/09/27 - 7:28am
Recap of my DrupalCamp Pune 2019 experiences Body

Recording my experiences of Drupal Camp Pune before they fade away. If you are connected with me on twitter, you must have seen a spike in my tweets over the weekend of 14th-15th September 2019. 

I was privileged to attend this 2-day event and want to admit that my experience of co-presenting a workshop, attending several amazing sessions, meeting old friends and new was great. Had the chance to meet a lot of people from the Drupal community, who were earlier only familiar to me via their usernames. The diversity of the sessions was really impressive. #DCP19 contained sessions for Backend, Frontend Devs, Quality Analysts, Managers, Students, Community, etc. ranging from Beginners to Experts levels.

Being a co-organizer of a Drupal event earlier, I knew how important it was to get the audience on the day of the event. The attendance was more than what was expected for both the days. This was a good sign for the event organizers.

| Keynote

Undoubtedly, the star of the event was none other than Mr. Preston So. It was great to interact with him. I had initially expected his keynote to be around Gatsby. Instead, his topic was a broader one, he highlighted the transition from Content Management systems to Content Management Stack.

 

He also showed how modern applications are being developed and the role of Drupal & Gatsby in it. His keynote sparked a thought in my head around how applications can be developed and what is the way forward. I would like to share a couple of non-technical highlights of his prenote:

  • Preston started his keynote in Hindi and everyone in the auditorium was in awe. He truly is a master of languages.
  • He gave references to the Bollywood movie “Sui Dhaaga” for explaining the challenges developers face in our day-to-day lives.
  • He gave away 2 copies of his book “Decoupled Drupal in practice”.
  • Preston also shared his love for India, especially Mumbai.

Post the Keynote, Preston was surrounded by people and he was busy answering dozens of questions (I was a part of that group). Questions ranged from technical aspects of Drupal, Gatsby, to him learning so many languages, etc.

| Drupal India Association

 

The Drupal India Association board members addressed the audience, where they showcased brand new the DIA logo designed by QED42’s design team! For more updates around DIA follow their twitter handle - @india_drupal

| Drupal in a Day

A massive part of my role at #DCP19 was to co-present a 5 hour  “Drupal in a Day” workshop for the students. I co-presented with Nitesh Sethia & Meena Bisht, training and educating students who hadn’t heard of Drupal, around concepts like Opensource, Drupal, community, etc. Students gained hands-on experience with Drupal through:  

  • Familiarization of Drupal concepts 
  • Installing all prerequisites and Drupal itself
  • Introduction to the basic building blocks of Drupal like Content Types, Fields, Blocks, Menus, Views, etc.

We also spoke about the Drupal Campus Ambassador Programme which aims to bridge the gap between students and the Industry.

 

One of my favourite moments from the workshop was the attendee’s reactions when they witnessed the power of Views. They were amazed at how Views can be used to fetch data we want from the database and display it according to our needs. The responses and students eagerness to learn more new topics was a really satisfying experience.

| Sponsors

Sponsors are one of the building blocks in making DrupalCamps successful! This year we had 6 sponsors. 

 

QED42 was the platinum sponsor for DrupalCamp Pune 2019. We were not only the sponsors but were also the organizers for the event. QED42’s booth, vibrant standees, Quizzes around Drupal, JavaScript, Machine Learning, and Hackathon appealed to the students and event attendees. We also carried out an internship drive for students. QED42 is known in the Drupal community for its designs and goodies, this year we had T-shirts, stickers, notepads, and designed quiz cards as giveaways.  

| After-Party!

Day one was tiring and about to get over, and we received an update regarding the After-party from the @drupalcamppune twitter handle!  

The after-party was one of the memorable moments of #DCP19 wherein I had numerous great conversations. I met a lot of people informally and got to know the jolly side of their life. I was so engaged in the conversations that I totally missed the dance floor. We reminisced memories from our past Drupal events, the current event and discussed future events too. Sharing a few snaps from the party at the end of this blog. Since I was caught up with “Drupal in a Day” workshop on the first day, I missed most of the sessions presented on that day. You can find out more about the sessions here - http://camp2019.drupalpune.com/accepted-sessions. However, I was lucky to attend sessions on the second day. Here are some sessions I loved: 

1. Multi-turn conversations with Alexa” — Anand Toshniwal

 

The demo amazed the audience and received loud applause. Anand had set up a Drupal e-commerce store and he showcased how he could place an order with Alexa via a Multi-turn dialog. PS: Reach out to me for the recorded video of the demo! 

2. “Pixel Perfect Web” — Kiran Kadam

 

Filled with Frontend enthusiasts, Kiran Kadam spoke passionately about what pixel-perfect web is and how to achieve it. 

3. “Effective storytelling with Clients and Teams” — Nikhil Anant

 

Nikhil shared his experience of visiting Manali and the challenges it brought with it, describing how things can be explained in the form of stories for effective team communication.

4. “Making Front-end Testing Easier using Visual Regression” — Ambuj Gupta and Kanchan Patil

 

Automation is my favorite part in Quality Assurance process, and these guys took it to the next level. 

5. Good UX = Accessible UI design - Nikita Aswani and Asmita Wagh

 

The best thing about the session was the fact that not only QAs but also Developers who were equally interested in implementing A11Y and considered it to be an inseparable part of their web-development practices. 

| DrupalCamp Pune Closing Session

Overall, it was a great event put up by the organizers of #DCP19. The closing session was hosted by Sushyl & Ajit, where we acknowledged the organizing team’s efforts and thanked them for making DrupalCamp Pune a huge success. Right from the swag-kits, keynotes, sessions, speakers, venue, food, after-party, and countless important items, the organizers deserve a huge round of applause. 

Next year, I am looking forward to being a part of the organizing team and experience the excitement of planning DrupalCamp Pune! 

I have collected some pictures from the event and would like to share them with you. 

  | Conclusion

I really appreciate and thank you for taking out time for reading this post. Hope we cross paths at the next Drupal event. #DrupalThanks

jaideep.kandari Fri, 09/27/2019 - 10:58
Categories:

Code Karate: Gatsby Live Preview with Drupal and Gatsby Cloud

Fri, 2019/09/27 - 6:36am
Episode Number: 6

In this episode, you will learn how to set up Gatsby Live Preview with Drupal using Gatsby Cloud. We will walk through how to install and configure the Gatsby Drupal module as well as how to get your Gatsby site working in Gatsby cloud. Using this combination, you will be able to immediately preview your content on your Gatsby site after editing the content on your Drupal site.

Tags: GatsbyJSReactDrupalDrupal 8Drupal Planet
Categories:

Evolving Web: How Content Editors Use the Drupal Layout Builder

Fri, 2019/09/27 - 4:21am

The Layout Builder is one of the most exciting new features in Drupal 8. It's a site building tool that makes it easier to configure how your content is displayed in Drupal. You can use a drag-and-drop interface to combine fields, nodes, and other content, and actually control the layout used to contain that content.

You can also use it to build landing pages from the ground up: creating custom content blocks and placing them where you want in a layout. I was curious about how content editors would react to the Layout Builder interface, and if they would be able to easily build a landing page in this way. I did a short user test at DrupalCon Seattle and the test subject (an experienced Drupal content editor with a lot of patience) had a hard time figuring out where to start.

That's how this comparative study came about. The goal was to see how content editors use the Layout Builder, in the context of creating landing pages. My colleague Annika Oeser created a script and conducted the user testing, my colleagues Michiel Huiskens and Jigar Mehta set up the configuration in Drupal, and Sean Conner at Charles Shwab helped us recruit volunteers for the study.

A lot of work has gone into the Layout Builder already, and the user interface is undergoing constant improvement. This study specifically addresses the use case of content editors creating landing pages using the Layout Builder.

Using the Layout Builder to add a custom block

The Setup

To organize the study, we created a mockup of a simple landing page design. Our main instruction was open-ended: asking participants to create the landing page following the design we provided, and then move some of the content to the top of the page.

We had all the study participants do the task using Drupal with the Layout Builder and, as time allowed, also tested how they used WordPress with Gutenberg and Drupal with Paragraphs to give us some benchmarking.

We created three demos sites:

  • Drupal with the Layout Builder: we configured a landing page content type that has no fields, and the Layout Builder enabled on a per-node basis. The site includes block types to model the content components that appear on the landing page: text, image, call to action.
  • Drupal with Paragraphs: we configured a landing page content type and Paragraph types for the content components, as well as nested paragraph types like "2-column wrapper" to allow the content editors to build the layout
  • WordPress Gutenberg: No custom configuration

The design for the sample landing page

First Impressions

As one participant said, "the biggest question is: 'Where do I create content?'"

Although at first, many participants asked themselves what the difference between a Block and a Section is, they were all able to quickly figure out the model of adding Sections. And they found that selecting the layout for a Section was easy.

Interface for adding sections and blocks

Adding Blocks

Clicking the "Add block" link was obvious to all the participants, and once they found the "Add custom block" link, they had no trouble using this to populate their layout with content. However, along the way, they found a few aspects of the UI confusing:

  • All the participants observed that "When you go to add [a block], it's confusing to have all these options." The "Add custom block" link gets lost, even though it's at the top of the list.
  • Once the user selects "Add custom block", they can guess which block type to use, but it would be nice to have a way to explain the difference between the types. Block type names like "Text", "Call to Action", or "Basic Block" are abstract and hard to differentiate.
  • After adding several custom blocks through the Layout Builder, one user looked for a "Block Library", because he wanted to reuse one of the blocks he had just created.

The list of available block types when adding a block through the Layout Builder.

Editing Blocks

The most common complaint we heard about the block editing interface was about the word "Configure" when editing the content of a block. Content editors look for the word "Edit".

Another thing that content editors found confusing was the "Display title" checkbox next to the title field. Many participants asked "What is [the title] used for if it's not displayed?" In the case of adding custom blocks through the Layout Builder, it seems like the content editor shouldn't have to make this decision. And it would be nice if there was a clear way to indicate to the user what the purpose of this field is if it's not displayed.

Other feedback included:

  • When editing a block, there's no "Cancel" button, only an "Update" button.
  • "When I [double-]click on the content of a block, I feel like it should go into edit mode, like MailChimp."
  • Using this method of having custom block types to construct a landing page, the onus is still on the site builder to configure the fields that are well-labelled and easy for content editors to populate. So we heard feedback like "I would like for the default [text format] to be Full HTML."

Interface for editing a custom block through the Layout Builder

Editing the Layout and Sections

Learning how to use the Layout Builder involves learning new terminology, and how to manipulate the Blocks and Sections. We heard several observations about this experience:

  • One feedback we heard many times was that the links to "Add section" and "Add block" should look more like buttons. This could be helpful because when the participants tried to drag-and-drop blocks on the page, they tried to move blocks into the "Add section" areas, because these look like part of the layout.
  • One user noticed that the "Add section" links "interfered" with her layout. Another user said "'Add section' feels intuitively like a place I should be able to put something."
  • Once a Section is created, it's hard to tell that it's a section, which can add to the initial confusion about the difference between a Block and a Section.
  • Also, when trying to move content from the bottom to the top of a layout, one participant said "It looks like the sections are movable. But I don't know how to select an entire section."
Findings About the Overall UI

Configuring the permissions for content editors to limit what they can do will be key to making the overall interface less distracting and easier to use. Some specific observations about the overall UI:

  • One participant clicked on the "Edit the template for all Landing Page content items instead" link. The interfaces are so similar that it wasn't clear to her what had happened and she continued editing as if she were editing a single landing page node.
  • Having the publishing status more visible on the "Layout" page would be helpful.
  • Having the "Save" link at the bottom of the "Edit" page, and the "Save Layout" link at the top of the "Layout" page seemed disorienting.
  • The fact that your default Layout can't be empty means that you have to have one block in the layout when the content editor first clicks on the "Layout" tab. This block prompted some questions and mild confusion from the content editors.
Comparison with Paragraphs and WordPress Gutenberg

When trying to create the same landing page layout with Paragraphs, participants found:

  • The nested-Paragraphs interface we provided for creating the two-column layout was more confusing and less flexible than the Layout Builder.
  • The Paragraphs interface is more familiar for someone who is used to working with the Drupal fields. Using Paragraphs was faster for creating and editing content.
  • One participant observed that "Paragraphs works well if you have simple content, but once the content and layout is complex, then it gets bloated. I would be curious to see how the Layout Builder handles complex content like that."

Comparing WordPress Gutenberg and the Layout Builder:

  • Participants observed that the two interfaces offer similar features and work in a similar way.
  • With Gutenberg, some of the styling options are hidden, in order to make the interface more sleek, and this can make it harder to find content editing options.
  • Gutenberg provides the flexibility of adding a wide variety of types of content to a landing page, while the Layout Builder allows (and requires) the site builder to pre-define the set of block types that can be added.
What Did We Learn?

One of the most interesting things we learned in the study was the workflow that content editors use. One said "I would like to be able to preview my layout before I start adding content to it. Just like a blank template [that I can send as a preview to my colleagues]." I noticed that some participants created the landing page in two rounds: first adding the content, and then doing another round of work to try and get it styled correctly by using the WYSIWYG and changing block types.

By the end of the testing sessions, all the participants were able to easily add/edit blocks. But getting used to the layout tools and figuring out where to go to add custom blocks in the first place was difficult for all of them. I know that controlling the list of available blocks is on the roadmap for the Layout Builder, and I think this will help immensely.

Although all the editors were able to figure out how to use the "Layout" tab, orienting the whole content editing process around the "Layout" tab would be helpful for editors. As one participant observed: "My habit is to go to the "Edit" tab, but all the useful things are in the "Layout" tab."

Terminology is hard to get right, and even harder to change. I think it's hard because what we call things change depending on what role we play. One very observant participant said "the word 'Block' is throwing me. To me, it should be content. When I have my content editor hat on, I'm looking for a link to add content." Likewise, content editors look for the word "Edit" instead of "Configure".

I hope these findings are useful for understanding how content editors think, and will be helpful for improving the UI of the Layout Builder for this use case. I also hope that site builders and developers can use this input create better configuration and documentation as we start to use the Layout Builder on our projects. As one content editor exclaimed at the end of the testing session "I'm excited about this new feature!"

+ more awesome articles by Evolving Web
Categories:

Tag1 Consulting: A Deep Dive Into Rich Text Editors - TagTeamTalk #002

Fri, 2019/09/27 - 12:31am
Rich text editors are an integral part of content creation and content management workflows, but they can often present challenges for developers when it comes to robustness, extensibility, flexibility, and accessibility. What are some of the considerations you should keep in mind when evaluating rich text editors, especially for mission-critical systems like the application Tag1 is building for a top Fortune 50 company? In this Tag1 Team Talk, we explore the new generation of rich text editors, which are based on a well defined data-structure rather than HTML, but still can export to Markdown or HTML. This allows us to tackle new requirements organizations have, including video embedding, cross-device support, and keyboard-navigable editors. After diving into some of the open-source solutions available in the market, such as Draft.js, CKEditor 5, Quill, Slate, and TapTap, join moderator Preston So (Contributing Editor) and guests Nik Graf (Senior Software Engineer), Kevin Jahns (Real-time Collaboration Systems Lead, Yjs creator), Fabian Franz (Senior Technical Architect and Performance Lead), and Michael Meyers (Managing Director) for an in-depth conversation about why ProseMirror is the best tool for our client’s project requirements. Be sure to check out our related #TagTeamTalk, A Deep Dive Into Real Time Collaborative Editing... Read more michaelemeyers Thu, 09/26/2019 - 15:31
Categories:

Pixelite: How to add sub tabs under the User profile in Drupal 8

Fri, 2019/09/27 - 12:18am

I am writing this quick tutorial in the hopes it helps someone else out there. There are a few guides out there to do similar tasks to this. They just are not quite what I wanted.

To give everyone an idea on the desired outcome, this is what I wanted to achieve:

Example user profile with 2 custom tabs in it.

Before I dive into this, I will mention that you can do this with views, if all that you want to produce is content supplied by views. Ivan wrote a nice article on this. In my situation, I wanted a completely custom route, controller and theme function. I wanted full control over the output.

Steps to add sub tabsStep 1 - create a new module

If you don't already have a module to house this code, you will need one. These commands make use of Drupal console, so ensure you have this installed first.

drupal generate:module --module='Example module' --machine-name='example' --module-path='modules/custom' --description='My example module' --package='Custom' --core='8.x'Step 2 - create a new controller

Now that you have a base module, you need a route

drupal generate:controller --module='example' --class='ExampleController' --routes='"title":"Content", "name":"example.user.contentlist", "method":"contentListUser", "path":"/user/{user}/content"'Step 3 - alter your routes

In order to use magic autoloading, and also proper access control, you can alter your routes to look like this. This is covered in the official documentation.

# Content user tab. example.user.contentlist: path: '/user/{user}/content' defaults: _controller: '\Drupal\example\Controller\ExampleController::contentListUser' _title: 'Content' requirements: _permission: 'access content' _entity_access: 'user.view' user: \d+ options: parameters: user: type: entity:user # Reports user tab. example.user.reportList: path: '/user/{user}/reports' defaults: _controller: '\Drupal\example\Controller\ExampleController::reportListUser' _title: 'Reports' requirements: _permission: 'access content' _entity_access: 'user.view' user: \d+ options: parameters: user: type: entity:userStep 4 - create example.links.task.yml

This is the code that actually creates the tabs in the user profile. No Drupal console command for this unfortunately. The key part of this is defining base_route: entity.user.canonical.

example.user.content_task: title: 'Content' route_name: example.user.contentlist base_route: entity.user.canonical weight: 1 example.user.reports_task: title: 'Reports' route_name: example.user.reportList base_route: entity.user.canonical weight: 2Step 5 - enable the module

Don't forget to actually turn on your custom module, nothing will work until then.

drush en exampleExample module

The best (and simplest) example module I could find that demonstrates this is the Tracker module in Drupal core. The Tracker module adds a tab to the user profile.

Categories:

Palantir: Acquia Engage 2019

Thu, 2019/09/26 - 6:34pm
November 11 - 13, 2019 Hyatt Regency, New Orleans Acquia Engage (Official Site)

We’re excited to once again be sponsoring Acquia Engage. At Engage, today’s most impressive digital leaders share their expertise, their insights, and their secrets to creating customer experiences that truly make a difference.

Join Sr. Director of Consulting, Ken Rickard for a session on the search challenges commonly presented to large organizations and how using an open source solution solves these challenges.

Find the Needle: Federated Search Across 100 Drupal “Haystacks”

The Digital Services team for the state of Georgia (DSGa) run a Drupal 7 platform for over 100 websites. During 2019, they began to transition those sites to a new Drupal 8 platform. Their flagship site, Georgia.gov, needs to search content from across the entire site network. While both sets of sites are hosted on Acquia and use Acquia Search, their Drupal 7 search solution could not incorporate content from the new Drupal 8 sites.

Fortunately, open source software gave them a different option. What we built is called Federated Search, and is freely available on Drupal.org. Using Drupal, Acquia Search, and React, Palantir collaborated with the DSGa and their development partners (Lullabot and MediaCurrent, respectively) to re-launch network-wide search in both Drupal 8 and Drupal 7.

In this session, we’ll explore how Federated Search integrates with Acquia Search and hosting and details for getting started using the application in Drupal 7 and Drupal 8.

  • Date: Tuesday, November 5, 2019
  • Time: 11:00 - 11:45 AM ET
Categories:

Phase2: Making Sense of the Vista Investment in Acquia for the Future of Drupal

Wed, 2019/09/25 - 5:36pm

Yesterday the digital experience world and the Drupal community received the long awaited answer to the question: What’s going to happen with Acquia? when it was announced, first on Bloomberg that Vista Equity Partners would be buying a majority stake in Acquia which it values at $1B. 

Categories:

Specbee: 7 Drupal Security Strategies you need to implement right away! (Includes top Drupal 8 Security Modules)

Wed, 2019/09/25 - 3:16pm
7 Drupal Security Strategies you need to implement right away! (Includes top Drupal 8 Security Modules) Shefali Shetty 25 Sep, 2019 Top 10 best practices for designing a perfect UX for your mobile app

Securing your website is not a one-time goal but an on-going process that needs a lot of your attention. Preventing a disaster is always a better option. With a Drupal 8 website, you can be assured about having some of the top security risks being taken care of by the Drupal security team. 
Drupal has powered millions of websites, many of which handle extremely critical data. Unsurprisingly, Drupal has been the CMS of choice for websites that handle critical information like government websites, banking and financial institutions, e-Commerce stores, etc. Drupal security features address all top 10 security risks of OWASP (Open Web Application Security Project)
Drupal 8 is considered one of the most secure version till date because of its forward-thinking and continuous innovation approach. The Drupal security team had also issued a security bounty program six months before the release of Drupal 8. Through this program, users were invited to test run and find (and report) bugs in Drupal 8. And they even got paid for it! 

Drupal Security Vulnerabilities

It goes without saying that the Drupal community take drupal security issues very seriously and keep releasing Drupal security updates/patches. The Drupal security team is always proactive and ready with patches even before a vulnerability goes public. For example, the Drupal security team released the security vulnerability update - SA-CORE-2018-002 days before it was actually exploited (Drupalgeddon2). Patches and security upgrades were soon released, advising Drupal site admins to update their website.
Quoting Dries from one of his blogs on the security vulnerability – “The Drupal Security Team follows a "coordinated disclosure policy": issues remain private until there is a published fix. A public announcement is made when the threat has been addressed and a secure version of Drupal core is also available. Even when a bug fix is made available, the Drupal Security Team is very thoughtful with its communication. “
Some interesting insights on Drupal’s vulnerability statistics by CVE Details :

 

1. Keep Calm and Stay Updated – Drupal Security Updates    

The Drupal security team are always on their toes looking out for vulnerabilities. As soon as they find one, a patch/Drupal security update is immediately released. Also, after Drupal 8 and the adoption of continuous innovation, minor releases are more frequent. This has led to easy and quick Drupal updates of a better, more secure version. 
Making sure your Drupal version and modules are up-to-date is really the least you can do to ensure safety of your website. Drupal contributors are staying on top of things and are always looking for any security threats that could spell disaster. A Drupal security update doesn’t just come with new features but also security patches and bug fixes. Drupal security updates and announcements are posted to users’ emails and site admins have to keep their Drupal version updated to safeguard the website.

2. Administer your inputs 

Most interactive websites gather inputs from a user. As website admins, unless you manage and handle these inputs appropriately, you are at a high-security risk. Hackers can inject SQL codes that can cause great harm to your website’s data.
Stopping your users from entering SQL specific words like “SELECT” or “DROP” or “DELETE” could harm the user experience of your website. Instead, with Drupal security, you can use escaping or filtering functions available in the database API to strip and filter out such harmful SQL injections. Sanitizing your code is the most crucial step towards a secure Drupal website.

3. Drupal 8 Security How is Drupal 8 helping in building a more robust and secure website? Here are a few Drupal 8 security features - 
  • Symfony – With Drupal 8 adopting the Symfony framework, it opened doors to many more developers other than limiting them to just core Drupal developers. Not only is Symfony a more secure framework, it also brought in more developers with different insights to fix bugs and create security patches.
  • Twig Templates – As we just discussed about sanitizing your code to handle inputs better, here’s to tell you that with Drupal 8, it has already been taken care of. How? Thanks to Drupal 8’s adoption of Twig as its templating engine. With Twig, you will not need any additional filtering and escaping of inputs as it is automatically sanitized. Additionally, because Twig’s enforcement of separate layers between logic and presentation, makes it impossible to run SQL queries or misusing the theme layer.
  • More Secure WYSIWYG - The WYSIWYG editor in Drupal is a great editing tool for users but it can also be misused to carry out attacks like XSS attacks. With Drupal 8 following Drupal security best practices, it now allows for using only filtered HTML formats. Also, to prevent users from misusing images and to prevent CSRF (cross-site request forgery), Drupal 8’s core text filtering allows users to use only local images.
  • The Configuration Management Initiative (CMI) – This Drupal 8 initiative works out great for site administrators and owners as it allows them to track configuration in code. Any site configuration changes will be tracked and audited, allowing strict control over website configuration.
4. Choose your Drupal modules wisely

Before you install a module, make sure you look at how active it is. Are the module developers active enough? Do they release updates often? Has it been downloaded before or are you the first scape- goat? You will find all the mentioned details at the bottom of the modules’ download page. Also ensure your modules are updated and uninstall the ones that you no longer use.

5. Drupal Security Modules to the rescue

Just like layered clothing works better than one thick pullover to keep warm during winter, your website is best protected in a layered approach. Drupal security modules can give your website an extra layer of security around it. Some of the top Drupal 8 security modules that you must use for your website –

 Drupal Login Security –

This module enables the site administrator to add various restrictions on user login. The Drupal login security module can restrict the number of invalid login attempts before blocking accounts. Access can be denied for IP addresses either temporarily or permanently. 

Two-factor Authentication –

With this Drupal security module, you can add an extra layer of authentication once your user logs in with a user-id and password. Like entering a code that’s been sent to their mobile phone.

Password Policy –

This is a great Drupal security module that lets you add another layer of security to your login forms, this preventing bots and other security breaches. It enforces certain restrictions on user passwords – like constraints on the length, character type, case (uppercase/lowercase), punctuation, etc. It also forces users to change their passwords regularly (password expiration feature).
 

Username Enumeration Prevention –

By default, Drupal lets you know if the username entered does not exist or exists (if other credentials are wrong). This can be great if a hacker is trying to enter random usernames only to find out one that’s actually valid. This Drupal security module can prevent such an attack by changing the standard error message.

Content Access -

As the name suggests, this module lets you give more detailed access control to your content. Each content type can be specified with a custom view, edit or delete permissions. You can manage permissions for content types by role and author.

Coder -

Loopholes in your code can also make way for an attacker. The Coder module (a command line tool with IDE support) goes through your Drupal code and lets you know where you haven’t followed best coding practices.

Security Kit -

This Drupal security module offers many risk-handling features. Vulnerabilities like cross-site scripting (or sniffing), CSRF, Clickjacking, eavesdropping attacks and more can be easily handled and mitigated with this Drupal 88 security module.

Captcha -

As much as we hate to prove our human’ness, CAPTCHA is probably one of the best Drupal security modules out there to filter unwanted spambots. This Drupal module prevents automated script submissions from spambots and can be used in any web form of a Drupal website

6. Check on your Permissions

Drupal allows you to have multiple roles and users like administrators, authenticated users, anonymous users, editors, etc. In order to fine-tune your website security, each of these roles should be permitted to perform only a certain type of work. For example, an anonymous user should be given least permissions like viewing content only. Once you install Drupal and/or add more modules, do not forget to manually assign and grant access permissions to each role.

7. Get HTTPS

I bet you already knew that any traffic that’s transmitted over just an HTTP can be snooped and recorded by almost anyone. Information like your login id, password and other session information can be grabbed and exploited by an attacker. If you have an e-Commerce website, this gets even more critical as it deals with payment and personal details. Installing an SSL certificate on your server will secure the connection in between the user and the server by encrypting data that’s transferred. An HTTPS website can also increase your SEO ranking – which makes it totally worth the investment.

As the old adage goes - Expect the best but plan for the worst. When it comes to website security, one can never call themselves absolutely secure. Drupal is a very secure content management framework but you will still need to implement better security strategies – for a good night’s sleep. Drupal 8 brings along a whole new bunch of security features for a more robust and secure website. Nonetheless, keeping your website up-to-date with Drupal security updates is indispensable. Writing clean and secure code plays a significant role in your website security.
Choose an expert Drupal development partner who can provide you effective security strategies and implementation services.

Drupal Planet Shefali ShettyApr 05, 2017 Subscribe For Our Newsletter And Stay Updated Subscribe Shefali ShettyApr 05, 2017 Recent Posts Image 7 Drupal Security Strategies you need to implement right away! (Includes top Drupal 8 Security Modules) Image Top 13 questions you may STILL have about Drupal 8 migration (Answers included!) Image How to Manage your Media using the Drupal 8 Media module Explore Our Drupal Services TAKE ME THERE Featured Success Stories

Know more about our technology driven approach to recreate the content management workflow for [24]7.ai

link

Find out how we transformed the digital image of world’s largest healthcare provider, an attribute that defined their global presence in the medical world.

link

Develop an internal portal aimed at encouraging sellers at Flipkart to obtain latest insights with respect to a particular domain.

link
Categories:

TEN7 Blog's Drupal Posts: Kevin Thull: Drupal Archivist

Wed, 2019/09/25 - 3:15pm
If you've ever watched a Drupal Camp or Con session from the comfort of your home, you likely have our guest Kevin Thull to thank. Thull has recorded almost 1700 Drupal sessions, and he keeps looking for more ways to contribute to the Drupal community.
Categories:

Drupalize.Me: Consuming REST APIs with Drupal 8

Wed, 2019/09/25 - 3:00pm
Categories: