Lullabot: Lullabot Podcast: 31 Days of Drupal Migrations with Mauricio Dinarte

Planet Drupal - Fri, 2019/09/27 - 9:52pm

Matt and Mike are joined by Mauricio Dinarte, who recently completed his "31 Days of Drupal Migrations' series, as well as migration-expert April Sides.


Srijan Technologies: Essential Drupal SEO Modules to Boost Traffic On Your Website

Planet Drupal - Fri, 2019/09/27 - 6:30pm

Search engine optimization (SEO) is the chief ingredient in preparing the recipe of top ranking on Google. SEO assist websites in acquiring traffic from organic, natural, or editorial search engine results. There are several other factors also that affects the ranking of the website, such as quality of content, site loading time, backlinks, and responsive designs.

Categories: Blog: Interview with Lullabot’s Cristina Chumillas, co-organizer of the Drupal Admin UI and JavaScript Modernization initiative

Planet Drupal - Fri, 2019/09/27 - 11:22am

For our latest interview, we chatted with Cristina Chumillas, designer, and front-end developer at Lullabot and one of the organizers of Drupal's Admin UI and JavaScript Modernization initiative. Give it a read to learn more about Cristina, the supportive and welcoming attitude of her colleagues at Lullabot, and her work on modernizing Drupal's administration UI.

Categories: Recap of my DrupalCamp Pune 2019 experiences

Planet Drupal - Fri, 2019/09/27 - 7:28am
Recap of my DrupalCamp Pune 2019 experiences Body

Recording my experiences of Drupal Camp Pune before they fade away. If you are connected with me on twitter, you must have seen a spike in my tweets over the weekend of 14th-15th September 2019. 

I was privileged to attend this 2-day event and want to admit that my experience of co-presenting a workshop, attending several amazing sessions, meeting old friends and new was great. Had the chance to meet a lot of people from the Drupal community, who were earlier only familiar to me via their usernames. The diversity of the sessions was really impressive. #DCP19 contained sessions for Backend, Frontend Devs, Quality Analysts, Managers, Students, Community, etc. ranging from Beginners to Experts levels.

Being a co-organizer of a Drupal event earlier, I knew how important it was to get the audience on the day of the event. The attendance was more than what was expected for both the days. This was a good sign for the event organizers.

| Keynote

Undoubtedly, the star of the event was none other than Mr. Preston So. It was great to interact with him. I had initially expected his keynote to be around Gatsby. Instead, his topic was a broader one, he highlighted the transition from Content Management systems to Content Management Stack.


He also showed how modern applications are being developed and the role of Drupal & Gatsby in it. His keynote sparked a thought in my head around how applications can be developed and what is the way forward. I would like to share a couple of non-technical highlights of his prenote:

  • Preston started his keynote in Hindi and everyone in the auditorium was in awe. He truly is a master of languages.
  • He gave references to the Bollywood movie “Sui Dhaaga” for explaining the challenges developers face in our day-to-day lives.
  • He gave away 2 copies of his book “Decoupled Drupal in practice”.
  • Preston also shared his love for India, especially Mumbai.

Post the Keynote, Preston was surrounded by people and he was busy answering dozens of questions (I was a part of that group). Questions ranged from technical aspects of Drupal, Gatsby, to him learning so many languages, etc.

| Drupal India Association


The Drupal India Association board members addressed the audience, where they showcased brand new the DIA logo designed by QED42’s design team! For more updates around DIA follow their twitter handle - @india_drupal

| Drupal in a Day

A massive part of my role at #DCP19 was to co-present a 5 hour  “Drupal in a Day” workshop for the students. I co-presented with Nitesh Sethia & Meena Bisht, training and educating students who hadn’t heard of Drupal, around concepts like Opensource, Drupal, community, etc. Students gained hands-on experience with Drupal through:  

  • Familiarization of Drupal concepts 
  • Installing all prerequisites and Drupal itself
  • Introduction to the basic building blocks of Drupal like Content Types, Fields, Blocks, Menus, Views, etc.

We also spoke about the Drupal Campus Ambassador Programme which aims to bridge the gap between students and the Industry.


One of my favourite moments from the workshop was the attendee’s reactions when they witnessed the power of Views. They were amazed at how Views can be used to fetch data we want from the database and display it according to our needs. The responses and students eagerness to learn more new topics was a really satisfying experience.

| Sponsors

Sponsors are one of the building blocks in making DrupalCamps successful! This year we had 6 sponsors. 


QED42 was the platinum sponsor for DrupalCamp Pune 2019. We were not only the sponsors but were also the organizers for the event. QED42’s booth, vibrant standees, Quizzes around Drupal, JavaScript, Machine Learning, and Hackathon appealed to the students and event attendees. We also carried out an internship drive for students. QED42 is known in the Drupal community for its designs and goodies, this year we had T-shirts, stickers, notepads, and designed quiz cards as giveaways.  

| After-Party!

Day one was tiring and about to get over, and we received an update regarding the After-party from the @drupalcamppune twitter handle!  

The after-party was one of the memorable moments of #DCP19 wherein I had numerous great conversations. I met a lot of people informally and got to know the jolly side of their life. I was so engaged in the conversations that I totally missed the dance floor. We reminisced memories from our past Drupal events, the current event and discussed future events too. Sharing a few snaps from the party at the end of this blog. Since I was caught up with “Drupal in a Day” workshop on the first day, I missed most of the sessions presented on that day. You can find out more about the sessions here - However, I was lucky to attend sessions on the second day. Here are some sessions I loved: 

1. Multi-turn conversations with Alexa” — Anand Toshniwal


The demo amazed the audience and received loud applause. Anand had set up a Drupal e-commerce store and he showcased how he could place an order with Alexa via a Multi-turn dialog. PS: Reach out to me for the recorded video of the demo! 

2. “Pixel Perfect Web” — Kiran Kadam


Filled with Frontend enthusiasts, Kiran Kadam spoke passionately about what pixel-perfect web is and how to achieve it. 

3. “Effective storytelling with Clients and Teams” — Nikhil Anant


Nikhil shared his experience of visiting Manali and the challenges it brought with it, describing how things can be explained in the form of stories for effective team communication.

4. “Making Front-end Testing Easier using Visual Regression” — Ambuj Gupta and Kanchan Patil


Automation is my favorite part in Quality Assurance process, and these guys took it to the next level. 

5. Good UX = Accessible UI design - Nikita Aswani and Asmita Wagh


The best thing about the session was the fact that not only QAs but also Developers who were equally interested in implementing A11Y and considered it to be an inseparable part of their web-development practices. 

| DrupalCamp Pune Closing Session

Overall, it was a great event put up by the organizers of #DCP19. The closing session was hosted by Sushyl & Ajit, where we acknowledged the organizing team’s efforts and thanked them for making DrupalCamp Pune a huge success. Right from the swag-kits, keynotes, sessions, speakers, venue, food, after-party, and countless important items, the organizers deserve a huge round of applause. 

Next year, I am looking forward to being a part of the organizing team and experience the excitement of planning DrupalCamp Pune! 

I have collected some pictures from the event and would like to share them with you. 

  | Conclusion

I really appreciate and thank you for taking out time for reading this post. Hope we cross paths at the next Drupal event. #DrupalThanks

jaideep.kandari Fri, 09/27/2019 - 10:58

Code Karate: Gatsby Live Preview with Drupal and Gatsby Cloud

Planet Drupal - Fri, 2019/09/27 - 6:36am
Episode Number: 6

In this episode, you will learn how to set up Gatsby Live Preview with Drupal using Gatsby Cloud. We will walk through how to install and configure the Gatsby Drupal module as well as how to get your Gatsby site working in Gatsby cloud. Using this combination, you will be able to immediately preview your content on your Gatsby site after editing the content on your Drupal site.

Tags: GatsbyJSReactDrupalDrupal 8Drupal Planet

Evolving Web: How Content Editors Use the Drupal Layout Builder

Planet Drupal - Fri, 2019/09/27 - 4:21am

The Layout Builder is one of the most exciting new features in Drupal 8. It's a site building tool that makes it easier to configure how your content is displayed in Drupal. You can use a drag-and-drop interface to combine fields, nodes, and other content, and actually control the layout used to contain that content.

You can also use it to build landing pages from the ground up: creating custom content blocks and placing them where you want in a layout. I was curious about how content editors would react to the Layout Builder interface, and if they would be able to easily build a landing page in this way. I did a short user test at DrupalCon Seattle and the test subject (an experienced Drupal content editor with a lot of patience) had a hard time figuring out where to start.

That's how this comparative study came about. The goal was to see how content editors use the Layout Builder, in the context of creating landing pages. My colleague Annika Oeser created a script and conducted the user testing, my colleagues Michiel Huiskens and Jigar Mehta set up the configuration in Drupal, and Sean Conner at Charles Shwab helped us recruit volunteers for the study.

A lot of work has gone into the Layout Builder already, and the user interface is undergoing constant improvement. This study specifically addresses the use case of content editors creating landing pages using the Layout Builder.

Using the Layout Builder to add a custom block

The Setup

To organize the study, we created a mockup of a simple landing page design. Our main instruction was open-ended: asking participants to create the landing page following the design we provided, and then move some of the content to the top of the page.

We had all the study participants do the task using Drupal with the Layout Builder and, as time allowed, also tested how they used WordPress with Gutenberg and Drupal with Paragraphs to give us some benchmarking.

We created three demos sites:

  • Drupal with the Layout Builder: we configured a landing page content type that has no fields, and the Layout Builder enabled on a per-node basis. The site includes block types to model the content components that appear on the landing page: text, image, call to action.
  • Drupal with Paragraphs: we configured a landing page content type and Paragraph types for the content components, as well as nested paragraph types like "2-column wrapper" to allow the content editors to build the layout
  • WordPress Gutenberg: No custom configuration

The design for the sample landing page

First Impressions

As one participant said, "the biggest question is: 'Where do I create content?'"

Although at first, many participants asked themselves what the difference between a Block and a Section is, they were all able to quickly figure out the model of adding Sections. And they found that selecting the layout for a Section was easy.

Interface for adding sections and blocks

Adding Blocks

Clicking the "Add block" link was obvious to all the participants, and once they found the "Add custom block" link, they had no trouble using this to populate their layout with content. However, along the way, they found a few aspects of the UI confusing:

  • All the participants observed that "When you go to add [a block], it's confusing to have all these options." The "Add custom block" link gets lost, even though it's at the top of the list.
  • Once the user selects "Add custom block", they can guess which block type to use, but it would be nice to have a way to explain the difference between the types. Block type names like "Text", "Call to Action", or "Basic Block" are abstract and hard to differentiate.
  • After adding several custom blocks through the Layout Builder, one user looked for a "Block Library", because he wanted to reuse one of the blocks he had just created.

The list of available block types when adding a block through the Layout Builder.

Editing Blocks

The most common complaint we heard about the block editing interface was about the word "Configure" when editing the content of a block. Content editors look for the word "Edit".

Another thing that content editors found confusing was the "Display title" checkbox next to the title field. Many participants asked "What is [the title] used for if it's not displayed?" In the case of adding custom blocks through the Layout Builder, it seems like the content editor shouldn't have to make this decision. And it would be nice if there was a clear way to indicate to the user what the purpose of this field is if it's not displayed.

Other feedback included:

  • When editing a block, there's no "Cancel" button, only an "Update" button.
  • "When I [double-]click on the content of a block, I feel like it should go into edit mode, like MailChimp."
  • Using this method of having custom block types to construct a landing page, the onus is still on the site builder to configure the fields that are well-labelled and easy for content editors to populate. So we heard feedback like "I would like for the default [text format] to be Full HTML."

Interface for editing a custom block through the Layout Builder

Editing the Layout and Sections

Learning how to use the Layout Builder involves learning new terminology, and how to manipulate the Blocks and Sections. We heard several observations about this experience:

  • One feedback we heard many times was that the links to "Add section" and "Add block" should look more like buttons. This could be helpful because when the participants tried to drag-and-drop blocks on the page, they tried to move blocks into the "Add section" areas, because these look like part of the layout.
  • One user noticed that the "Add section" links "interfered" with her layout. Another user said "'Add section' feels intuitively like a place I should be able to put something."
  • Once a Section is created, it's hard to tell that it's a section, which can add to the initial confusion about the difference between a Block and a Section.
  • Also, when trying to move content from the bottom to the top of a layout, one participant said "It looks like the sections are movable. But I don't know how to select an entire section."
Findings About the Overall UI

Configuring the permissions for content editors to limit what they can do will be key to making the overall interface less distracting and easier to use. Some specific observations about the overall UI:

  • One participant clicked on the "Edit the template for all Landing Page content items instead" link. The interfaces are so similar that it wasn't clear to her what had happened and she continued editing as if she were editing a single landing page node.
  • Having the publishing status more visible on the "Layout" page would be helpful.
  • Having the "Save" link at the bottom of the "Edit" page, and the "Save Layout" link at the top of the "Layout" page seemed disorienting.
  • The fact that your default Layout can't be empty means that you have to have one block in the layout when the content editor first clicks on the "Layout" tab. This block prompted some questions and mild confusion from the content editors.
Comparison with Paragraphs and WordPress Gutenberg

When trying to create the same landing page layout with Paragraphs, participants found:

  • The nested-Paragraphs interface we provided for creating the two-column layout was more confusing and less flexible than the Layout Builder.
  • The Paragraphs interface is more familiar for someone who is used to working with the Drupal fields. Using Paragraphs was faster for creating and editing content.
  • One participant observed that "Paragraphs works well if you have simple content, but once the content and layout is complex, then it gets bloated. I would be curious to see how the Layout Builder handles complex content like that."

Comparing WordPress Gutenberg and the Layout Builder:

  • Participants observed that the two interfaces offer similar features and work in a similar way.
  • With Gutenberg, some of the styling options are hidden, in order to make the interface more sleek, and this can make it harder to find content editing options.
  • Gutenberg provides the flexibility of adding a wide variety of types of content to a landing page, while the Layout Builder allows (and requires) the site builder to pre-define the set of block types that can be added.
What Did We Learn?

One of the most interesting things we learned in the study was the workflow that content editors use. One said "I would like to be able to preview my layout before I start adding content to it. Just like a blank template [that I can send as a preview to my colleagues]." I noticed that some participants created the landing page in two rounds: first adding the content, and then doing another round of work to try and get it styled correctly by using the WYSIWYG and changing block types.

By the end of the testing sessions, all the participants were able to easily add/edit blocks. But getting used to the layout tools and figuring out where to go to add custom blocks in the first place was difficult for all of them. I know that controlling the list of available blocks is on the roadmap for the Layout Builder, and I think this will help immensely.

Although all the editors were able to figure out how to use the "Layout" tab, orienting the whole content editing process around the "Layout" tab would be helpful for editors. As one participant observed: "My habit is to go to the "Edit" tab, but all the useful things are in the "Layout" tab."

Terminology is hard to get right, and even harder to change. I think it's hard because what we call things change depending on what role we play. One very observant participant said "the word 'Block' is throwing me. To me, it should be content. When I have my content editor hat on, I'm looking for a link to add content." Likewise, content editors look for the word "Edit" instead of "Configure".

I hope these findings are useful for understanding how content editors think, and will be helpful for improving the UI of the Layout Builder for this use case. I also hope that site builders and developers can use this input create better configuration and documentation as we start to use the Layout Builder on our projects. As one content editor exclaimed at the end of the testing session "I'm excited about this new feature!"

+ more awesome articles by Evolving Web

Tag1 Consulting: A Deep Dive Into Rich Text Editors - TagTeamTalk #002

Planet Drupal - Fri, 2019/09/27 - 12:31am
Rich text editors are an integral part of content creation and content management workflows, but they can often present challenges for developers when it comes to robustness, extensibility, flexibility, and accessibility. What are some of the considerations you should keep in mind when evaluating rich text editors, especially for mission-critical systems like the application Tag1 is building for a top Fortune 50 company? In this Tag1 Team Talk, we explore the new generation of rich text editors, which are based on a well defined data-structure rather than HTML, but still can export to Markdown or HTML. This allows us to tackle new requirements organizations have, including video embedding, cross-device support, and keyboard-navigable editors. After diving into some of the open-source solutions available in the market, such as Draft.js, CKEditor 5, Quill, Slate, and TapTap, join moderator Preston So (Contributing Editor) and guests Nik Graf (Senior Software Engineer), Kevin Jahns (Real-time Collaboration Systems Lead, Yjs creator), Fabian Franz (Senior Technical Architect and Performance Lead), and Michael Meyers (Managing Director) for an in-depth conversation about why ProseMirror is the best tool for our client’s project requirements. Be sure to check out our related #TagTeamTalk, A Deep Dive Into Real Time Collaborative Editing... Read more michaelemeyers Thu, 09/26/2019 - 15:31

Pixelite: How to add sub tabs under the User profile in Drupal 8

Planet Drupal - Fri, 2019/09/27 - 12:18am

I am writing this quick tutorial in the hopes it helps someone else out there. There are a few guides out there to do similar tasks to this. They just are not quite what I wanted.

To give everyone an idea on the desired outcome, this is what I wanted to achieve:

Example user profile with 2 custom tabs in it.

Before I dive into this, I will mention that you can do this with views, if all that you want to produce is content supplied by views. Ivan wrote a nice article on this. In my situation, I wanted a completely custom route, controller and theme function. I wanted full control over the output.

Steps to add sub tabsStep 1 - create a new module

If you don't already have a module to house this code, you will need one. These commands make use of Drupal console, so ensure you have this installed first.

drupal generate:module --module='Example module' --machine-name='example' --module-path='modules/custom' --description='My example module' --package='Custom' --core='8.x'Step 2 - create a new controller

Now that you have a base module, you need a route

drupal generate:controller --module='example' --class='ExampleController' --routes='"title":"Content", "name":"example.user.contentlist", "method":"contentListUser", "path":"/user/{user}/content"'Step 3 - alter your routes

In order to use magic autoloading, and also proper access control, you can alter your routes to look like this. This is covered in the official documentation.

# Content user tab. example.user.contentlist: path: '/user/{user}/content' defaults: _controller: '\Drupal\example\Controller\ExampleController::contentListUser' _title: 'Content' requirements: _permission: 'access content' _entity_access: 'user.view' user: \d+ options: parameters: user: type: entity:user # Reports user tab. example.user.reportList: path: '/user/{user}/reports' defaults: _controller: '\Drupal\example\Controller\ExampleController::reportListUser' _title: 'Reports' requirements: _permission: 'access content' _entity_access: 'user.view' user: \d+ options: parameters: user: type: entity:userStep 4 - create example.links.task.yml

This is the code that actually creates the tabs in the user profile. No Drupal console command for this unfortunately. The key part of this is defining base_route: entity.user.canonical.

example.user.content_task: title: 'Content' route_name: example.user.contentlist base_route: entity.user.canonical weight: 1 example.user.reports_task: title: 'Reports' route_name: example.user.reportList base_route: entity.user.canonical weight: 2Step 5 - enable the module

Don't forget to actually turn on your custom module, nothing will work until then.

drush en exampleExample module

The best (and simplest) example module I could find that demonstrates this is the Tracker module in Drupal core. The Tracker module adds a tab to the user profile.


Palantir: Acquia Engage 2019

Planet Drupal - Thu, 2019/09/26 - 6:34pm
November 11 - 13, 2019 Hyatt Regency, New Orleans Acquia Engage (Official Site)

We’re excited to once again be sponsoring Acquia Engage. At Engage, today’s most impressive digital leaders share their expertise, their insights, and their secrets to creating customer experiences that truly make a difference.

Join Sr. Director of Consulting, Ken Rickard for a session on the search challenges commonly presented to large organizations and how using an open source solution solves these challenges.

Find the Needle: Federated Search Across 100 Drupal “Haystacks”

The Digital Services team for the state of Georgia (DSGa) run a Drupal 7 platform for over 100 websites. During 2019, they began to transition those sites to a new Drupal 8 platform. Their flagship site,, needs to search content from across the entire site network. While both sets of sites are hosted on Acquia and use Acquia Search, their Drupal 7 search solution could not incorporate content from the new Drupal 8 sites.

Fortunately, open source software gave them a different option. What we built is called Federated Search, and is freely available on Using Drupal, Acquia Search, and React, Palantir collaborated with the DSGa and their development partners (Lullabot and MediaCurrent, respectively) to re-launch network-wide search in both Drupal 8 and Drupal 7.

In this session, we’ll explore how Federated Search integrates with Acquia Search and hosting and details for getting started using the application in Drupal 7 and Drupal 8.

  • Date: Tuesday, November 5, 2019
  • Time: 11:00 - 11:45 AM ET

Phase2: Making Sense of the Vista Investment in Acquia for the Future of Drupal

Planet Drupal - Wed, 2019/09/25 - 5:36pm

Yesterday the digital experience world and the Drupal community received the long awaited answer to the question: What’s going to happen with Acquia? when it was announced, first on Bloomberg that Vista Equity Partners would be buying a majority stake in Acquia which it values at $1B. 


Specbee: 7 Drupal Security Strategies you need to implement right away! (Includes top Drupal 8 Security Modules)

Planet Drupal - Wed, 2019/09/25 - 3:16pm
7 Drupal Security Strategies you need to implement right away! (Includes top Drupal 8 Security Modules) Shefali Shetty 25 Sep, 2019 Top 10 best practices for designing a perfect UX for your mobile app

Securing your website is not a one-time goal but an on-going process that needs a lot of your attention. Preventing a disaster is always a better option. With a Drupal 8 website, you can be assured about having some of the top security risks being taken care of by the Drupal security team. 
Drupal has powered millions of websites, many of which handle extremely critical data. Unsurprisingly, Drupal has been the CMS of choice for websites that handle critical information like government websites, banking and financial institutions, e-Commerce stores, etc. Drupal security features address all top 10 security risks of OWASP (Open Web Application Security Project)
Drupal 8 is considered one of the most secure version till date because of its forward-thinking and continuous innovation approach. The Drupal security team had also issued a security bounty program six months before the release of Drupal 8. Through this program, users were invited to test run and find (and report) bugs in Drupal 8. And they even got paid for it! 

Drupal Security Vulnerabilities

It goes without saying that the Drupal community take drupal security issues very seriously and keep releasing Drupal security updates/patches. The Drupal security team is always proactive and ready with patches even before a vulnerability goes public. For example, the Drupal security team released the security vulnerability update - SA-CORE-2018-002 days before it was actually exploited (Drupalgeddon2). Patches and security upgrades were soon released, advising Drupal site admins to update their website.
Quoting Dries from one of his blogs on the security vulnerability – “The Drupal Security Team follows a "coordinated disclosure policy": issues remain private until there is a published fix. A public announcement is made when the threat has been addressed and a secure version of Drupal core is also available. Even when a bug fix is made available, the Drupal Security Team is very thoughtful with its communication. “
Some interesting insights on Drupal’s vulnerability statistics by CVE Details :


1. Keep Calm and Stay Updated – Drupal Security Updates    

The Drupal security team are always on their toes looking out for vulnerabilities. As soon as they find one, a patch/Drupal security update is immediately released. Also, after Drupal 8 and the adoption of continuous innovation, minor releases are more frequent. This has led to easy and quick Drupal updates of a better, more secure version. 
Making sure your Drupal version and modules are up-to-date is really the least you can do to ensure safety of your website. Drupal contributors are staying on top of things and are always looking for any security threats that could spell disaster. A Drupal security update doesn’t just come with new features but also security patches and bug fixes. Drupal security updates and announcements are posted to users’ emails and site admins have to keep their Drupal version updated to safeguard the website.

2. Administer your inputs 

Most interactive websites gather inputs from a user. As website admins, unless you manage and handle these inputs appropriately, you are at a high-security risk. Hackers can inject SQL codes that can cause great harm to your website’s data.
Stopping your users from entering SQL specific words like “SELECT” or “DROP” or “DELETE” could harm the user experience of your website. Instead, with Drupal security, you can use escaping or filtering functions available in the database API to strip and filter out such harmful SQL injections. Sanitizing your code is the most crucial step towards a secure Drupal website.

3. Drupal 8 Security How is Drupal 8 helping in building a more robust and secure website? Here are a few Drupal 8 security features - 
  • Symfony – With Drupal 8 adopting the Symfony framework, it opened doors to many more developers other than limiting them to just core Drupal developers. Not only is Symfony a more secure framework, it also brought in more developers with different insights to fix bugs and create security patches.
  • Twig Templates – As we just discussed about sanitizing your code to handle inputs better, here’s to tell you that with Drupal 8, it has already been taken care of. How? Thanks to Drupal 8’s adoption of Twig as its templating engine. With Twig, you will not need any additional filtering and escaping of inputs as it is automatically sanitized. Additionally, because Twig’s enforcement of separate layers between logic and presentation, makes it impossible to run SQL queries or misusing the theme layer.
  • More Secure WYSIWYG - The WYSIWYG editor in Drupal is a great editing tool for users but it can also be misused to carry out attacks like XSS attacks. With Drupal 8 following Drupal security best practices, it now allows for using only filtered HTML formats. Also, to prevent users from misusing images and to prevent CSRF (cross-site request forgery), Drupal 8’s core text filtering allows users to use only local images.
  • The Configuration Management Initiative (CMI) – This Drupal 8 initiative works out great for site administrators and owners as it allows them to track configuration in code. Any site configuration changes will be tracked and audited, allowing strict control over website configuration.
4. Choose your Drupal modules wisely

Before you install a module, make sure you look at how active it is. Are the module developers active enough? Do they release updates often? Has it been downloaded before or are you the first scape- goat? You will find all the mentioned details at the bottom of the modules’ download page. Also ensure your modules are updated and uninstall the ones that you no longer use.

5. Drupal Security Modules to the rescue

Just like layered clothing works better than one thick pullover to keep warm during winter, your website is best protected in a layered approach. Drupal security modules can give your website an extra layer of security around it. Some of the top Drupal 8 security modules that you must use for your website –

 Drupal Login Security –

This module enables the site administrator to add various restrictions on user login. The Drupal login security module can restrict the number of invalid login attempts before blocking accounts. Access can be denied for IP addresses either temporarily or permanently. 

Two-factor Authentication –

With this Drupal security module, you can add an extra layer of authentication once your user logs in with a user-id and password. Like entering a code that’s been sent to their mobile phone.

Password Policy –

This is a great Drupal security module that lets you add another layer of security to your login forms, this preventing bots and other security breaches. It enforces certain restrictions on user passwords – like constraints on the length, character type, case (uppercase/lowercase), punctuation, etc. It also forces users to change their passwords regularly (password expiration feature).

Username Enumeration Prevention –

By default, Drupal lets you know if the username entered does not exist or exists (if other credentials are wrong). This can be great if a hacker is trying to enter random usernames only to find out one that’s actually valid. This Drupal security module can prevent such an attack by changing the standard error message.

Content Access -

As the name suggests, this module lets you give more detailed access control to your content. Each content type can be specified with a custom view, edit or delete permissions. You can manage permissions for content types by role and author.

Coder -

Loopholes in your code can also make way for an attacker. The Coder module (a command line tool with IDE support) goes through your Drupal code and lets you know where you haven’t followed best coding practices.

Security Kit -

This Drupal security module offers many risk-handling features. Vulnerabilities like cross-site scripting (or sniffing), CSRF, Clickjacking, eavesdropping attacks and more can be easily handled and mitigated with this Drupal 88 security module.

Captcha -

As much as we hate to prove our human’ness, CAPTCHA is probably one of the best Drupal security modules out there to filter unwanted spambots. This Drupal module prevents automated script submissions from spambots and can be used in any web form of a Drupal website

6. Check on your Permissions

Drupal allows you to have multiple roles and users like administrators, authenticated users, anonymous users, editors, etc. In order to fine-tune your website security, each of these roles should be permitted to perform only a certain type of work. For example, an anonymous user should be given least permissions like viewing content only. Once you install Drupal and/or add more modules, do not forget to manually assign and grant access permissions to each role.

7. Get HTTPS

I bet you already knew that any traffic that’s transmitted over just an HTTP can be snooped and recorded by almost anyone. Information like your login id, password and other session information can be grabbed and exploited by an attacker. If you have an e-Commerce website, this gets even more critical as it deals with payment and personal details. Installing an SSL certificate on your server will secure the connection in between the user and the server by encrypting data that’s transferred. An HTTPS website can also increase your SEO ranking – which makes it totally worth the investment.

As the old adage goes - Expect the best but plan for the worst. When it comes to website security, one can never call themselves absolutely secure. Drupal is a very secure content management framework but you will still need to implement better security strategies – for a good night’s sleep. Drupal 8 brings along a whole new bunch of security features for a more robust and secure website. Nonetheless, keeping your website up-to-date with Drupal security updates is indispensable. Writing clean and secure code plays a significant role in your website security.
Choose an expert Drupal development partner who can provide you effective security strategies and implementation services.

Drupal Planet Shefali ShettyApr 05, 2017 Subscribe For Our Newsletter And Stay Updated Subscribe Shefali ShettyApr 05, 2017 Recent Posts Image 7 Drupal Security Strategies you need to implement right away! (Includes top Drupal 8 Security Modules) Image Top 13 questions you may STILL have about Drupal 8 migration (Answers included!) Image How to Manage your Media using the Drupal 8 Media module Explore Our Drupal Services TAKE ME THERE Featured Success Stories

Know more about our technology driven approach to recreate the content management workflow for [24]


Find out how we transformed the digital image of world’s largest healthcare provider, an attribute that defined their global presence in the medical world.


Develop an internal portal aimed at encouraging sellers at Flipkart to obtain latest insights with respect to a particular domain.


TEN7 Blog's Drupal Posts: Kevin Thull: Drupal Archivist

Planet Drupal - Wed, 2019/09/25 - 3:15pm
If you've ever watched a Drupal Camp or Con session from the comfort of your home, you likely have our guest Kevin Thull to thank. Thull has recorded almost 1700 Drupal sessions, and he keeps looking for more ways to contribute to the Drupal community.

Drupalize.Me: Consuming REST APIs with Drupal 8

Planet Drupal - Wed, 2019/09/25 - 3:00pm

OpenSense Labs: Spirit of new beginnings: Drupal India Association

Planet Drupal - Wed, 2019/09/25 - 1:05pm
Spirit of new beginnings: Drupal India Association Shankar Wed, 09/25/2019 - 16:35 “Drupal is here to stay, it's only getting bigger with the scale of engagements we are in, our wish is for India to Choose to Lead.” - Drupal India Association

“What is the most resilient parasite? Bacteria? A virus? An intestinal worm? An idea. Resilient... highly contagious. Once an idea has taken hold of the brain it's almost impossible to eradicate. An idea that is fully formed - fully understood - that sticks; right in there somewhere.” This is a dialogue from Christopher Nolan’s Inception (2010) that is congruous with different scenarios of life where you are looking forward to new beginnings and working towards that. An idea can make you ponder over a plethora of options to make something great happen. Drupal India Association (DIA) is also a result of the work of brilliant people and their visionary ideas.

Like Drupal Association, which helps the Drupal community across the globe to build, secure and promote Drupal in addition to the funding, online collaboration, infrastructure and education, there was definitely a great value seen in forming a national level association in India. Channelising funds for events or act as a bank of thought leaders or prevention of scheduling conflict would all require a central body. This is exactly what led to the formation of Drupal India Association.

Floating an idea: How DIA came to fruition The idea was to have a central organisation that has an India-wide presence and recognition

The discussions on forming DIA were happening as early as 2012. The idea was to have a central organisation that has an India-wide presence and recognition. The key areas that such a central body would address are:

  • Promotion: Whether you need to organise Drupal-related events (DrupalCamps, DrupalCon, Drupal Training etc.) in India or want to know where should you advertise the events, it can all be streamlined with the presence of a central organisation. You will have access to a wonderful group of thought leaders from the Drupal community of India who can answer your questions related to Drupal promotion. In short, this will be essential to engage the open-source community within India and help the Drupal community in India grow even bigger.
  • Funding: Such a central body can also help simplify the funding process that is imperative to organise large Drupal-related events.
  • Schedule: The window for different Drupal-related events to be scheduled can be easily decided. The question of two or more Drupal events happening concurrently is nullified.

It was only in 2018 when the resolve to plan for a regional chapter strengthened. This was the time when the Drupal community in India came together to chalk out the action plan.

The interest among the Drupal community members in India was palpable.

Efforts started bearing fruits in 2019 when everything fell in place. At Drupalcamp Delhi 2019, the announcement of Drupal India Association as the newly formed organisation was made.

The synergy has developed among the different thought leaders from various agencies, including Vidhatanand (Chief Engagement Officer at OpenSense Labs).

Representatives of different agencies meeting at DrupalCamp Pune 2019 to discuss DIA

There is a hope that Drupal India Association will inspire more such local chapters to be formed. And the Drupal Community is already looking forward to many more associations on similar lines.

The Vision

After all the brainstorming and insightful discussions, DIA is finally here and is here with a mission. Be it the marketers, the agencies or the developers, it has something to offer for everyone.


The primary vision of Drupal India Association is to provide value for the member organisations and the Drupal Community in India. DIA’s emphasis will be on boosting digital innovation using Drupal and enabling more agencies to innovate using Drupal. DIA will be steadfast in its goals of identifying tech events where it can participate and hire a big booth where every member organisation can take part.


Popularising Drupal in India and setting an example to the rest of the world is one of the objectives of DIA. With the help of DIA, marketers will be able to change the way people look at India when it comes to Drupal development and its role in it. DIA will also pave way for India to have a colossal influence over the Gulf and ASEAN (Association of Southeast Asian Nations) regions. Cities in India that were never on the radar of the Drupal community will now be holding Drupal camps and meetups. DIA will be responsible for preparing a calendar of events with the aim of promoting Drupal across different cities in India.


Drupal India Association’s objective is to proliferate Drupal contributions coming from India and will keep working towards it to make a huge impact.


From being just an idea in the incipient stages to being a central body, Drupal India Association has come a long way. It still has a lot to look forward to. A massive country like India shows a lot of promise to make impactful contributions when it comes to increasing adoption of Drupal by more agencies, make Drupal even stronger, and lead the way. Drupal India Association is committed to making it all happen.

Ping us at to know more about Drupal, its remarkable merits and how you can make your invaluable contributions to the growth of Drupal.

blog banner blog image Drupal India Association DIA Drupal Association Drupal community Drupal Drupal 8 Drupal Agency Marketer Drupal Developer DrupalCamp Delhi DrupalCamp Pune Drupal Europe Blog Type Articles Is it a good read ? On

Flocon de toile | Freelance Drupal: Allow visitors to be notified of a new product variation with Drupal commerce 2

Planet Drupal - Wed, 2019/09/25 - 12:54pm

For e-commerce sites offering training or events, an extremely interesting function is to offer visitors to subscribe to the training or event in question in order to be notified as soon as a new session, a new date, is available.


Amazee Labs: Web Maintenance as a Service: Our clients

Planet Drupal - Wed, 2019/09/25 - 9:37am
Our dedicated Global Maintenance Team works diligently with our clients to keep their sites updated, secure, and fresh. In this blog, we’ll outline three common maintenance practices we use to keep our clients happy and their sites running smooth. 

Code Karate: Drupal 8 Override Node Options Module

Planet Drupal - Wed, 2019/09/25 - 7:57am
Episode Number: 235

The Drupal 8 Override Node Options module is a simple module that allows you to set who can edit specific node options when creating or editing nodes. This includes things such as the published checkbox, sticky checkbox, promoted to frontpage checkbox, revision information, and authoring information. This is a useful module for building out a more complex content workflow or perhaps just simplifying the content editing experience on your Drupal 8 site by hiding unneeded node options.

Tags: DrupalDrupal 8Drupal Planet

Hook 42: Drupal Core Initiative Meetings Recap - September 16th-20th, 2019

Planet Drupal - Tue, 2019/09/24 - 10:44pm
Drupal Core Initiative Meetings Recap - September 16th-20th, 2019 Alona Oneill Tue, 09/24/2019 - 21:55

Dries Buytaert: Acquia to receive majority investment from Vista Equity Partners

Planet Drupal - Tue, 2019/09/24 - 2:21pm

Today, we announced that Acquia has agreed to receive a substantial majority investment from Vista Equity Partners. This means that Acquia has a new investor that owns more than 50 percent of the company, and who is invested in our future success. Attracting a well-known partner like Vista is a tremendous validation of what we have been able to achieve. I'm incredibly proud of that, as so many Acquians worked so hard to get to this milestone.

Our mission remains the same

Our mission at Acquia is to help our customers and partners build amazing digital experiences by offering them the best digital experience platform.

This mission to build a digital experience platform is a giant one. Vista specializes in growing software companies, for example, by providing capital to do acquisitions. The Vista ecosystem consists of more than 60 companies and more than 70,000 employees globally. By partnering with Vista and leveraging their scale, network and expertise, we can greatly accelerate our mission and our ability to compete in the market.

For years, people have rumored about Acquia going public. It still is a great option for Acquia, but I'm also happy that we stay a private and independent company for the foreseeable future.

We will continue to direct all of our energy to what we have done for so long: provide our customers and partners with leading solutions to build, operate and optimize digital experiences. We have a lot of work to do to help more businesses see and understand the power of Open Source, cloud delivery and data-driven customer experiences.

We'll keep giving back to Open Source

This investment should be great news for the Drupal and Mautic communities as we'll have the right resources to compete against other solutions, and our deep commitment to Drupal, Mautic and Open Source will be unchanged. In fact, we will continue to increase our current level of investment in Open Source as we grow our business.

In talking with Vista, who has a long history of promoting diversity and equality and giving back to its communities, we will jointly invest even more in Drupal and Mautic. We will:

  • Improve the "learnability of Drupal" to help us attract less technical and more diverse people to Drupal.
  • Sponsor more Drupal and Mautic community events and meetups.
  • Increase the amount of Open Source code we contribute.
  • Fund initiatives to improve diversity in Drupal and Mautic; to enable people from underrepresented groups to contribute, attend community events, and more.

We will provide more details soon.

I continue in my role

I've been at Acquia for 12 years, most of my professional career.

During that time, I've been focused on making Acquia a special company, with a unique innovation and delivery model, all optimized for a new world. A world where a lot of software is becoming Open Source, and where businesses are moving most applications into the cloud, where IT infrastructure is becoming a metered utility, and where data-driven customer experiences make or break business results.

It is why we invest in Open Source (e.g. Drupal, Mautic), cloud infrastructure (e.g. Acquia Cloud and Site Factory), and data-centric business tools (e.g. Acquia Lift, Mautic).

We have a lot of work left to do to help businesses see and understand the power of Open Source. I also believe Acquia is an example for how other Open Source companies can do Open Source right, in harmony with their communities.

The work we do at Acquia is interesting, impactful, and, in a positive way, challenging. Working at Acquia means I have a chance to change the world in a way that impacts hundreds of thousands of people. There is nowhere else I'd want to work.

Thank you to our early investors

As part of this transaction, Vista will buy out our initial investors. I want to provide a special shoutout to Michael Skok (North Bridge Venture Partners + Underscore) and John Mandile (Sigma Prima Ventures). I fondly remember Jay Batson and I raising money from Michael and John in 2007. They made a big bet on me — at the time, a college student living in Belgium when Open Source was everything but mainstream.

I'm grateful for the belief and trust they had in me and the support and mentorship they provided the past 12 years. The opportunity they gave me will forever define my professional career. I'm thankful for their support in building Acquia to what it is today, and I am thrilled about what is yet to come.

Stay tuned for great things ahead! It's a great time to be an Acquia customer and Drupal or Mautic user.