Bounteous.com: Customizing Your Drupal Commerce Forms

Planet Drupal - Thu, 2021/08/12 - 4:43pm
Your digital shopping experience and checkout flow can be as distinctive as your brand. Customizing your Drupal commerce forms through these entry points.
Categories:

Axelerant Blog: Managing Third-Party Authentications In Mautic Plugins

Planet Drupal - Wed, 2021/08/11 - 11:54pm

Learn about standard Authentication-Protocol methods supported in Mautic via the Integration bundle.

Categories:

Axelerant Blog: Axelerant Celebrates Drupal By Giving Back

Planet Drupal - Wed, 2021/08/11 - 11:54pm

Open-source has the power to change the world, but, as we depend on it for democratic innovation, open-source also depends on us to thrive. At Axelerant, we know and own this; hence we’re constantly engaging in different open web communities, including Drupal’s.

Why are we writing this? First of all, we are always keen to shine a light on our team members because our people-first culture makes Axelerant succeed. Second, in a knowledge sharing spirit, we are willing to put out what has worked for us (and what we struggle with) regarding contributing and our community involvement.

We are celebrating Drupal’s 20th Anniversary, and we are proud of being part of that history for over a decade. What better way to celebrate than recognizing and sharing the stories of the people involved, the makers that keep the ball rolling.  

Celebrating our people and the community has been among our values since the beginning. Drupal’s 20th anniversary is one of those occasions where both of these values come together in demonstrating Axelerant’s commitment to be a productive part of the amazing Drupal community through its team.

Here, we want to share a few stories from team members who recently contributed and inspired us with their Drupal journey.

Categories:

Axelerant Blog: Developing a custom CSV validator in Drupal 8

Planet Drupal - Wed, 2021/08/11 - 11:54pm

In our recent project, we had a requirement from one of our clients where we need to validate data in CSV files based on custom requirements. This validated CSV would need to be imported into Drupal 8 into various content types.  

In this article, we will look at the requirement, the library, the architecture of the custom module, the different components of the module with some code samples and finally adding some ideas on how this module can be made more reusable and even contributed.

Introduction

Our client is a well known international NGO with offices worldwide, each with different types of data management systems and frameworks. They wanted a centralized system to manage the data from each of these offices. Having concluded that Drupal 8 was the ideal solution to implement that centralized system, the challenge was to set up a migration pipeline to bring in data from all of the offices and their varying frameworks. Consequently, the files generated by these systems needed to be validated for specific constraints before being imported into our Drupal system.

Categories:

Axelerant Blog: Drupal 9.1 Is Here: Are You Ready to Upgrade?

Planet Drupal - Wed, 2021/08/11 - 11:54pm

As expected, Drupal 9.1 was released on schedule at the closure of 2020. We have already talked about the Drupal 9 release and how it’s a testament to the predictable and reliable nature of the Drupal release cycle. Drupal 9.1 takes a step forward by adding more features and releasing them as predicted.

In this blog, we will be discussing the new improvements and more that will follow. 

Is it worth upgrading?

The Drupal 9.1 stable release was out as expected on Dec 2nd, 2020. We previously advocated that if you are on Drupal 8.9, you needn’t hurry to upgrade to Drupal 9.0 as you would not see many new features. But that’s changed.

Drupal 9.1 adds exciting features and updates along with support for PHP 8 (we have previously written about making Drupal 9 compatible with PHP 8).

It’s also worth upgrading as Drupal 9.1 brings significant changes in the user interface for both sighted users and assistive technology.

Categories:

Axelerant Blog: A Guide To Automated Testing With Drupal And Applitools

Planet Drupal - Wed, 2021/08/11 - 11:54pm

Traditionally, Drupal web applications are built using various entities like Content types, blocks, components using Layout Builder, and then the product is made available to the end-user on the front-end using HTML, CSS and JavaScript. The team usually starts with backend stories related to building various content types, related roles, and permissions, and then the frontend team picks it up to make the site more usable and accessible as per the design requirements. 

Of course, with component libraries like Storybook, Fractal, PatternLab, and with designs in place, the frontend team can start implementing them as component libraries in parallel, which are later integrated with Drupal. 

In this blog, we will be talking about testing the application.

By using Applitools Ultrafast Test Cloud, you would be able to execute the automated visual validation tests across several browsers, operating systems, and devices of your choice and at lightning speed as although the test runs once on, say Chrome (assuming Chromedriver is configured in the tests), the capturing of the pages occurs in parallel, in the background for all the configured browsers and viewports.

Signup for a free account with Applitools and feel free to clone this repository to try it out on your own. Integrate automated visual validation tests in your project that will help you build and release visually perfect web applications or websites confidently at a faster rate.

Categories:

Axelerant Blog: Upgrade Drupal to PHP 8: Compiling extensions

Planet Drupal - Wed, 2021/08/11 - 11:54pm

In the last article, we discussed the changes required to get Drupal 9.1 running on PHP 8. At that time, we got the Drupal 9.1 dev release working on PHP 8.0.0 RC4 with a few patches. Since then, a lot has changed with many of those patches being committed and Drupal 9.2 dev open for development. But we’ll talk about all of that at a later date. Today, let’s look at getting some of the common PHP extensions and configure it to run with Drupal.

We left off at a point where we have plain Drupal 9.1 running on a plain PHP 8 RC4 setup. Drupal doesn’t require any extensions, not in PHP core, and that means we only had to enable extensions like gd, MySQL, and others to have Drupal 9.1 running. With that, we were able to install Umami and use the site without any problems at all. To enable those extensions, we only needed our docker-php-ext-enable script, which is part of the PHP base Docker imageSee the Dockerfile in the reference repository for the source code (lines 41-52). Installing other extensions that are not part of the PHP core is not quite that simple. Think of it this way: if a module is present in Drupal core, you can install it right after downloading Drupal. But if it is a contrib module, you have to download and install it separately. It’s the same thing with PHP extensions.

Why test with extensions?

Just as you probably wouldn’t have a Drupal site with at least one contrib module, you probably wouldn’t have a PHP installation without a few of the common extensions. Drupal core utilizes some of these extensions when they are available (such as APCu and YAML), which yields better performance. This means that even though the extensions are not technically required, you would most likely have them.

Categories:

Axelerant Blog: A Complete Overview of Drupal Migration & More

Planet Drupal - Wed, 2021/08/11 - 11:54pm

With the launch of Drupal 9 in June 2020, the topic of Drupal migration is fresh on everyone’s mind. We will be delving deeper into the nitty-gritty around the topic in this blog. 

Migration is the process where the content from the old site, converted into the desired format and is saved in the new site. Sometimes, migration is a simple activity of mapping the source content to the destination content types and sometimes, it is a bit more complicated.

Let's take a comprehensive look at the Drupal migration process in context to the recently launched Drupal 9, and what’s involved in migrating from different versions. Here's what we will be discussing about:

01. Drupal 7, 8, and 9

02. Migrating Then and Now

03. Drupal to Drupal Migration

04. Migration from external sources

05. What’s More?

Categories:

Axelerant Blog: Using Context in Site Studio to drive Drupal Site Personalization

Planet Drupal - Wed, 2021/08/11 - 11:54pm

Personalization has started to become a common requirement for most websites. The content of a webpage needs to be personalized based on multiple criteria such as location, user preferences, personal user information, different cookies, etc. 

We will be covering the type of personalization in this document, where a single page caters to multiple audiences/user types.

The integration between the context and Site Studio module and how it helped us personalize Site Studio pages demonstrates the power of the context module.

It gives us enough details to think about its use in other major contributed modules and also possibly think about an alternative way of solving personalization problems in general (outside of Site Studio), which works end to end. Do try this with your projects and let us know your experience! 

Categories:

Drupal Association blog: Meet one of our 2021 Discover Drupal Students, Nadia Faucon

Planet Drupal - Wed, 2021/08/11 - 11:19pm

After over a year of planning, the Discover Drupal 2021 student cohort began their journey in July! This year we have eight students. We will be highlighting each student who has opted in to share their personal journey. This month we welcome Nadia Faucon as our featured student! 

Nadia currently lives in Arizona and is completing the Discover Drupal site-builder pathway.  She joined the program with some experience using Drupal 7 as a website technician for 3 years. Below is a brief interview with Nadia.

Tell us a little about you.  What are your hobbies and interests?
I enjoy traveling abroad and within the US, I visited 7 Countries and 6 States and still have plenty to visit. I enjoy cooking, hosting parties with my amazing friends who are from different cultures and backgrounds, and attending cultural events.

What is your ultimate goal in learning Drupal?
Obtain a Drupal Acquia Certification Site Builder, Front end Developer, and start building my portfolio.

What are you most excited about regarding this program?
The program is taught by a panel of Drupal experts like Mediacurent, Evolving, and Drupal Easy.  More than 20 Mentors at our disposition to help us learn and grow. Isn't that amazing!!! I feel so lucky to be part of this program and grateful for the opportunity!!!!!!

Where would you like to take your career in Drupal?
I’d like to be able to do freelance work for Drupal agencies and give back to the Drupal community by sharing the knowledge I learned and learn more from other Drupal experts.

If you see Nadia online in Drupal Slack or at any upcoming Drupal events, please give her a warm welcome.  Her Slack user name is Nadia Faucon. 

Thank you to our Partners and Sponsors

We want to thank our founding partner, Kanopi Studios, and especially Allison Manley for her hard work and dedication to the program.  We also want to thank our platinum sponsors: Lullabot and Elevated Third for the financial support that has been instrumental in launching this program.  Finally thank you to our excellent training partners, Drupal Easy, Evolving Web, Mediacurrent, and Drupalize.me .

If you’d like more information about the program or would like to become a supporting donor, please reach out to us a drupaltalent@association.drupal.org

Categories:

Golems GABB: HTTP caching and response headers in review

Planet Drupal - Wed, 2021/08/11 - 4:57pm
HTTP caching and response headers in review Editor Wed, 08/11/2021 - 17:57

The importance of web page loading time is undoubted. Website speed optimization is able
to boost user experiences, improve customer loyalty, reduce bounce rate, increase conversions, and take your website to better positions in SERP.

When it comes to speed optimization techniques, the use of HTTP caching is a very important one that every developer knows about. Little but very important caching “assistants” are HTTP headers. Today, we will discuss the role of HTTP caching in speed improvement, what HTTP headers are, and take a special tour of cache-related HTTP response headers.

Categories:

Lullabot: Progressive Decoupling Made Easy

Planet Drupal - Wed, 2021/08/11 - 4:42pm

Decoupling separates the system that store

Categories:

Drupal Diversity & Inclusion: Less than 48 hours left until DDI Camp!

Planet Drupal - Tue, 2021/08/10 - 10:13pm
Less than 48 hours left until DDI Camp! Alex Laughnan Tue, 08/10/2021 - 13:13
Categories:

Drupal In the News: Drupal Steward expands availability after successful pilot year

Planet Drupal - Tue, 2021/08/10 - 1:59pm

The new security firewall from the Drupal Association is already protecting thousands of sites, and is now available to any Drupal site owner.

After a successful first year, the Drupal Association’s web application firewall, Drupal Steward, is launching a new community tier, making the enhanced security available to all Drupal site owners. 

Drupal Steward provides Drupal-built websites with an additional level of security, bridging the gap between the time when a security release is announced and a site is fully updated with the new security patch. This gives IT teams flexibility to implement site updates on their own timeline, without disrupting other priorities. 

"Acquia hosts the most demanding Drupal applications for global enterprises," said Robert Former, Chief Information Security Officer at Acquia. "Our participation in Drupal Steward provides them with a valuable layer of additional security that helps ensure that any vulnerabilities are handled quickly, without disrupting application in production. Acquia's support for this important program also supports all Drupal users, benefiting all in the community."

The globally distributed service provides seamless, immediate protection by routing a website’s domain to Drupal Steward, which automatically filters requests through the firewall. Any malicious requests are automatically blocked, giving IT teams the time they need to test and implement security updates.

New community tier extends protection to all Drupal site owners

Drupal Steward’s founding partners, Acquia and Pantheon, have implemented Drupal Steward protection across their entire platforms, protecting thousands of sites worldwide. Both founding partners have renewed their participation, and their support has made it possible for the Drupal Security Team and the Drupal Association to launch a new community tier of the program. This new tier makes Drupal Steward protection available to any Drupal site owner, with affordable pricing on a sliding scale based on the number of requests a particular site receives. 

How to sign up for Drupal Steward protection

Site owners who would like to join the community tier can sign up for Drupal Steward by creating an account on drupalsteward.org, where they’ll also find a calculator to estimate pricing. Drupal agencies can also purchase protection on behalf of their clients, enhancing the security service they provide and giving their clients peace of mind that their data and end customers are protected from malicious actors.

Thank you to our founding and supporting partners

The Drupal Association and the The Drupal Security team would like to thank our platform partners, Acquia and Pantheon, as well as our supporting partners, whose support of the Drupal Association makes them eligible to offer Drupal Steward to their clients at preferred pricing levels. Their early support has made it possible for us to launch the community tier and make Drupal Steward more widely available.

Closing the gap between patch release and the time it takes an IT team to respond has been one of the last hard problems in working with open source software. Drupal Steward not only solves that, so that IT leaders who depend on Drupal can sleep soundly. 
Tim Lehnen - Drupal Association, CTO 

About Drupal Steward

Drupal Steward is a web application firewall that protects sites from breaches in the vulnerable time between when a security release is announced and a patch can be implemented. The globally distributed service provides immediate, affordable protection while giving IT teams the flexibility to address vulnerabilities on their own time — without needing to be on-call or working overtime to stay ahead of hackers. Funding from Drupal Steward directly supports the Drupal Association and its mission to help the global Drupal community build with and contribute to the Drupal platform. 

About Drupal and the Drupal Association

Drupal is the open source digital experience platform used by millions of people and organizations around the world, made possible by a community of 100,000-plus contributors and equipping more than 1.3 million users with resources and support on Drupal.org. The Drupal Association is the nonprofit organization focused on accelerating Drupal, fostering the growth of the Drupal community, and supporting the project’s vision to create a safe, secure, and open web for everyone.

###

For more information contact Tim Lehnen, drupalsteward@association.drupal.org

Categories:

Consensus Enterprises: Easy commit credits with migrations, part 1: Migrating Drupal Core

Planet Drupal - Tue, 2021/08/10 - 11:00am
Why you should care about contrib migrations, running a core migration, and a Drupal.org proposal.
Categories:

OpenSense Labs: Drupal: Extricating the Nonprofits from digital stagnation

Planet Drupal - Tue, 2021/08/10 - 8:45am
Drupal: Extricating the Nonprofits from digital stagnation Maitreayee Bora Tue, 08/10/2021 - 12:15

Every nonprofit organization is established with some definite goals and objectives that it opts to achieve. But are the nonprofits able to achieve their set up goals without facing any challenges? Not really. In this highly competitive world, these organizations find themselves struggling in finding ways to turn their vision into reality. So, in a situation like this, digital innovation can be the savior for the nonprofits. Updating to the latest technology is the smartest step a nonprofit can take to justify its organization’s mission, also successfully accomplishing the expected results and outcomes. Therefore, in this article we will discover how Drupal can pave the way to greater success in a nonprofit organization. 

The emerging need for nonprofit digital transformation 


There are various angles to a digital transformation that it can be difficult for nonprofits that have been using similar IT systems for years. It is totally comprehensible to not know exactly where to start your digital transformation journey, or how each new technology will be beneficial to your organization. Therefore, these are the areas where your organization can be improved by adopting digital transformation. 

Building a digital first donor funding strategy

Digital transformation helps in availing innovative user experiences that enable in meeting new digital expectations of the nonprofit organizations. Modern technology has entirely transformed the digital expectations for employees, donors and other beneficiaries. Digital interaction is made easy by the help of smart devices, mobile apps, social media, artificial intelligence, Internet of Things and ecommerce that are majorly beneficial for these organizations. Online portals can be built for beneficiaries to contact the nonprofits, providing full transparency that would encourage the donors to contribute, making an easy access to organization services leading to trust building. Therefore, all these experiences bring a positive impact on the various fundraising programs conducted by the nonprofits to improve the user engagement and satisfaction. 

Online strategies can be developed to enhance the donors’ participation and reach them on their preferred channels to let them witness a great experience with the nonprofit organizations. 

There is an example, where Accenture helped a national microfinance organization on donor analytics by facilitating data capacities and advanced insights. The nonprofit gained various benefits like immediate visibility into donor demographics, improved funding behavior, lifetime value and many more. 

Empowering employees by using digital tools 

The COVID 19 brought a major transformation in the field of digital technology. There was a complete shift in the overall operation methods of the nonprofit organizations due to this pandemic. They started embracing new operating models, using the right digital tools and encouraging new ways of working to maximize performance. Along with the employees who endeavour to perform their work in the new environment, the beneficiaries should also learn to communicate with the organization in the new operating model. Some organizations tried making the digital tools easier for the beneficiaries to use and witness a seamless experience. 

One significant thing the nonprofits can do is to provide the front-line-employees with the correct data and insights , as it will help in serving the stakeholders more efficiently, who overall support the movement of a nonprofit organization in various ways. 

Since the digital economy is changing, it is crucially important for nonprofits to ensure that the operations they are working on are efficient and effective enough to achieve their organizational goals and objectives. To know more, learn how the Covid-19 pandemic propelled businesses to reimagine their businesses and how pandemic-driven digital transformation looks like.

Developing strategic partnerships

In the middle of the pandemic, the nonprofits receiving support from the profit earning organizations have taken a positive shift towards growth and development. Since some nonprofits fall behind in their digital capabilities, several technology companies have stepped in to provide free services for a limited time to get through this current crisis. The nonprofits have gained benefits from these corporate partnerships in many ways, huge marketing exposure, increased funding, shared resources and the capability to increase more volunteers. 

Some nonprofits abstain from getting involved in such partnerships without realizing the positive impact which can be obtained from it. And one important thing to be aware of is the selection of the right partners to work with. Since changing digital providers might lead to various inefficiencies in the long-term. But by choosing the right partnerships, nonprofits can sustain their operations and succeed in attaining their work plan and targets.

Providing support with the emerging technologies

Adopting the emerging transformational technologies by the nonprofits proves to be one of the best decisions as it helps in meeting the growing digital expectations. Such technologies are listed below.

  • Augmented Reality
  • Virtual Reality
  • Blockchain 
Augmented reality 

Augmented reality provides a live view of something in the real world. It basically blends the real world and virtual reality to improve the viewer’s insight of his or her surroundings. By adopting this technology, the nonprofits can gain many benefits. Firstly, it transports your organization’s constituents to the center of your cause. This helps in establishing a personal relationship between the organization and potential donors and volunteers, also building the necessary trust. For better understanding, a NPO, charity:water provides an example. In the December 2015 annual black tie fundraising banquet, by using augmented reality, the guests of the events were provided augmented reality headsets that virtually transported them to a small village in Ethiopia. They were taken through a week in the life of a 13-year-old Ethiopian girl through this technology, where they saw her family’s struggle for clean water firsthand.  By watching such a heart-breaking story, the guests were so moved by the experience, that they ended up contributing a total amount of $2.4 million. This technology also provides viewers real-time information. 

Virtual reality

We will understand this technology by the help of an example. A nonprofit organization, Pencils and Promise aims at providing education to children by building schools in the rural communities of less developed countries like Nicaragua and Laos. It is difficult to convince donors and investors to contribute while the construction is still half-a-world away. If by any chance, they contribute, a part of the donations are automatically funnelled towards the travel costs. So, virtual reality can be a perfect solution for such a problem. By using this technology, a one minute-and-a-half film was shot and the organization could surprisingly, raise a sum total of $1.9 million.

Blockchain

Blockchain helps nonprofits in various ways. It provides full transparency regarding tracking the transfer of funds from the donor to the beneficiary, scrutinizing the usage of funds and the overall activities of the organization. It helps in trust building between the donor and the beneficiary by providing the clarity of the necessary tracks and services. It is found that some donors wish to remain unknown, they want to support the nonprofits without revealing their identity. The traditional funding method failed to provide that facility, while blockchain is able to maintain confidentiality by providing the digital wallets facility. The intermediaries like banks and payment services do not fit in the architecture of the blockchain technology, so it helps in reducing the administrative costs of the nonprofits and also helps in smooth transfer of funds to the beneficiaries. Also read, how blockchain is revolutionising the education sector and digital media sector. 

Providing safe and secured user experience

You will not use technology, you don’t trust. Isn’t that obvious? So, this rule will be applicable for everyone, from volunteers and donors, to employees and beneficiaries. Though nonprofits come across cybersecurity attacks, recent studies revealed that nonprofits fall behind in adopting the robust policies and practices required to suitably secure their IT environments. 

Here is an example: Between 2016, December and 2017 April, the UK’s privacy regulator publicly exposed and charged 11 large charities for failing to follow UK privacy rules with regard to usage of donor information.  

Discovering new ways of working to secure your nonprofit’s future 

It is understandable that nonprofits go through a lot of challenges in this highly competitive world, but they can take all these situations as an opportunity to be creative and grow tremendously. Some organizations surrender and fail to overcome these challenges and others courageously adopt innovative new business processes and technologies to succeed in their mission. This process of adoption can be termed as digital transformation. The nonprofits can have a better understanding of digital transformation by observing the transformation journey of the leading private sector companies. Some of the ways in which the nonprofits can thrive in the digital world is by building flexible and robust technology service platforms that can free themselves from maintaining high-priced infrastructure which requires important levels of man-power and expertise.  

How can nonprofits kickstart their digital transformation journey


Now let us take a glimpse of how a digital transformation takes place. Here are 5 major steps you can follow to get started.

Step 1

Establishing a common frame of reference. The first step is to build a common language and also frame a reference which all your stakeholders can look upto. The NGO Reference Model can be adopted and it will help you in visualizing the major connection points between process, people and technology in your organization.

Step 2

Assessing your present approach to digital technology to recognise gaps and opportunities. It is advisable to assess your present approach to technology over the four necessary outcomes of nonprofit digital strategy as discussed above. You can get started by completing the Nonprofit Digital Strategy Assessment to recognize current gaps in your approach to digital technology, also prioritizing opportunities for development, and get insights about exactly what the next level of transformation will look like. 

Step 3

Building consensus by explaining how digital strategy will transform your impact. The successful digital transformation strategies need strong support from the senior leadership, since the digital transformation impacts every single role within the organization, therefore, everybody has a role to play. A transformational digital strategy can be formed by building consensus and obtaining support from program teams, middle management and senior leadership to enhance the culture of innovation at the workplace. The leaders will have to take responsibility in actively engaging the volunteers, employees, donors and the beneficiaries to contribute their part in the process of this transformation. 

Step 4

Identifying ways to increase your security in the cloud. The nonprofits can improve their security by adopting the right cloud platform without any huge upfront investment. It is important for both cybersecurity and data-protection compliance. In fact, a major necessity of most comprehensive data-protection laws that includes the EU Data Protection Directive and the GDPR, is that companies handling personal data should take organizational and technical steps to maintain the security of any personal data they gather or process. To know more, read about GDPR and CCPA


Step 5

Start your digital transformation. After building the agreement that digital transformation is required, you can follow the respective process of Dream, Design, Deliver to form a transformative strategy. 

Dream. You can run a design thinking workshop to visualize the innovative scenario with your team.

Design. You need to align technology, process, and organizational change management plans into a time-phased common roadmap to deliver emphasized scenarios and impact.

Deliver. You need to execute process reengineering, technology solutions and organizational readiness, making sure that closed-loop measuring of learnings and impacts can be further utilized in the next stage of transformation. 

Drupal: The first choice for non-profit organizations


Nonprofits need a platform that can simplify the donation procedure, build a secure site, share the organization’s mission through blogs, and set up online communication among the site organizers and visitors. Therefore, Drupal is the perfect CMS for a nonprofit website as it implements all types of functionality without any concerns. It further provides a wide range of exclusive features that meets all the expected standards of a nonprofit site. So, the below Drupal features prove that Drupal for nonprofits is the best choice.  

Open source

The Drupal project is entirely open-source software. You can download it completely free of cost, then use, work or share it with someone else too. It is based on some principles like globalism, collaboration and innovation. It can be further distributed under the terms of the GNU General Public License (GPL). There are no licensing fees for Drupal.

The Drupal community always supports its users by answering their queries and concerns. That means, if you have a question, someone surely will have the answer, as it's a worldwide platform. The Drupal developers get access to the worldwide community experience. 

Learn more about open source here:


Content workflow

Drupal’s in-built tools help in content creation, workflow and publishing, also letting the content creators to work on it easily without any concerns. Editorial workflows can be managed efficiently by permission and authentication available in this platform. The provision of previews gives the visibility of how the content will be displayed on a device before approving and publishing the content. It allows you to create content with a WYSIWYG editor. The facility of quickly tracking all revisions and changes are available, if you require to maintain a history of content changes. All the stages of content, from creating, reviewing, and publishing can be viewed, to help you manage your roles and actions. Drupal has an exclusive feature where you can create a structured content i.e. describe content elements, tag content based on any attributes, form suitable taxonomy for content so that it can be observed, used, reused if required in a manner that can enhance customer satisfaction.

Drupal gives you an opportunity to create the relevant content architecture using the Admin Interface or even do it programmatically. It provides you with unique mode tools and views, customizable menus that give a comfortable user experience, and create pathways to content across various devices.

Read about how layout builder and paragraphs module enhance content workflow in Drupal.

Security

Drupal CMS is free from all kinds of web security vulnerabilities and threats as it is completely safe and secure. Robust security is kept as a priority by Drupal. Drupal has a team of security experts that take care of all the security concerns with their well built coding standards and strict code review process. It also has a vast professional service provider security as they don’t want to take this important aspect, ‘security’ for granted. 

According to the 2020 edition of the Acunetix, Web Application Vulnerability Report, Drupal was found to be the most secure CMS in the open source CMS market.

Source: AcunetixScalability and performance

Drupal built-in performance features that, combined with a modern CDN provider, performs exceptionally well under the pressure of supercharged databases, advanced caching and load balancing. Drupal’s scalability allows your website to perform remarkably well even on the busiest days.  To know more, read about Drupal’s performance optimisation offerings and how it scales with your needs to govern high web traffic.


Multilingual

The automated language translation of Drupal helps in reaching different audiences with localized content. Drupal specializes in building complex multilingual web applications and customized sites in various languages. Core modules in Drupal enable complete translation of every part of a site, content types and their specific fields, menus, users, blocks, taxonomy, comments and contact forms. It allows in recognizing the preferred language as per the user’s IP address, URL, browser settings, session and more. Read more about Drupal’s multilingual capabilities here.

Accessibility

Drupal provides a special feature of building websites that are accessible by people with disabilities. It makes sure that all its features conform with the World Wide Web Consortium guidelines (W3C) guidelines: WCAG 2.0 and ATAG 2.0. Such a feature of accessibility is very important as it is able to accomplish one of the most desired objectives of serving all the citizens without any discrimination. 

Learn more about accessibility here:

Personalisation

Drupal provides its users with an exclusive, personalized profile for every visitor such as using geolocation, browser history, behavior taxonomies and device type. You can get a customized experience that will help in tracking and reporting with A/B and multivariate testing, enhancing ROI through target marketing and also segmenting visitors over devices with an aim on the important user identity for your business goals and objectives.  

Learn more about personalisation here:

SEO

Drupal provides exclusive SEO tools that can enhance your site’s visibility. Below are the tools and modules.

To know more, read this definitive guide to Drupal SEO in 2021.

Multisite

With Drupal you can manage numerous sites across your company, geographies, brands and campaigns on a single platform, enabling smooth, quick website creation and deployment. Read this complete guide on Drupal multisite to know more.

Marketing automation

Using tools and modules in recent versions, Drupal facilitates easy integration with the automation platforms that can assemble customer demographics, also converting potential leads within the appropriate time. Learn more about how marketing automation can be leveraged with Drupal here.

Mobile first approach and mobile app delivery

Drupal helps in building responsive websites and creating web applications which can provide excellent visitor experiences. It provides responsive design best practices and assures your users receive the ultimate content experience every time, on each device. You will find two ways of building mobile web applications which work with Drupal - integrated with Drupal at the theme layer, or a standalone mobile web app that communicates with Drupal using web services. Although both the approaches will work for building mobile web applications, it will be much easier to begin with integrating the mobile web app into Drupal as a theme. To know more, read about mobile-first design approach and mobile apps like that of Flutter-powered delivered by Drupal.

Integrated Digital Tools and Applications

Drupal easily integrates with a broad ecosystem of digital marketing technology and other business applications that can help you choose the right set of tools today and also according to your comfort, flex with new tools tomorrow. 

Strong Stack Foundation

The latest LAMP technology stack like Linux, Apache, MySQL and PHP are the ones upon which Drupal lives since they meet the requirements of flexible, fast-moving agile organizations and brands that help in creating the next generation digital platforms. 

Decoupled Architecture

One of the features Drupal provides is the content flexibility that allows an easy flow of content over websites, native apps, connected devices which can be displayed on third party sites and social networks. As, many CMSes seek to manage content in a back-end repository and move it to “front-end” templates that can provide an experience (mostly static). There is a facility to decouple the back and front ends, wherever it's necessary. Hence, Drupal content remains as reusable chunks, that is free from presentation, also ready for smooth delivery to websites and applications. Content becomes future proof as well. Due to Drupal’s presentation i.e. RESTful API and neutral content, the front end developers can come out of the restrictions, helping them build interactive websites and applications, according to their convenience. Tools like  Angular, Node, Ember, Backbone, and others are available. You can obtain  third-party content(eg. syndicators and aggregators) and make it available to any website, app or channel under this platform. Drupal’s content can be easily consumed by other websites and applications with the help of Drupal’s content-as-a-service capability. Also Drupal’s front end developers can smoothly design content like for example, separating back-end content from front-end presentation according to their conveniences. 

Learn more about decoupled Drupal here:

Web Hosting

Drupal helps you to choose the best hosting vendor that suits your needs, you can change hosting vendors whenever you want, and also select to host the website internally. 

Migrations

The Drupal upgrades are referred to as easy and reliable. The upgradating of Drupal 8 to 9 was simple, as said by the makers. By following a four step guide, you can prepare your present site’s functionality, also maintaining proper security standards of Drupal 9 by utilizing the Upgrade Status. With the help of Upgrade Status and Drupal Module Upgrader , the developers are allowed to make the upgrade themselves. And it also further helps you to recognize whether your modules and themes are competent enough for Drupal 8/9 and convert your custom code accordingly.

Learn more about Drupal 9 upgrade here:

Extensibility

Drupal has various modules, themes and distributions to extend the functionalities.

Below are the examples of Drupal modules for non-profit:

Orcid

According to ORCHID.org, ORCID is an open, non-profit, community-driven effort to create and maintain a registry of unique researcher identifiers and a transparent method of linking research activities and outputs to these identifiers.

The Orchid module helps a user to create an account and login with ORCID OAuth2.

Campaign Kit

It is a flexible donation system that helps you to engage your supporters in the fund-raising activities. The Campaign Kit module is compatible with Drupal 9. It allows:

  • To create standalone campaigns (donate toward a specific goal)
  • Let your supporters create peer-to-peer Campaigns; that will allow the end user to create a child campaign (with a URL different from the parent campaign) and the amount raised rolls up to the parent campaign.
  • To create excitement with team competitions.
  • The site can display a donor wall.
  • Campaign queuing.
  • Availability of payment processors using the plug-in architecture.

There are many exclusive themes too that Drupal presents, like. 

YG Charity | Bootstrap based Drupal 9 theme for NGO

The YG Charity is the most suitable drupal theme for NGO, charity and non-profit organizations. The features of this theme include:

  • Drupal 8 and Drupal 9 core
  • Bootstrap v3.3.5
  • Causes and events sections
  • Team
  • Testimonials
Charity Zymphones Theme

The Charity Zymphones theme is specifically designed for charity, nonprofit, non-governmental organization (NGO), donation and fund-raising campaigns with exclusive features. You will find all the required features for a charity site with a complete responsive mobile-first layout. This theme perfectly fits in many displays and resolutions desktop screens, tablets, iPads, iPhones and small mobile devices. It is also compatible with Drupal 9.

There are various distribution options that Drupal has. Let’s now take a look at the Drupal distribution for nonprofits. 

Open Social

You can create digital spaces which allow your members to share with Open Social's out-of-the-box solution for your online community. International organizations around the world like The United Nations, Greenpeace, the European Commission, FIFA and many more use this distribution. With the help of this community engagement platform, the NGOs, governments and many organizations can connect to their members, volunteers and customers. 

Campaignion Starterkit

The Campaignion Starterkit is a Drupal Distribution for non-profits. It basically specializes in eCampaigning, online fundraising and also applies digital marketing best practices. It helps in:

  • Setting up online actions such as petitions, email protests or other landing pages with forms to capture leads.
  • Creating donation pages and allowing visitors to pay through paymill, stripe and direct debit.
  • Managing supporters in a CRM system (based on Redhen CRM, heavily customized)
  • Managing subscribers of your email list with third-party email marketing tools integrated.

To get more information, you can visit the Campaignion website and for documentation, you can  start with Campaignion core module

Drupal Commons

Drupal Commons is a "community collaboration website in a box" built on Drupal. The following are the help which you receive from this distribution.

  • You can answer the question, “How do you get started?”
  • By downloading a nightly snapshot, you can take a test of the development version of Commons.
  • You can provide e feedback on documentation, and also make requests for additional documentation.
  • Finally, it helps to work on an issue in another project with the commonslove tag.
Open Outreach

Open Outreach is an inexpensive and a quick way for nonprofits and community organizations to operate using Drupal with the web tools which they require for effective public engagement. It basically comprises the latest version of Drupal core and other modules and configures in advance the features frequently used by organizations such as events calendars, image and video handling, social media integration, and contact management. With this distribution, you can save a lot of time and money while building your non-profit websites.

Support and maintenance, hiring of developers, and partnering with digital agencies

There are various Drupal agencies you can go for. They try to provide quality services according to your requirements and choices. Here are the top 4 Drupal agencies in the global Drupal marketplace.

Source: Drupal.org
Supporting emerging technologies

To deliver a better user experience, Drupal actively uses the latest technologies like artificial intelligence, machine learning, IoT and cognitive search and digital voice assistants like Alexa on Drupal sites. More on futuristic websites powered by Drupal here.

Hence, with the above features, Drupal nonprofit websites can be built according to your project's expectations and standards.

Success stories

Taking you through some case studies that proves Drupal as the best option to opt for in order to build a secure and user-friendly website.

The National Council for the Blind in Ireland (NCBI)


The National Council for the Blind in Ireland (NCBI) is a part of the project, Bookshare by Benetech. The council provides learning opportunities to those who struggle with visual impairment across the globe. It aims at providing accessibility for nearly 1.3 billion people worldwide. NCBI is actively working in their field but since they don’t have a website of their own, they are not able to let their constituents get access to their content in a digital format. Therefore, they wanted to share their materials easily in an online format to make people understand their vision and goals, and to make the site AAA compliant. After the large Bookshare platform was made available, NCBI could utilize the platform to partner with publishers in Ireland and share their materials. Availing strategy, design, front and back-end development of the platform in Drupal, Bookshare could be tailored to NCBI’s requirements and audiences to get access to reading. Now, by working with Kanopi, NCBI could provide excellent features like synchronized text and audio, searchable text and customizable font size and contrast to help visually impaired people with learning and literacy. NCBI finally has a AAA compliant site, with 800,000+ titles available to users. This was a big achievement for the team as they could manage to give such great accessibility to people around the globe with learning and education.

Drupal 8 Redesign for Non-profit, Synergos


Synergos, a global nonprofit, has been committed to systemic change solutions to fight against poverty for over 25 years. The Synergos team was ready to rebuild their website for better engagement with the donors and supporters. The project aimed at bringing optimum exposure and audience engagement to Synergos.org, enabling users to smoothly find and engage with content, creating simple ways for users to learn about Synergos’ mission, activities, increasing support in the form of donations and email subscriptions, services and the easy ways of getting involved with them. Drupal brought a huge transformation by providing a fresh approach to digital strategy, a new design, allowing to engage with new partners, making funding secure, strengthening services. Drupal provided Synergos some exceptional results like the bounce rate improved by 19%, pages/sessions increased by 27%, session duration increased by 63%, and finally page load time was enhanced by 52% on tablet devices and mobile. Synergos overall got a very customized platform that helped in enhancing the user engagement and increasing their audience as well. 

Website Redesign in Drupal 8 Helps a Rockstar Nonprofit Get an Edge


Youth on Record empowers high school students, the ones  who are underprivileged to prosper in their lives through the help of musical programs. It actively partners with local and national musicians, schools and treatment centers to provide them credit classes that are inspirational, engaging and culturally suitable for students. There was a problem with their website since it was unable to display the tangible impact of providing children access to get a learning experience from real artists and couldn’t support fundraising and event awareness endeavours. A new website information architecture, with an improved user experience and a responsive design was built on Drupal 8. There was a lot of content that Youth on Record had but it wasn’t well organized. So, along with choosing the right content, media too had to be well looked after or else it could lead to confusion. Here, Drupal 8 handled the situation by allowing an easy integration of external libraries. Therefore, it was pretty easy to include a library to handle execution of the Twitter API, that saved long working hours and cost, and also allowed Youth on Record’s content to be relevant. So, all the desired project’s outcomes were achieved such as the new Youth on Record website now acts both as a media center and resource for every aspect of the company. It enhanced fundraising, partnerships, more engagement of partner artists and followers. Drupal 8 provided a complete, future-proofed site that was launched on time within the planned budget and could also reach the client’s expectations. 

A Reimagined Rainforest Alliance on Drupal 8


Reimagined Rainforest has developed a repository of well structured content to support their vision and mission. The content is majorly displayed in long form text, there is also a broad variety of metadata and assets related with every piece of content. One of the major goals of the new site was the availability of the provision to discover new content on the website through automatic selection of similar content navigated by the metadata of the content the user was observing. Also, RA had a future plan for advanced authorization and publishing workflows to allow stakeholders, who aren’t from the web team to play a part in the content lifecycle. So, Drupal 8 was chosen for this project. Firstly, the focus on structured data suits Rainforest Alliance’s requirement for movable and searchable content. Secondly, due to the integrations with Apache Solr permitted for a nuanced content relation engine. Also Solr was utilized to power the several search interfaces. Thirdly, Drupal possesses strong workflow tools for managing content. Although the tools weren’t ready for Drupal 8, when they built it, the Drupal team knew that the tools would be easy to integrate, once they are completely ready. Therefore, it was proved that Drupal was the best choice for the project’s immediate need, and Drupal 8 was successful in meeting the organization’s long-term goals and aspirations. 

Conclusion

With the help of digital transformation, nonprofit organizations are able to enhance their impact on the society, reach their target audience and be prepared for any challenges that they might come across in the path of meeting their clear goals and objectives. In this digital transformation for nonprofits, Drupal plays a major role in turning their mission into reality, providing them the opportunity to work confidently in the field of technology and successfully help in achieving their work aspirations.

blog banner blog image Drupal Non-profits Digital Transformation Blog Type Articles Is it a good read ? Off
Categories:

Droptica: Review of the Drupal Configuration in terms of Security

Planet Drupal - Tue, 2021/08/10 - 8:30am

In the first part of the series on Drupal security audits, we described how to review modules and libraries. However, modules and dependencies will be useless if any user will be able to see our custom routing where we display all the client information. Therefore, in this article we'll look at the configuration of our website. Correct configuration is one of the key elements affecting security.

Checking the Drupal configuration

For this part, our list will include checking the role permissions, access to the Drupal views and routings, among other things. We'll also verify the correctness of the text formats configuration and perform other checks to find the largest number of potential vectors of attack on our application.

Role permissions audit

By going to /admin/people/roles, we’ll see the list of all available roles.

 

In the list on the right (the OPERATIONS column), after clicking we can select the edit permissions option, which will redirect us to the page /admin/people/permissions/[machine_name_of_the_role] (example for the Anonymous role: /admin/people/permissions/anonymous). After going to the permissions edit, Drupal will list all the possible permissions that have been granted for the selected role.

 

To verify the permissions, we should first consider what task is assigned to the role. We need to ask ourselves whether role X should have permission for action Y, for example: should the content editor role be able to edit all views? If the answer is no, the permissions should be restricted.

Full knowledge of the project is required for a permissions audit. If we find a permission that we believe a given role shouldn't have, we should only inform in the audit report about the possibility of the role having optional permissions. We'll provide more information on how to create a good report in one of the next articles in the Drupal security audit series.

View permissions audit

After auditing the roles, it's time to take a look at the views. They're all listed under /admin/structure/views.

 

Our first task, in this case, will be to enter into the edit of each view that provides routing. We need to find the PAGE SETTINGS section, and more specifically – the Access option, which should only intentionally be set to "Unrestricted".

 

As is the case with the roles, when auditing the view permissions, we should ask ourselves: what restrictions should be put on the X view? If the view should be accessible to everyone, it's good practice to use a restriction which requires having permission to access the published content. If any of the views have no restrictions or we find them to be too moderate, we should inform about it in the report.

Audit of the routing.yml files in custom modules

When it comes to the routings created in custom modules, the audit looks similar. We should review every *.routing.yml file to ensure that every routing has the appropriate level of security. Here is an example of a new routing declaration

 

In this case, every user with the access content permission is permitted to access the /machine_name/transliterate page. It's also a good practice in this case to define a minimum access level for every access content routing.

Text formats audit

The path /admin/config/content/formats contains all the text formats available on the page. In this case, the audit will consist of checking, for example, whether it isn’t possible to insert JavaScript code using a given text format or whether it isn't possible to link an image that will be downloaded from another page. It's also important for the list of possible file extensions not to allow uploading files with unsafe extensions if it isn't necessary. Of course, we report the configuration errors – the risk level depends on the type of error.

Error logging audit

There is the Error messages to display configuration option on the /admin/config/development/logging page. It's used to set the error display level. This option should be set to None on the production page. If this option is set to a variant other than None in the production environment, we report it as a low-level threat.

 

Basic login audit

There are two ways for the login panel to inform if the user trying to log in provided incorrect data. It may give a brief answer such as "data is incorrect", or give one piece of information when the login is incorrect, and another when the password is incorrect. In the last case, we're dealing with a vector for a brute force attack. The attacker may first storm the logins and then the passwords – thus gaining access to the user accounts.

Another aspect worth checking out is the password policy. It's a controversial topic, since some propose to force a password change periodically, and others say that the password should contain at least one uppercase character, one lowercase character, one digit and one special character. Some people combine both these rules, and users end up creating passwords like July2021! which meet all the requirements. My personal recommendation in this case rules out the necessity to change the password from time to time. Determining the complexity of the password is recommended, but the most important thing is its length - the longer the password is, the more time it'll take to crack it. The password policy is an issue that depends on the type of project and must be analyzed individually. In the case of a weak password policy, you should report it as a threat with a level depending on how bad the policy is.

Forms audit

The forms should be protected against spam. They should be created using the Drupal API where possible. Check if the forms are protected against spam and if their validation doesn't allow entering incorrect or dangerous data. If you find an incorrectness in the form's configuration, you should be reported – the risk level depends on the situation. There'll be a different level of risk for a potential SQLi, and for the possibility of entering incorrect data – for example in the select list.

Additional recommendations

There are Drupal modules that increase the security of our application. One such module is Security Kit. Thanks to it you'll reduce the likelihood of using the website's security gaps. This module offers Anti-XSS, Anti-CSRF, Anti-ClickJacking, and other security measures. We recommend reading the linked post and considering the installation.

Security Review is a module that can help with a Drupal security audit. It uses automated security tests that help with performing the audit.

This module:

  • checks the file permissions,
  • performs a file formats audit,
  • performs an audit of the options responsible for reporting errors,
  • performs an options audit, in which we determine which file extensions can be uploaded (e.g. to be downloaded in a blog post),
  • monitors database errors in order to detect a potential attack,
  • monitors the login panel for the same purpose,
  • checks the configuration of the trusted hosts file,
  • checks the view permissions.

Security Review is recommended as it can speed up the process of auditing the page.

Drupal configuration checked - what's next?

In this part of the series on performing a Drupal security audit, we've learned the ways of checking the Drupal configuration. We are familiar with the configuration options that can open attack vectors and we know what the recommendations are for closing these vectors.

Acquiring the knowledge provided in this post has allowed you to better understand that a correct Drupal configuration is as important as keeping it up-to-date. A configuration audit is another of the activities that we perform during a security audit - our Drupal support team recommends a comprehensive configuration check during a security audit.

In the next part of this series of articles, we'll deal with the code and learn about the basic ways to audit it. We'll present the ways of analyzing modules and themes. We'll take a look at what's in the repository. Are there any passwords, keys in it? Or maybe the entire database dump?

Categories: