With popularity comes trouble... In this case here meaning: security vulnerabilities and risky over-exposure to cyber threats. And this can only mean that securing your website, that's running on the currently third most popular CMS in the world, calls for a set of Drupal security best practices for you to adopt.
And to stick to!
There's no other way around it: a set of strategically chosen security measures, backed by a prevention-focused mindset, pave the shortest path to top security.
Stay assured: I've selected not just THE most effective best practices for you to consider adopting, but the easiest to implement ones, as well.
We’re thrilled to announce that Teaching Tolerance, a program of the Southern Poverty Law Center is up for a Webby! Their mission is to provide educators with the tools to create a kind and inclusive school climate. They do this through a library of articles and resources that they’ve turned into teachable materials via a Learning Plan Builder, d and other classroom activities. It’s something that we feel is especially important work, now more than ever.
This is a project that meant so much to everyone that touched it; and it was a true partnership every step of the way for both our teams (Tolerance and ThinkShout). It certainly speaks to the passion that was put into it from all angles, and it’s an honor to be recognized for this work.
Our Case Study will give you the full scope of work. But for a quick summary: In redesigning their website, ThinkShout set out to turn the wealth of articles and resources Tolerance had into teachable materials, and did so by creating a guided Learning Plan Builder that makes all content classroom-ready. Tolerance grants free access to thousands of resources – from video to essays to proven teaching strategies – and everything within that catalogue is now actionable. We also took on the challenge of migrating their content from two older Drupal 6 and 7 sites into one new Drupal 8 site.
The result? Since launching summer of 2017, Tolerance.org has seen improvements across the board:
- Pages per session up 21%
- Session duration up 27%
- Bounce rate decreased by 8%
- Returning visitors up by 3%
- Registrations nearly doubled (from 19,000 to 36,000)
Here’s where you come in: our nomination for a Webby means we need the people’s voice (aka VOTES) to actually win. Voting ends April 19th!
Personally, we can’t think of anything more critical at this time than the work Tolerance.org is doing to ensure the next generation is primed to participate in our democracy. And winning the Webby will certainly help them gain visibility and advance their mission even further.
P.S. Travel Oregon also made it as an honoree in the Travel category, and they were up against some stiff competition! You can see their case study here.
The advances in technology has brought in an unprecedented growth in E-Commerce industry, which has become a major target for cyber crimes. Thus, it becomes necessary to address the security measures for websites as any data breach leads to the loss of sensitive information along with monetary losses. This not only threatens reputation of the organization but also leads to mistrust among customers. When compared to leading organizations, smaller firms are affected more as they have to suffer substantial losses.
Full security over the web can’t be attained as the hackers are devising new plans everyday to access consumer data. But, threats can be minimised by following certain…
We recently relaunched the updated front-end for Zürich Tourismus. In this blog post, I want to highlight some user experience improvements that we added to the existing Drupal 7 website using React. Enter the Zuerich.com filter pages.Josef Dabernig Fri, 04/06/2018 - 09:28
The Zuerich.com filter pages are highly interactive and allow the site visitor to explore data in a synchronized list & map view. We also applied the same concept to the different filter pages for Accommodation, Events and Restaurants.
Instant, Client-Side filtering
A key improvement to the filter pages is that they allow users to quickly explore and filter the data. The filter section immediately updates the corresponding results list according to the selected criteria. This works well for datasets below 1000 items, which are all accessed together and filtered using React on the client-side.
In traditional Drupal implementations, we would have the entire page reload for every filter click event, or, if we were to use AJAX, the entire results section would reload and require a round-trip to the server which slows down the user experience. With the new React-based approach, we were able to greatly improve the interaction speed. The search box also instantly filters the items for every character that the user enters.
A really cool feature on top of the instant client-side filtering is the “Nearby me” search. It allows the user to either select their own geolocation or select from some popular points of interest. For tourists that aren’t yet familiar with the city, being able to choose between various important locations, such as the Zurich airport or main station, helps in their orientation.
When a point of interest has been selected, the map instantly switches to “Filter list by map” mode which only displays the results that correspond to the current map window. As the user zooms in or out, the map automatically updates the results list.
Keeping Multiple Viewports in Sync
Keeping multiple viewports easily in sync is one of the main advantages of using React to implement the filter pages. The state of the dataset and filters can be managed centrally and will automatically update the different views, such as the filters themselves, the results list as well as the markers on the map. By moving around the map, the user is also able to filter the list results to show only what is available in the current viewport which helps narrow down their search geographically.
Unlimited, Interactive, React-based Filter Pages
The Zuerich.com filter pages are built using React components within the existing Drupal 7 infrastructure that drives the main website. We fetch the data from the backend using custom JSON feeds and render the filters, the results lists and map views using React. By doing so, we significantly improved the actual and perceived performance of the user interactions with the filters and map view. The same concept has been applied to different parts of the website. There are many more of these filters pages in addition to the ones used for Accommodation, Events and Restaurants.
In the back-end, the content editors are able to create custom filter pages using a special Content Type form. Filter settings and sort or proximity search options are able to be configured accordingly. In the React-based front-end, we then show the adjusted set of filter options and adjust the list views slightly i.e. to show star ratings for hotels.
One of our club members have asked us how to create a survey form in Drupal 7. They wanted to achieve this without a need for custom coding.
The Webform contrib module is the perfect tool for the job. In this tutoral, you will learn how to use this module to survey what peanut butter, jelly and bread your site visitors prefer.
Agiledrop.com Blog: AGILEDROP: Drupal business sessions you don't want to miss at DrupalCon Nashville
For a recent project, we were tasked to consume the client's internal data from a custom API. Now, this scenario was lucky for us, the API provides a total item count of about 5000, but when queried with a start date, it provides all revisions of items between then and now. The premise was that the data was to be downloaded at regular intervals, so that content editors didn't need to copy and past to keep product information up to date.
Drupal Commerce 2 comes with promotions sub-module that lets you manage store promotions in so many different ways. One common promotion method is to give your customer coupon codes. Coupon codes "unlock" a specific deal for the customer. For example, if you're trying to get a customer to complete an abandoned cart, you may offer a coupon code for 20% off the entire order to try and push them. Maybe you have a weekly newsletter and you want to reward your subscribers with a deal just for them. A custom coupon code with a discount is a great way to do this.
In this Acro Media Tech Talk video, we user our Urban Hipster Commerce 2 demo site to show you just how easy it is to create a promotion and assign a coupon code to it. We'll also show you how you can set additional conditions so that the coupon is only available to use when the conditions are met.
Its important to note that this video was recorded before the official 2.0 release of Drupal Commerce, and so you may see some differences between this video and the current release. The documentation is also evolving over time.
This video was created using the Urban Hipster Commerce 2 demo site. We've built this site to show the adaptability of the Drupal 8, Commerce 2 platform. Most of what you see is out-of-the-box functionality combined with expert configuration and theming.
Last year one of the big topics for the Drupal Global Training Days (GTD) Working Group was sorting out what exactly we can do to help with organizing these events. To that end, we sent out a survey to learn more about the kinds of events that people doing GTD events run, or have offered in the past, and how the community can help. We got 33 responses to the survey and 9 of those fine folks also hopped on a phone call with us (myself (add1sun), Mauricio (dinarcon), or Marina (paych)) to talk about the survey answers in more depth. While it's been a little while since we conducted the survey and interviews, we figure this is really interesting and useful information to share with the community.
The first section of this post covers the questions we asked and the results on the survey. The second section dives into our takeaways from the interviews we conducted after the survey.Survey Results What is your motivation for organizing GTD?
Far and away the most common motivation for running GTD events is to grow the local Drupal community, with over 90% selecting this as at least one reason. The second biggest motivation (39%) was to promote a company or organization, which was then followed up equally at 24% with finding new hires or new clients.Is your company sponsoring your time to prepare and present the training?
For this question, about 60% of respondents have their company cover their time. There was also a mixed bag of people who are their own business or who freelance, where counting company versus personal time is a blurrier line, as well as people who straddle both, doing some of the work on the clock and the rest on their own time. 21% of those surveyed stated that they are not supported by a company for GTD events.In which country (and city) have you organized a GTD?
Our list from the survey covered 36 events in 18 different countries, plus an online course with attendees from all over the world.
- Costa Rica
- India (5)
- Mexico (3)
- South Africa
- United States (11)
23 (64%) of events are being offered in English. There were 12 languages other than English in the list, with Spanish taking the number 2 slot with 6 events, which lines up with the number of events in Spanish-speaking countries.
Given the wide range of countries, it is a little surprising that there is definitely a concentration of events that are offered in English.What materials do you use to present the training?
This was split almost evenly between those that use materials they created themselves and those that use a combination of existing materials and their own.What topics have you covered in the trainings you have presented?
113 responses (with multiple select) indicated almost everyone covers more than 1 topic, and the vast majority of those topics are introductions to Drupal and getting started. Of the topics presented:
- 94% cover What is Drupal?
- 85% do Site Building
- 70% cover the Drupal Community
- 51% do Theming
- 42% do module development.
From the results to this question it is clear that most GTD events do not stick with just one broad topic.What format do you usually follow?
The most popular format (76%) is to have the instructor do a live demonstration and have the students follow along. Next in line is to only give presentations, and the least popular was to have the instructor do a live demo but not have the students work on the project. There were also a couple of people who use recorded videos and then offer Q&A and support to the students as they work through them.How long does the training last?
- 36% give full day workshop
- 24% give half-day workshops
- 30% do a mix of the 2 formats.
Event size was interesting. Over 50% of events had 11-20 attendees. Smaller groups, from 1-10 came in second around 27%, and only 21% of events had more than 20 attendees.Choose the statement that fits you most with regards to venue cost
Just over a third of respondents have given events at different free venues, while 21% have access to a permanent free venue to use. 30% have used both free and paid venues. Only 1 person has a permanent paid venue they use for GTD.What type of venues do you use?
Most events use either a company office or a university/educational facility, with conference spaces and co-working/community spaces making up much of the rest. There were also a range of locations from coffee shops to libraries included.What is the attendee capacity of your venue?
Compared to the class sizes mentioned above, there is certainly space for bigger groups overall, with 60% of venues capable of accepting over 20 attendees.If you organize GTD in a paid venue, how much does it cost on average? (Use local currency)
For those who do pay for venues, the costs are all over the place, which makes sense given the huge range of locations (both world location and venue type) for these events. The most expensive came in around $400 USD or ~325 EUR.Which of the following does your venue provide?
Most venues (88%) provide a good internet connection, and a projector with screen. 21% of the venues provide computers to use. Others noted extras they get with their venues include things like parking, snacks, and coffee.Interview Results
We also spoke to 9 people from 5 countries to dig into what they're doing and how the community and GTD Working Group can help. While everyone has different struggles and needs, there are a few common themes that come through.Organizing and Marketing
There was a wide variety of needs around organizing and marketing GTD events. This included things like matching up people who like to teach with people who can organize and market the event (many times people don't really want to both!), and there was definitely a repeated request for marketing materials and guidelines for groups to help promote their events. There were also some interesting ideas like creating badges for trainers and attendees, as well as having better ways for GTD organizers and trainers to share information, either through online knowledge bases or in-person events, like GTD-focused activities at DrupalCons.Curriculum
Not surprisingly curriculum and course materials came up for a lot of people. As we saw from the survey results, a lot of people create their own materials, often through need, not because they necessarily want to. There was a common thread of requests for workshop agendas, slides, and all kinds of training materials, centrally located so that people could more easily build a workshop without investing a lot of curriculum time. A number of people also pointed out that not having materials in the local language was a problem, and is time-consuming work to translate existing materials.Infrastructure
The last main theme that we saw was about the technical and venue needs. This ranged from funding for space to hold GTDs, having a standard way to get students set up with a local environment, and having a regular way to collect feedback on events, and be able to share that information.
While the GTD Working Group certainly can't tackle all of these things, this gives a good starting point for the biggest pain points that the community can address to accelerate GTDs and the adoption of Drupal. If there are particular topics or initiatives in here that you would like to help with, please reach out to the working group to get connected with others and see what resources are available to help.
Let me guess: it's for “luring” online visitors that you've built your Drupal site! For attracting traffic, which would then turn into leads/retail sales/customers... you name it. Yet, without an efficient web analytics service, you're just firing at the target... blindfolded. And so, why not go for the best? Especially since it's free and there's even a dedicated Drupal module streamlining... everything. Here's how you integrate Google Analytics into your Drupal site.
Who are your visitors? Where do they come from? And what do they do precisely during their visits on your Drupal site? How long are their visits? What content on your site do they linger on and what content do they “stubbornly” ignore? Needless to say that for getting your answers to all these questions you need to set up Google Analytics on your website.
A lot of Drop Guard users faced their first Highly Critical SA-CORE-2018-002 update within the PSA-2018-001 release last week. We interviewed a bunch of them and want to share Drop Guard’s performance with you. This means that we will share its achievements, its flaws and its “should have performed better”.
Until today, Drop Guard performed 7370 updates for Drupal agencies and their clients all around the globe.Drupal 8 Drupal Drupal Community Drupal Planet Security Update
We're trying something new this year at Drupalcon 2018! Book some time with a myDropWizard "Support Wizard" for some FREE help with your Drupal site!
You're a first time Drupalcon attendee? You're a veteran Drupaler? Either way, you made part of your Drupalcon mission to fix a lingering issue - or at least to be pointed in the right direction!
We're here to help!
We spend our days helping Drupalers just like you every day with their support needs, so we thought "Let's bring that myDropWizard Support Face-to-Face with Drupalers: FOR FREE!"
So, drop by Booth #818 or (better yet!) schedule with us below!
If you have a Drupal site and this is the first time you hear about the critical vulnerability published on March 28 2018 read the two last chapters immediately.
During the last week in the Drupal community around the world there has been a hustle about the security hole which was named DrupalGeddon2  . This vulnerability was "highly critical" and got many people scared - unnecessary. This post tries to explain when the vulnerability will become a problem? When the vulnerability is actually not a problem and how to handle the situation right.DrupalGeddon DrupalGeddon2 tietoturva Planet Drupal
Yesterday a highly critical security issue in Drupal was released. The issue itself is considered critical, because, the way we understood, it makes it possible to execute code as an anonymous user. This could lead to a complete hack of your site and complete exposure of your content - or, worse, if your webserver is badly configured, a full-scale hostile takeover of your server. (More background info available here and here.)
The issue was announced to the Drupal community a week early, so our Dropsolid team had plenty of time to anticipate and prepare. Currently, Dropsolid serves 482 unique and active projects, which contain on average three environments. To be more precise, this gave us a whopping 1316 active Drupal installations to patch. These environments are located on 65 different servers. 45 of those servers are out of our hands and are managed by other hosting companies, such as Combell or even dedicated hardware on site with the customer. At Dropsolid we prefer to host the websites within our own control, but to the Dropsolid Platform this ultimately makes no difference. For some customers we also collaborate with Acquia - these clients are taken care of by Acquia’s golden glove service.
So, back to preparing to patch all the different Drupal installations. We would be lying if we said that all Drupal installs were running on the latest and greatest, so we used Ansible and the Dropsolid Platform to gather all the necessary data and perform a so-called dry run. This was a real-world test across all our installations to verify if we could pass on a patch and then deploy it as soon as we have confirmed that the patch works for all the versions that we have available on our Dropsolid Platform. For example, it verified if the patch tool is available on the server, it injected a text file that we then patched to make sure the flow of patching a Drupal installation would go smoothly, etc. Obviously we detected some hiccups as we were testing, but we were left with enough time to resolve all issues in advance.
Throughout the evening, we had plenty of engineers on stand-by, ready to jump in should something in the automated process go wrong. The entire rollout took us about 2 hours - from the release of the patch over verifying the patch on all the different Drupal releases to rolling it out on all sites and, finally, relax with a few beers. This doesn't mean we had it easy. We had to work a lot, but a lot of hours just to make sure we could handle this load in this amount of time. That is why we are continuously building on our Dropsolid Platform.
Those who joined our hangout could bear witness to exactly how comfortable and relaxed our engineers were feeling during the rollout.
You might ask, joined our hangout? What are we on about exactly? Well, since the Drupal community was in this together, I suggested on Twitter to all join in together and at least make it a fun time.
A few nice things that happened during this hangout:
- Someone played live ukelele for us while we waited
- Someone posted a fake patch and made everyone anxious, but at least it was a good test!
- People were able to watch Dropsolid in total transparency how we coped with this patch and were also able to interact and talk to others in the hangout.
It made the whole evening a fun activity, as witnessed by Baddy Sonja.
Obviously this couldn’t have happened without the help of our great engineers at Dropsolid - and also because we invest a lot of our R&D time into the development of the Dropsolid Platform, so we can do the same exercise times 10 or times 100 without any extra human effort. Thanks to the Drupal security team for the good care and the warning ahead of time. It made a tremendous difference!
All our Dropsolid customers can rest assured that we have their backs, all the time!
If you are not a Dropsolid customer yet and you are interested to see how we can help you make your digital business easy, we’d be more than happy to talk. If you are running a Drupal site and need help with your updates or with your processes, we’d be glad to to help out and onboard you onto our Dropsolid Platform. You can keep your server contract while benefiting from our digital governance and expertise. Are you in charge of many many digital assets and feeling the pain? Maybe it’s time you can start doing the fun things again - just have a chat with us!