In light of the recent COVID-19 pandemic - OPTASY would like to offer DRUPAL website support for any Health Care, Government, Education and Non-Profit Organization(s) with critical crisis communication websites or organizations directly providing relief. Stay Safe and Stay Well.

7 Common Drupal Mistakes That You're Probably Making On Your Website

7 Common Drupal Mistakes That You're Probably Making On Your Website

by Adrian Ababei on Oct 30 2017

Imagine your Drupal site as a... patient who has received the wrong diet (or who simply hasn't been told that he should stick to a special diet in the first place) and all the wrong medication, as well. A silly metaphor for the most common Drupal mistakes that you might have been making on your website.

... and whom (your website “patient”) you're now striving to train for the Olympics, meaning to boost its overall performance. 

It's not going to work unless you “detect” those common issues deriving from improperly handling your site and from deviating from Drupal's best practices. And not before you get them fixed, obviously.

And how can you know for sure whether you are making these “popular” mistakes on your Drupal website?

Easy! You just give an honest answer to each one of the 7 questions from our little “investigation” here below.

Ready?

 

1. Have You Been Ignoring the Drupal Updates?

Just admit it! 

And then try counting how many times you placed the Drupal Core and Contrib Drupal Security Advisory at the very end of your priority list. Or just how many times you ran the suggested upgrades selectively?

The more time has passed since you stuck to this “bad habit”, the more vulnerable your Drupal site's become. 

This is, undoubtedly, one of the common Drupal mistakes and the “ultimate” source of the most security threats.

Note: For instance, if it's an unacceptably long period of time that we're talking about since you stopped maintaining your website properly (if it runs on a version older than Drupal Core 7.32), then it stands all the chances to have turned into an easy target for Drupageddon attacks.

 

2. Are There Any Unused Modules Left to Linger On Your Drupal Site?

 

  • bogged down site performance (with your way too large database as a “culprit”)
  • high impact security issues
  • unnecessary overhead

     

This is precisely what you get when you're being negligent in managing your unused modules (or themes).

Those modules that maybe you just installed and took out for a quick spin, fascinated with their much-talked-about functionality, and that you no longer use. Yet you just leave them... be. And weight down your database with an unnecessary load of source code.

Some of them might be lingering there since... your site's early days. Think of all the developer and administration modules (e.g. Devel or View UI) which shouldn't be overburdening the production version of your website.

Yet, they still do!

They're just being tolerated and gradually turning themselves into some major security issues if no one in your team deals with Security Advisories regularly.

The solution to this issue, that can easily make it to top 3 most common Drupal mistakes, is as clear as daylight: uninstall all the modules and themes that you're no longer using! Don't just bundle up unnecessary overhead.

And while the solution is ridiculously handy, the benefits are definitely worth the time and “effort”:

 

  1. improved file system
  2. instantly boosted site performance

     

3. Is The PHP Filter Module Enabled? One of the Most Common Drupal Mistakes

Just skip this question if it's a Drupal 8 website that you own. For this specific module has been (thank God!) removed from Drupal 8 core.

Now, getting back to the PHP Filter module, which many site owners decide to enable (like you, probably), here's why you should rush to... uninstall it:

 

  • practically it's an invitation for all ill-intended users to easily run PHP code right there, on your website
  • once enabled, it's quite a challenge to.. disable it before you've reviewed your site's content thoroughly
  • and if you skip this step (the close reviewing of your site content), you risk displaying PHP code in plain text on your website (which could turn into a true security “crate” if not detected before you disable the module)

     

4. Are You 100% Sure the JS/CSS Aggregation Settings Have Been Correctly Configured?

If so, then the JavaScript and CSS files that Drupal renders in HTML can be easily bundled up and compressed.

But if not properly configured, your users' browsers will be forced to process far more requests in order to render your web pages' content. Which will inevitably impact your site's page load times.

 

5. Have You Managed to Avoid the Common “Overusing Roles” Pitfall?

Or not? Don't be too harsh on yourself if you have, indeed, “overused” the user roles system. It's, undoubtedly, one of the most common Drupal mistakes website owners make after all.

And what else could you have done when the default user roles that Drupal provided you with just didn't fit the specific permission levels you had in mind for your users, right?

You went ahead and created your own roles...

Unfortunately, these newly custom-made roles can easily:

 

  • lead to Drupal admins being forced to edit each and every user role separately whenever he/she has to update the permissions
  • cause “security craters” when not properly configured 
  • (overusing roles, along with their “collections” of permissions, can) impact your site's overall performance (particularly when you're striving to manage each and very set of permissions in their associated user roles)

     

6. Have You Configured The Full HTML Input Format for Your Most Trusted Users ONLY?

Or have you simply overlooked it entirely? Have you just disabled HTML filtering from the HTML Input Filter completely?

By configuring the Full Input Format for ALL your users, you're basically granting everyone permission to post HTML on your website. This way, you're just opening a gateway for any user to embed malicious code on your Drupal site.

Even a banal little thing such as an image tag can easily turn into an "injectable solution", a dangerous one, in the hands of an ill-intended user who can post HTML on your website just like that.

Now here's what you should do to avoid this scenario:

 

  • make sure that your filter is configured for some users ONLY and, even then, that you set only the specific set of tags they'll need to use
  • make sure your default and custom Input Filters are correctly configured so that they pose no security risks
  • scan your database through and through identifying any possible suspicious code that might have been injected already

     

7. Are You Weighting Down Your Database With Too Many (Unused) Content Types?

Do you need ALL the content types currently overcharging your database (considering the fact that three database tables get added to your database with every new content type that you bring on)? Are you actually using them all?

For, it not:

 

  • your database is unnecessarily overburdened
  • your content editors' workflow is unnecessarily complex due to the whole network of confusing content types that they need to tangle themselves up in

And now the solution to this issue, for certain one of the top most common Drupal mistakes:

Just run an inventory of all your content types, sort them into used and no longer used ones and... just "trim the fat"! Get rid of those that are just filling in space in your database!

This is our top 7 mistakes that you, too, are probably making on your Drupal site (even if not all of them).

Now that we've exposed them to you we can't but end our post with a conclusion/piece of advice:

The handiest way to optimize your website's performance is by preventing performance issues to occur, in the first place. Now that you have them “brought to light” it should be easier, with a little bit of effort, to avoid them, shouldn't it?

Development

We do Web development

Go to our Web development page!

Visit page!

Recommended Stories

10 Best Headless CMS in 2020, That Cover Most of Your Requirements (Part 1)
Overwhelmed with options? Are you building your first (e-commerce) headless CMS and you don't know what headless CMS platform to choose?  What are the best headless CMS in 2020, so you can at least narrow down your choices and… start somewhere? Which system matches most of your feature requirements? Here's a top 10: 1. But First: What Is a Headless CMS, More Precisely? Relax, I won't bore you with too many details — we already have an in-depth post on the differences between headless and traditional CMS. So, if we were to sum up the concept in just a few words, we could say that: A headless content management system is an architecture where content is separated from the presentation layer (the client-side front-end). Meaning that you get to create, store, and edit "raw" content (with no design or layout) in the backend and deliver it wherever needed —wearable, mobile app, website — via API. In short, what you get in a headless architecture is: a database to store your content in a dashboard for editing your content Source: Zesty.io As for the "head" that serves your content to the end-user : you're free to build your own front-end, from the ground up … and even multiple front-ends, if needed, that will all use calls from the API to retrieve and display content 2. … Then What's a Decoupled CMS? Headless CMS vs decoupled CMS: what's the difference? And why headless over decoupled? The role that the API plays… That's what makes the difference (and why you'd want to go for a headless approach): If, in a decoupled architecture, the API plays the role of an intermediary between back-end and front end, in a headless architecture the API can be used by any of the front-end portions for pulling data. In other words, a decoupled CMS does come with a built-in front-end delivery layer, that you can rely on, but a headless approach is an API-driven content repository. Which gives you more flexibility for delivering content to any type of display layer. … to multiple "heads". You're free to distribute it wherever it needs to get displayed. 3. Why Choose a Headless CMS? Top 9 Benefits Before I "divulge" the best headless CMS in 2020 to you, here's a shortlist of the key advantages of using a headless CMS software: you get to engage your customers with personalized content across an entire network of digital channels, at different stages in their journey you can deliver richer digital experience, tailored to each channel you gain platform independence you're free to choose your technology of choice you benefit from cross-platform support you get to manage your content from a central location and distribute it to multiple platforms/IoT-connected devices, in a universal format you're free to manage all your platforms from one interface your development team gets to choose the development framework of their choice, integrate new technologies and, overall… innovate you're free to redesign as often as you need to, without the dread of re-implementing your entire CMS from the ground up     4. … And When Should You Use It? 5 Best Use Cases  How do you know for sure that you need to adopt this approach? You know it because your scenario describes one of the following use cases for headless CMS: you're building a site using a technology you're familiar with you're building a website with a static site generator you're building a JS-based website or web app you're building a native mobile app you're building an e-commerce site and you know that the commerce platform you're using won't… cut the mustard as a CMS; or you need to enrich product info in your online store 5. What Are the Best Headless CMS in 2020? Top 10 "Which CMS should I use?" you wonder. "The one that meets most of your requirements…" So, you should start by pining them down. What features are you looking for in a CMS? Maybe you need a system that should:   be straightforward and easy to use for the marketers/non-technical people in your team be built on… Node be highly customizable and editable for your content team to be able to change overlay text, logo, background video/image be simple to set up integrate easily with Gatsby support multi-site setups not be tied up to (just) one specific database provide ease of content entry and rich-text support provide a granular permission system provide native support for content types   What are the features that your project couldn't live without? Now, with that list of "mandatory" features at hand, drill down through your top headless CMS options in 2020: 5.1. Storyblok A purely headless CMS that ships with a visual editor, as well. Why would you go for Storyblok? What makes it one of the best headless CMS in 2020? it provides the experience of a page builder for all those non-technical users in your team: content editors get to manage content via a more user-friendly interface it grant your developers easy access to the APIs they need 5.2. Prismic Its major selling point? It allows you to choose your own language, framework, technology… And these are the 3 good reasons to go with Prismic as your headless CMS: it allows you to model your content schema and to add your content you're free to choose whatever framework that meets your feature needs: React, Vue, Next, Nuxt, Node, Gatsby… you're free to choose either GraphQL or RESTful API to query content 5.3. Drupal 8 Headless CMS   Another great option is to exploit Drupal's headless capabilities and pair them with the JavaScript framework of your choice. Here are some of the best reasons why you'd use a Drupal 8 API-first architecture: Drupal's a mature and enterprise-level headless solution; backed by a wide community, used by more than 1 million sites globally, you get to tap into its massive module collection and even create your own custom ones to extend your website's functionality its JSON:API follows the JSON:API specification; developers in your team can start using the API even if they're not experts in working with Drupal you get to load your GraphQl schemas straight from your Drupal content repository; there's a specialized module for this: the GraphQL module you get to use all of  Drupal's famed features (granular access to content, processes, workflows, modules etc.) right away; you get them out-of-the-box, since the REST API is… rooted deep into Drupal 5.4. Strapi, One of the Best headless CMS for Gatsby. It's an open-source Node.js headless CMS, a "host it yourself" one, that allows you to build Node.js apps in… minutes. Why would you use it? because it generates available RESTful API or use GraphQL shortly after installation, making data available via customizable API because it allows your developers to invest all their resources in writing reusable app logic (instead of having to use some of that time to build an infrastructure) because it's fully JavaScript because it supports plugins that extend the platform's functionality because it's open-source: you'll find the entire codebase on GitHub  5.5. Contentful  Looking for a platform-agnostic solution? A… content delivery network that would enable your development team to manage and distribute (and reuse) content to multiple channels? Then this is the API-driven headless CMS you're looking for. Here are 6 other reasons why you'd want to put Contentful on your shortlist: consistent APIs easy to set up you're free to create your own models easy to use: ships with a robust, non-technical, user friendly UI you get to add custom plugins quick and easy you get to set your own schemas to get displayed the way you want them to, across different apps Good to know! There's even a Shopify extension available. What it does is connect your online store to your content, stored in Contentful. And if you'll need help with building, fine-tuning, and integrating your content hub, we're ready to tweak Contentful to your needs.    END of Part 1! Stay tuned, for there are 5 more candidates for the title of "the best headless CMS in 2020".  Image by Couleur from Pixabay ... Read more
Adriana Cacoveanu / Sep 25'2020
Drupal 9 Modules Readiness: How Hard Is It to Find Compatible Modules and Build a Website in Drupal 9?
Is it (still) too early to give Drupal 9 a try? To start fresh and build a website from scratch in the latest version of Drupal? Should you stick to Drupal 8 for... a little longer and upgrade later? How difficult will it be for you to find compatible Drupal 9 modules (and themes)? Let's find out: 1. But First: Why Drupal 9? What are the biggest benefits of Drupal 9 over Drupal 8? Why would you choose precisely this version of Drupal to build your new website with? because of the automated updates that it makes possible because of the headless support that it ships with because of the robust multilingual capabilities because of the improved performance: your web pages will load faster thanks to the BigPipe technology because it removes a lot of the legacy code because of its layout features because of its extensibility: you get to incorporated third-party systems quick and easy because of its media library and robust media functionality because of the new, Twig-based theme engine because it's easier to use: you can make the most of its in-place editing (CKEditor) And particularly because there will be no more major re-builds (aka "major pains to upgrade"). Instead, a set of new features gets released every 6 months, including new improvements and additions to be incorporated seamlessly into your Drupal 9 build. 2. Most Drupal 9 Modules Don't Change at All So, stay assured: you won't be having a hard time finding compatible modules for your new Drupal 9 website. Many of the modules on Drupal.org have been, are being made, and will be made compatible with Drupal 9. There's a collective effort coming from the Drupal community in this direction. And where do you add that the process is pretty straightforward:  Same code, but without the deprecated APIs. 3. But What About Those that Do Need Changes? For there have been changes under Drupal 9's hood. Changes in coding with a direct impact on some modules and APIs. Which means that some modules have turned from Drupal core modules to... outside dependencies: this is good news, considering the performance gains you get but also a challenge if you were relying precisely on those modules for your Drupal 9 website Luckily, you have at least 2 helpful tools at hand that you can use to: identify the Drupal modules that still need to get updated apply the fixes needed to make those modules compatible with Drupal 9 3.1. The Upgrade Status Module Why use it? Because it offers you a view of all that has been changed in Drupal.  Source: Drupal.org You have links to the modules' pages there, that you can access to review those changes. 3.2. The Upgrade Rector Module The great thing about this tool is that it provides you with automated code fix suggestions to help you make your target modules Drupal 9 compatible. Source: Drupal.org 4. Some Module Get Removed from Drupal 9 Now, there are a few Drupal modules that didn't get the chance to grow into Drupal 9 modules. And I'm talking here about: Simple Test, that's now replaced by PHPUnit Place Blocks, now replaced by the Layout Builder  As you can see, in both cases you get to use better alternatives. So, it's just a matter of favoring more powerful solutions. Good to know! Expect other modules and themes (i.e. the Classy theme, the Stable theme) to get deprecated and removed by the time we reach Drupal 10. 5. What About the Contributed Modules? What if you need more than the out-of-the-box Drupal 9 modules to build your new website? What if you depend on particular contributed modules? Or on... many contributed modules? Well, then things get a little more challenging... Because many of the contributed Drupal modules still need to be made compatible with Drupal 9. They need some time to catch up with the new version of Drupal. Take for instance: updating tests to PHPUnit or updating deprecated API usages. Now, what you can do is give a helping hand to accelerate the updating of these modules. And the steps/best practices to follow are pretty simple, as suggested in this guide on Drupal.org : use the patch referred to here, create an issue in the module project (first, make sure it doesn't exist already), and choose a title suggestive enough to let the maintainer know that it needs to be tested for Drupal 9 deprecations add an explanation for the signaled issue ... and follow all the other steps suggested in that Drupal.org guide. Tip! Ask that contributed module's maintainer how he/she would like to address the issues you're signaling. Because the guidelines available for Drupal core aren't always relevant for addressing contributed module issues, as well. The END! Now, assuming that: you only need a limited no. of contributed modules for your new Drupal 9 build it's not a heavily customized website that you're building ... how do you get it up and running in? We're here to help. Just drop us a line! We've been building Drupal websites since... Drupal 5. Image by Siggy Nowak from Pixabay   ... Read more
Adriana Cacoveanu / Aug 28'2020
5 tips to pass your Acquia Site Studio (Cohesion) Certification Exam
A few weeks ago, I had the chance to take the Acquia Site Studio (formerly Cohesion) Certification exam. In this post we are going to discuss why I took this exam and more importantly, how I passed it and became an Acquia Certified Site Studio Site Builder. Optasy and its commitment to quality through knowledge You already know that quality is part of the corporate culture of Optasy. For us quality is a key factor to protect our clients' investments and guarantee them a high ROI. But having a good QA department is not enough. Actually, it's often too late when the QA team detects an issue. At Optasy we prefer to ensure quality at the early stages of our projects, analyzing deeply the needs of our clients and transform them into effective digital experiences but we also know that the quality of the code we produce comes from the experience and the skills of our developers. That's why Optasy has an internal 'skill knowledge acquisition program' to help its employees (optasians) to acquire new skills or improve them. This program gives to each optasian one day off per month (paid by the company) to study a particular field. As a way to ensure knowledge acquisition and validation, optasians also receive paid leave to study and give their Acquia certification exams. This includes the exam cost too, that’s why many of the optasian developers are actually Acquia Certified developers or Acquia Certified site builders All things considered, it was a pretty easy choice for me to take the exam, not only do I get to improve my skills, but I get paid for it too! What are the Acquia certification programs? Acquia is a preferred Optasy partner that delivers a cloud-based digital experience platform built on Drupal that enables organizations to build experiences that scale. Acquia is committed to facilitating certification programs allowing developers to validate their Drupal skills year after year. Acquia certification exams are administered at Kryterion Testing Centers in more than 750 locations across the globe. Exams are also available as online-proctored tests and are often offered at DrupalCons across the world. What is Acquia Site Studio? Acquia Site Studio (formerly Cohesion) is a low-code solution for building and editing Drupal sites. As an Acquia partner, our team got the chance to become an early adopter of the technology.  Acquia Site Studio is a sort of layout builder on steroids without writing any line of code. Not only can you build layouts or templates, but also you can build whole websites from the headers to the footers, and everything in between, like components and widgets, just by using the interface. No code required! It's a kind of atomic design system (like Pattern Lab) where you can create and preview CSS style guides, components, template layouts, page layouts or view layout from a visual user interface with simple “drag and drop”. And all of this within your Drupal site! To be fair, Acquia Site Studio is an amazing tool allowing designers and marketers to create and modify any layout component without calling the development team. If you’re a designer with no coding knowledge you’ll be able to create totally unique layouts based on your designs using intuitive drag and drop layout builder. If you're an editor, you may choose the layout you want to use and add all the pre-designed components you wish. Want to add a slider or a 'Related Articles' block? You drag and drop it in your layout! 5 tips to successfully pass your Acquia Certified Site Studio exam As other Acquia Certification exams, the Certified Site Studio exam requires both experience and knowledge. Though the test is not difficult, it’s not something you want to run into unprepared. From my experience, the questions ranged from a very low to medium range of difficulty, there were barely any difficult questions. This exam validates your ability to: Understand the features and functionality provided by Site Studio Install and configure Site studio environment on new or existing websites. Build a website using Site Studio style builder, components and website structure design elements. The official description of this exam can be found on Acquia's certification overview page. But in short: The tests are all multiple choice. They don't require that you actually configure a Drupal site or write any code. They are available in person at a testing center, or at home by installing the exam software on your computer. The price was $155 (In my case, Optasy paid for the test) Get a good understanding of Drupal Layout Builder As I mentioned earlier, Acquia Site Studio is a Layout Builder on steroids and many concepts are the same, so having some experience with this Drupal module will help you a lot, like the inline editing tools or the concept of drawing element into the layout. This is not mandatory, but I felt really comfortable with Site Studio having this previous experience. Read carefully the contents of the exam On Acquia's certification overview page you'll find the blueprint of the exam like the following: But below it, you'll find the content itself. Read it carefully and repeatedly. This should be your guideline during your study. This will help you focus on what really matters but also to recap and structure your notes. Read and study the documentation While there are really good videos on the Acquia Academy site about Site Studio, watching all of them won't be enough. If you don't have prior experience with Site Studio, it's a good starting point. But it definitively won't give all the knowledge you need to pass the exam. Reading the documentation should sound obvious, but you'll really need to read and study all the documentation in depth. Don't leave anything behind cause the exam covers all the aspects of Site Studio, from the basics to more advanced topics. This will also give you the right vocabulary to understand the questions of the exam, since sometimes they can try to trick you changing just one word. So the technical vocabulary has an important role, and that's where the documentation comes into play. Write down some notes after reading each section. This will help you a lot during the recap! Train on the Acquia Site Studio demo environment You can request an online demo environment for free at the bottom of this page The main benefit is that you won't need an API key or an Agency key, so you can test Site Studio for free, the environment acts just like a normal Drupal website. and the site will be all yours to experiment on. This site will be your friend during your study, you should test everything you learned in the documentation here. Do it several times and try different cases. The night before the exam, after reading back your notes, try to build a site from scratch in this environment to recap all the main concepts. This is key! Don't forget the 'Miscellaneous concepts and features' part These three concepts are not placed in one section, they are dispersed in the documentation. Study and practice all of them because you'll have a question about each one. They are only three, it doesn’t sound like a lot but they are worth 15% of the exam! That is a quick and easy win! A bonus tip What really worked for me was to read a section, practice the concepts of this section in the demo environment, read again the same section and take some notes. The day after, read all the notes of the previous day, do the same 7 days later, reading back your notes and practicing again on the demo site. That way, 80% of what you studied will stay forever in your memory. Conclusions Acquia Certification Site Studio Site Builder can be a good way to validate your skills and knowledge There are barely any difficult questions Study all the documentation because the exam is based on it, but also because the exam will cover all of it. Practice a lot, recap a lot. ... Read more
Karim Boudjema / Aug 27'2020