In light of the recent COVID-19 pandemic - OPTASY would like to offer DRUPAL website support for any Healthcare, Government, Education and Non-Profit Organization(s) with critical crisis communication websites or organizations directly providing relief. Stay Safe and Stay Well.

7 Common Drupal Mistakes That You're Probably Making On Your Website
Drupal

7 Common Drupal Mistakes That You're Probably Making On Your Website

by Adrian Ababei on Oct 30 2017

Imagine your Drupal site as a... patient who has received the wrong diet (or who simply hasn't been told that he should stick to a special diet in the first place) and all the wrong medication, as well. A silly metaphor for the most common Drupal mistakes that you might have been making on your website.

... and whom (your website “patient”) you're now striving to train for the Olympics, meaning to boost its overall performance. 

It's not going to work unless you “detect” those common issues deriving from improperly handling your site and from deviating from Drupal's best practices. And not before you get them fixed, obviously.

And how can you know for sure whether you are making these “popular” mistakes on your Drupal website?

Easy! You just give an honest answer to each one of the 7 questions from our little “investigation” here below.

Ready?

 

1. Have You Been Ignoring the Drupal Updates?

Just admit it! 

And then try counting how many times you placed the Drupal Core and Contrib Drupal Security Advisory at the very end of your priority list. Or just how many times you ran the suggested upgrades selectively?

The more time has passed since you stuck to this “bad habit”, the more vulnerable your Drupal site's become. 

This is, undoubtedly, one of the common Drupal mistakes and the “ultimate” source of the most security threats.

Note: For instance, if it's an unacceptably long period of time that we're talking about since you stopped maintaining your website properly (if it runs on a version older than Drupal Core 7.32), then it stands all the chances to have turned into an easy target for Drupageddon attacks.

 

2. Are There Any Unused Modules Left to Linger On Your Drupal Site?

 

  • bogged down site performance (with your way too large database as a “culprit”)
  • high impact security issues
  • unnecessary overhead

     

This is precisely what you get when you're being negligent in managing your unused modules (or themes).

Those modules that maybe you just installed and took out for a quick spin, fascinated with their much-talked-about functionality, and that you no longer use. Yet you just leave them... be. And weight down your database with an unnecessary load of source code.

Some of them might be lingering there since... your site's early days. Think of all the developer and administration modules (e.g. Devel or View UI) which shouldn't be overburdening the production version of your website.

Yet, they still do!

They're just being tolerated and gradually turning themselves into some major security issues if no one in your team deals with Security Advisories regularly.

The solution to this issue, that can easily make it to top 3 most common Drupal mistakes, is as clear as daylight: uninstall all the modules and themes that you're no longer using! Don't just bundle up unnecessary overhead.

And while the solution is ridiculously handy, the benefits are definitely worth the time and “effort”:

 

  1. improved file system
  2. instantly boosted site performance

     

3. Is The PHP Filter Module Enabled? One of the Most Common Drupal Mistakes

Just skip this question if it's a Drupal 8 website that you own. For this specific module has been (thank God!) removed from Drupal 8 core.

Now, getting back to the PHP Filter module, which many site owners decide to enable (like you, probably), here's why you should rush to... uninstall it:

 

  • practically it's an invitation for all ill-intended users to easily run PHP code right there, on your website
  • once enabled, it's quite a challenge to.. disable it before you've reviewed your site's content thoroughly
  • and if you skip this step (the close reviewing of your site content), you risk displaying PHP code in plain text on your website (which could turn into a true security “crate” if not detected before you disable the module)

     

4. Are You 100% Sure the JS/CSS Aggregation Settings Have Been Correctly Configured?

If so, then the JavaScript and CSS files that Drupal renders in HTML can be easily bundled up and compressed.

But if not properly configured, your users' browsers will be forced to process far more requests in order to render your web pages' content. Which will inevitably impact your site's page load times.

 

5. Have You Managed to Avoid the Common “Overusing Roles” Pitfall?

Or not? Don't be too harsh on yourself if you have, indeed, “overused” the user roles system. It's, undoubtedly, one of the most common Drupal mistakes website owners make after all.

And what else could you have done when the default user roles that Drupal provided you with just didn't fit the specific permission levels you had in mind for your users, right?

You went ahead and created your own roles...

Unfortunately, these newly custom-made roles can easily:

 

  • lead to Drupal admins being forced to edit each and every user role separately whenever he/she has to update the permissions
  • cause “security craters” when not properly configured 
  • (overusing roles, along with their “collections” of permissions, can) impact your site's overall performance (particularly when you're striving to manage each and very set of permissions in their associated user roles)

     

6. Have You Configured The Full HTML Input Format for Your Most Trusted Users ONLY?

Or have you simply overlooked it entirely? Have you just disabled HTML filtering from the HTML Input Filter completely?

By configuring the Full Input Format for ALL your users, you're basically granting everyone permission to post HTML on your website. This way, you're just opening a gateway for any user to embed malicious code on your Drupal site.

Even a banal little thing such as an image tag can easily turn into an "injectable solution", a dangerous one, in the hands of an ill-intended user who can post HTML on your website just like that.

Now here's what you should do to avoid this scenario:

 

  • make sure that your filter is configured for some users ONLY and, even then, that you set only the specific set of tags they'll need to use
  • make sure your default and custom Input Filters are correctly configured so that they pose no security risks
  • scan your database through and through identifying any possible suspicious code that might have been injected already

     

7. Are You Weighting Down Your Database With Too Many (Unused) Content Types?

Do you need ALL the content types currently overcharging your database (considering the fact that three database tables get added to your database with every new content type that you bring on)? Are you actually using them all?

For, it not:

 

  • your database is unnecessarily overburdened
  • your content editors' workflow is unnecessarily complex due to the whole network of confusing content types that they need to tangle themselves up in

And now the solution to this issue, for certain one of the top most common Drupal mistakes:

Just run an inventory of all your content types, sort them into used and no longer used ones and... just "trim the fat"! Get rid of those that are just filling in space in your database!

This is our top 7 mistakes that you, too, are probably making on your Drupal site (even if not all of them).

Now that we've exposed them to you we can't but end our post with a conclusion/piece of advice:

The handiest way to optimize your website's performance is by preventing performance issues to occur, in the first place. Now that you have them “brought to light” it should be easier, with a little bit of effort, to avoid them, shouldn't it?

Development

We do Web development

Go to our Web development page!

Visit page!

Recommended Stories

DrupalDrupal 8Tips
Everything You Should Know About Headless Drupal

Everything You Should Know About Headless Drupal

  Traditional Drupal websites use Drupal as the end-to-end solution for creating, storing, and displaying content to the end-user. Modern approaches leverage headless Drupal, where building and storing happen on Drupal, but displaying is not.  Headless Drupal approaches make Drupal the backend content repository and build the frontend in different technologies that communicate with Drupal through an API.    Why is the headless approach an effective one? Today, many companies opt for using headless Drupal solutions, and the reasons are not few. If you don't want to sacrifice the user experience but still enjoy the powerful tools provided by Drupal, a headless approach might be the best fit.   Decoupled Drupal is known for its several benefits such as:   More channels to display content on In the hectic digital landscape, your marketing team knows that communicating with your customers on multiple channels is critical. The way companies use content management systems today has to do with their need to push content on various channels, thus increasing their digital presence.  If used properly, headless Drupal can be a source of content for various consumers. It provides content on the frontend site and serves content via API to be consumed on mobile devices, applications, or IoT. This gives great flexibility for headless Drupal users.    Meets the need for intuitive user experiences Bringing together Drupal with a frontend Javascript framework is a smart strategy for making the most out of Drupal's capabilities for content creation and data storage while at the same time create easy to use, fast frontend applications.  If you're thinking of choosing a headless Drupal approach for your next web development project, combining these two solutions will offer greater functionality—why not enjoy the power of Drupal's modules and the intuitiveness of a Javascript frontend application at the same time? You can really have the best of both worlds!   Technological reliance is widely spread This means you get to be more dynamic in managing frontend technologies without the need to re-architect large Drupal backends. From a developer's point of view, this is a real blessing.  Many businesses redesign their websites every few years, and separating the frontend from the backend makes it much easier to rebuild. This saves a lot of resources and reduces the expenses associated with rebuilding Drupal websites.    Drupal works best with a headless approach One of the reasons Drupal is often chosen for a headless project is because this CMS has most of the required functionality and API modules. As the Drupal community is committed to continuously make Drupal a reliable API-driven CMS, Drupal is known for efficiently serving and receiving content via APIs.    Microsite manager If you need to create multiple separate websites, a headless approach is the right way to do it. It's a lot easier to build one content engine such as Drupal and use it to deliver content to all microsites. As a result, you'll have all your content in one content hub, and you'll be able to create and close microsites when needed quickly.    What are the challenges associated with a headless approach? Before deciding to opt for headless Drupal development, you might want to consider these aspects:   A headless infrastructure is harder to manage than a traditional Drupal site Keep in mind that headless development can be complicated and complex, and you might need a professional developer or Drupal agency, like Optasy, to help you on the way.    Headless Drupal is more expensive You're likely to spend more resources with a headless approach as you now build two systems. The development process will take longer, and therefore the expenses associated with it will be higher.    You'll have to manage two teams Since headless Drupal requires two separate components, that means that you'll often have to manage two teams (backend and frontend). At this point, you want to ensure that you enable great collaboration and coordination between your teams as data models have to be agreed upon.    Higher maintenance costs As decoupled systems rely only on REST API, maintaining these systems to function properly requires intense testing. Compatibility issues when editing and making changes can arise between the two systems. What is more, security updates are required more often as there will be a need to patch more than one system.    How to decide If you're still torn between traditional Drupal projects and going for a headless approach, seeking advice from Drupal experts might be needed. At Optasy, we offer expert guidance based on your business needs so that you can get the most out of your next web development project.  Photo credit: Nubleson Fernandes on Unsplash.  ... Read more
Raluca Olariu / May 06'2021
DrupalDrupal 8
Pros and Cons for Drupal Web Development

Pros and Cons for Drupal Web Development

  When thinking about web development, there are usually three content management systems (CMSs) that come to mind: Drupal, WordPress, or Joomla. This article highlights the pros and cons of choosing Drupal for your web development project so that you can gain a broader perspective on your website building options.    Top Pros of Drupal Web Development   1. Drupal is very effective for building complex, highly customized websites. As a free, open-source CMS, Drupal offers excellent opportunities for companies of all sizes. It is probably the best choice on the market if your project involves creating a large and complex website with high customizing options.  Drupal also provides flexible content integration and taxonomies. You have the freedom to integrate many types of content into your site and group your content in any kind of configuration that you find is right for your business objectives.  One great advantage of Drupal that developers are pleased about is how easy it is to scale Drupal websites to match specific needs and traffic fluctuations.  As a Drupal user, you will also enjoy the multilingual functionality built in Drupal's core without installing any additional plugins.    2. Drupal has a large community of developers and users. Drupal's extensive online community is one of the greatest things about this CMS. You'll get free support regarding almost anything Drupal-related via documentation, support groups, user forums, and other resources. Another advantage of Drupal's community is that programmers and users regularly build new modules, plugins, or bug fixes that you can access for free.    3. Drupal is known as the most secure CMS.  Websites build with Drupal are less prone to hacking than other CMSs due to its strong emphasis on advanced security features. Drupal's built-in access control system allows users to create roles with special permissions.  Another way in which Drupal is focusing on security is by regularly posting and reviewing Drupal reports which are quickly worked on and updated.    Top Cons of Drupal Web Development   1. Drupal can be more complex than other CMSs. When starting your web development journey with Drupal, you have to be ready to read a lot of documentation. Your learning curve might be steep no matter if you're an expert developer or an amateur user so having a lot of patience at this point is a must. Also, Drupal might not be the most inspired decision if you're a total beginner as it requires some basic knowledge of HTML, CSS, and PHP.  Another obstacle in handling Drupal as a beginner or casual user is its interface. As it was built with professional web developers in mind, Drupal's interface is not very intuitive and user-friendly.    2. Drupal requires time and effort.  To install themes and modules that match your site's needs, you'll have to invest some time in research. Also, many Drupal modules need to be purchased so take into account that you'll probably have to invest some money for higher functionality.  As Drupal has many custom-coded themes, you'll probably need to hire a developer to create the theme that your website requires.  Drupal does not support backward compatibility, which means you can' perform legacy installations. This translates into you having to dedicate more time and work on additional upgrades.    3. If not optimized accordingly, Drupal can have performance issues.  Like all digital platforms, speed and accessibility are what sets the leading ones apart. Specific tools like a third-party module or plugin are designed to improve configuration and accelerate Drupal websites. However, this requires extra time and effort that you have to be willing to invest in your web development project.  Drupal's module compatibility sets this CMS apart from other similar platforms. Still, it's essential to keep in mind that if you're running multiple modules with their own code, you risk having the wrong combination in place. And a faulty combination of modules might lead to Drupal core crashes.    Conclusion Like all things on earth, Drupal has its advantages and disadvantages. If you're still unsure whether you should pick Drupal for your next web development project, contact Optasy for professional support. We are happy to provide all the necessary information so that you can rest assured that you have made the right decision for your business.     Image credit: Tumisu on Pixabay.   ... Read more
Raluca Olariu / Apr 29'2021
DrupalDrupal 8
What Are the Key Benefits of Drupal Commerce?

What Are the Key Benefits of Drupal Commerce?

  Custom eCommerce development is undergoing continuous changes. As this environment keeps transforming and evolving, different challenges arise, and businesses face new issues.  Building custom eCommerce functionality into your Drupal site can take up many resources, especially when it comes to scaling your website by adding more features and improving its functionality.    Top challenges of custom eCommerce systems   Let's have a look at some of the biggest challenges you may face with a custom eCommerce system.   Implementing new features can be a slow process. It's difficult to have a proactive mindset when working with custom development since everything you add to your site needs to be built. There are no frameworks or other time-saving options that could help you accelerate your workflow.  Not being able to integrate third-party platforms can be costly. Open-source solutions are a blessing when it comes to integrations. Whether it is a new payment system or a marketing tool, being able to quickly integrate third-party platforms is a must for any successful eCommerce website. When opting for custom development, the lack of underlying frameworks makes it harder, more expensive, and time-consuming to build any type of tool.  Sacrificing the front-end experience. As custom development is created mainly by developers, the design and presentation of a website rarely come as a priority. Building code and building design are different things, and not many developers are skilled at both. Unfortunately, missing the point when it comes to good UX and design might seriously affect your business performance, as customers expect top-notch front-end experiences today.  Not having a community. One of the best things about Drupal is its community. If your website is fully custom-made, everything you need, any issues you might run into can only be solved by your team of developers. All the community-made modules for extending your site's functionality are a great advantage offered by the Drupal community.  With the custom eCommerce development approach, you don't get to leverage that benefit.   Depending on an internal development team or agency. A company using custom development is tied to the original development team that has built its website. It's a real challenge to hire new developers when you don't have a predefined framework, and supporting them in learning how your eCommerce components were made can prove to be highly expensive.    Top benefits of Drupal Commerce    This Drupal-native eCommerce module is a popular choice among eCommerce businesses since 2011.  It is widely known for providing secure, scalable, SEO-friendly, and highly optimized Drupal frameworks that work for specific needs and business requirements.  Let's have a look at the key benefits that Drupal Commerce provides for online stores.   More straightforward setup and development. Drupal Commerce has out-of-the-box modules that don't require too much hassle to install.  Combines commerce and content. Being able to manage your content approach on your eCommerce platform easily is a must. With Drupal Commerce, you can handle complex content marketing strategies and build custom landing pages that keep your visitors engaged. Customization and scalability. Drupal eCommerce's architecture can be highly customized for specific business needs. However, all its extensions follow a general standard, making it easier for developers to handle the software more efficiently. Drupal eCommerce can also scale to meet the demands of all-sized businesses.  Third-party integration. One great benefit of Drupal is that its modules were built with integration in mind. Interaction with third-party tools like payment gateways, analytics, or SEO is much easier and can be done quickly.  Community support. With Drupal, you can take advantage of a multitude of modules made by users from the community. If you need advice on anything related to Drupal, you have a community of highly skilled developers to answer you.   All things considered, whether you choose a custom eCommerce system or you opt-in for Drupal Commerce, you need a strong and reliable team of experts to have your back at all times. That team can be Optasy, an agency formed by Drupal experts with 10+ years of experience building and maintaining successful Drupal projects. Have a look at our services, and let's start your Drupal journey! Image credit: mohamed_hassan on Pixabay.     ... Read more
Raluca Olariu / Apr 26'2021

Need a new Project?

Dare us to shape and boost your idea(s)!

Start a Project

(416) 243-2431

Contact

(416) 243-2431

Toronto Downtown

First Canadian Place,
100 King St. W. Suite 5700, Toronto

Toronto West

2275 Upper Middle
Rd. E, Suite 101
Toronto

New York

1177 Avenue of the
Americas, 5th Floor,
New York