LATEST FROM OUR BLOG

Take your daily dose of (only) relevant news, useful tips and tricks and valuable how to's on using the latest web technologies shaping the digital landscape. We're here to do all the necessary information sifting for you, so you don't have to, to provide you with content that will help you anticipate the emerging trends about to influence the web.

Top 10 Drupal Security Best Practices: Effective and Easy to Implement
With popularity comes trouble... In this case here meaning: security vulnerabilities and risky over-exposure to cyber threats. And this can only mean that securing your website, that's running on the currently third most popular CMS in the world, calls for a set of Drupal security best practices for you to adopt. And to stick to! There's no other way around it: a set of strategically chosen security measures, backed by a prevention-focused mindset, pave the shortest path to top security.    Stay assured: I've selected not just THE most effective best practices for you to consider adopting, but the easiest to implement ones, as well. Quick note: before I go on and knee-deep into this Drupal security checklist, I feel like highlighting that:   Drupal still has a low vulnerability percentage rate compared to its market share the majority of Drupal's vulnerabilities (46%) are generated by cross-site scripting (XSS)   And now, here are the tips, techniques, and resources for you to tap into and harden your Drupal site's security shield with.   1. The Proper Configuration Is Required to Secure Your Drupal Database  Consider enforcing some security measures at your Drupal database level, as well. It won't take you more than a few minutes and the security dangers that you'll be safeguarding it from are massive. Here are some basic, yet effective measures you could implement:   go for a different table prefix; this will only make it trickier for an intruder to track it down, thus preventing possible SQL injection attacks change its name to a less obvious, harder to guess one   Note: for changing your table prefix you can either navigate to phpMyAdmin, if you already have your Drupal site installed, or do it right on the setup screen (if it's just now that you're installing your website).   2. Always Run The Latest Version of Drupal on Your Website And this is the least you could do, with a significant negative impact on your Drupal site if you undermine its importance. If you neglect your updating routine. Do keep in mind that:   it's older versions of Drupal that hackers usually target (since they're more vulnerable) the regularly released updates are precisely those bug fixes and new security hardening features that are crucial for patching your site's vulnerabilities.   Why should you leave it recklessly exposed? Running on an outdated Drupal version, packed with untrusted Drupal modules and themes? Especially since keeping it up to date means nothing more than integrating 2 basic Drupal security best practices into your site securing “routine”:   always download your themes and modules from the Drupal repository (or well-known companies) regularly check if there are any new updates for you to install: “Reports” → “Available Updates”→“Check manually”      3. Make a Habit of Backing Up Your Website And here's another one of those underrated and too often neglected Drupal security best practices! Why should you wait for a ransomware attack and realize its true importance... “the hard way”? Instead, make a habit of regularly backing up your website since, as already mentioned: There's no such thing as perfection when it comes to securing a Drupal site, there's only a hierarchy of different “security levels” that you can activate on your site And backing up your site, constantly, sure stands for one of the most effective measures you could apply for hardening your Drupal website. Now, here's how you do it:   make use of Pantheon's “one-click backup” functionality test your updates locally using MAMP or XAMPP or another “kindred” software harness the Backup and Migrate module's power, currently available only for Drupal 7 export your MySQL database and back up your files “the old way”... manually   There, now you can stay assured that, if/when trouble strikes, you always have your backup(s) to retrieve your data from and get back “on your feet” in no time!   4. Block Those Bots That You're Unwillingly Sharing Your Bandwidth With No need to get all “altruist” when it comes to your bandwidth! And to share it with all kinds of scrappers, bad bots, crawlers. Instead, consider blocking their access to your bandwidth right from your server. Here's how: Add the following code to your .htacces file and block multiple user-agent files at once: RewriteEngine On RewriteCond %{HTTP_USER_AGENT} ^.*(agent1|Wget|Catall Spider).*$ [NC] RewriteRule .* - [F,L] Or use the BrowserMatchNoCase directive as follows: BrowserMatchNoCase “agent1” bots BrowserMatchNoCase "Wget" bots BrowserMatchNoCase "Catall Spider" bots Order Allow,Deny Allow from ALL Deny from env=bots Use the KeyCDN feature for preventing those malicious bots from stealing your bandwidth! 5. Use Strong Passwords Only: One of the Easiest to Implement Drupal Security Best Practices More often than not “easy” doesn't mean “less efficient”.  And in this particular case here, simply opting for a strong username (smarter than the standard “admin”) and password can make the difference between a vulnerable and a hard-to-hack Drupal site. For this, just: Manually change your credentials right from your admin dashboard:  “People” → “Edit”→ “Username” while relying on a strong password-generating program ( KeePassX or KeePass)    6. Use an SSL Certificate: Secure All Sensitive Data and Login Credentials Would you knowingly risk your users' sensitive data? Their card information let's say, if it's an e-commerce Drupal site that you own? And how about your login credentials? For this is what you'd be doing if — though you do recognize the importance of using an SSL certificate —  you'd still put this measure at the back of your list of Drupal security best practices. In other words, running your site on HTTPs (preferably on HTTP/2, considering all the performance benefits that it comes packaged with) you'll be:   encrypting all sensitive data that's being passed on, back and forth, between the server and the client encrypting login credentials, instead of just letting them get sent, in crystal-clear text, over the internet.   7. Use Drupal Security Modules to Harden Your Site's Shield For they sure make your most reliable allies when it comes to tracking down loopholes in your site's code or preventing brutal cyber attacks. From:   scanning vulnerabilities to monitoring DNS changes blocking malicious networks identifying the files where changes have been applied   … and so on, these Drupal modules will be “in charge” of every single aspect of your site's security strategy. And supercharging your site with some of the most powerful Drupal security modules is, again, the easiest, yet most effective measure you could possibly enforce. Now speaking of these powerful modules, here's a short selection of the “must-have” ones:   Password Policy: enables you to enforce certain rules when it comes to setting up new passwords (you even get to define the frequency of password changes) Coder : runs in-depth checks, setting your code against Drupal's best practices and coding standards Automated Logout: as an admin, you get to define the time limit for a user's session; he/she will get automatically logged out when the time expires SpamSpan Filter: enables you to obfuscate email addresses, thus preventing spambots from “stealing” them Login Security: deny access by ID address and limit the number of login attempts Content Access: grant permission to certain content types by user roles and authors Hacked!: provides an easy way for you to check whether any new changes have been applied to Drupal core/themes Security Review Module: it will check your website for those easy-to-make mistakes that could easily turn into security vulnerabilities; here's a preview of this module “at work”     8. Implement HTTP Security Headers Another one of those too-easy-to-implement, yet highly effective Drupal security best practices to add to your Drupal security checklist: Implementing (and updating) HTTP security headers “Why bother?” Cause:   first of all, their implementation requires nothing more than a configuration change at the web server level their key role is letting the browsers know just how to handle your site's content … thus reducing the risk of security vulnerabilities and brute force attacks   9. Properly Secure File Permissions Ensure that your file permissions for:   opening reading modifying them   … aren't too dangerously loose. Since such negligence could easily turn into an invitation for “evil-minded” intruders!  And it's on Drupal.org's dedicated page that you can find more valuable info on this apparently insignificant, yet extremely effective security measure    10. Restrict Access To Critical Files  Told you this was going to be a list of exclusively easy-to-implement Drupal security best practices. Blocking access to sensitive files on your website (the upgrade.php file, the install.php file, the authorize.php file etc.) won't take you more than a few minutes. But the danger you'd avoid — having a malicious intruder risking to access core files on your Drupal site — is way too significant to overlook.   END of the list! These are probably the easiest steps to take for securing your Drupal site. How does your own list of Drupal security tips, techniques, and resources to tap into look like? ... Read more
RADU SIMILEANU / Apr 06'2018
How to Set Up Google Analytics on Your Drupal Site: A Dead-Simple Step-by-Step Guide
Who are your visitors? Where do they come from? And what do they do precisely during their visits on your Drupal site? How long are their visits? What content on your site do they linger on and what content do they “stubbornly” ignore? Needless to say that for getting your answers to all these questions you need to set up Google Analytics on your website. Since: “This data--aka analytics--is the lifeblood of the digital marketer.” (Jeffrey Mcguire, Acquia, Inc. Evangelist) The good news is that integrating it is nothing but a quick and simple 3-step process. And the great news is that: Drupal's got you covered with its dedicated Google Analytics module, geared at simplifying the otherwise tedious and time-consuming process. So, shall we dive into the installation guide?   1. But First: Why Web Analytics? And Why Precisely Google Analytics? In an UX-dominated digital reality, that takes personalization to a whole new level, user behavior data turns into... superpower. And by “user behavior data”, I do mean web analytics. Therefore, injecting a web analytics service into your Drupal site is like... injecting true power into its “veins”. But why precisely Google Analytics? Why set up Google Analytics on your Drupal site instead of another web analytics tracking tool? Is its popularity a strong enough reason for you to jump on the trend? To answer your question, I do think that its own key features make the best answers:   audience demographic reporting: discover where your site visitors come from, their native languages, the devices and operating systems they use for accessing your website... goal tracking: monitor conversion rates, downloads, sales and pretty much all stats showing how close (or far) you are to reaching the goals that you've set for your website acquisition reporting: identify your site's traffic sources; where do your visitors come from exactly? on-site reporting: gain a deep insight into the way visitors engage with specific pieces of content on your website, so you know how to adjust the experience your deliver them on your site/app to their specific needs  event-tracking: tap into this feature for measuring all activities carried out on your Drupal site   And the list of features could go on and on. Providing you with a high-level dashboard and enabling you to go as deep as you need to with your “data digging”. For Google Analytics is only as powerful as you “allow” it to be. It empowers you to dig up both surface and “in-depth data”. Moreover (or better said: “thanks to...”), being such a feature-rich tracking tool, Google Analytics's highly versatile, too. From email marketing to social media marketing, to any type of marketing campaign that you plan to launch, it's built to fit in just perfectly. To power all forms of marketing strategies. And where do you add that it's been a while now since we've been having Google Analytics for mobile apps and the Google Analytics 360 suite, too! 2 more powerful GA tools to add to your web analytics “tracking arsenal”.   2. The Drupal Google Analytics Module and How It Will Make Your Life (So Much) Easier Let me try a lucky guess:  Your Drupal site has... X pages (have I guessed it?) The “standard” way to add Google Analytics to your Drupal site would involve: Copying the tracking ID that Google Analytics provides you with and pasting it on each and every page on your website. A hair-pulling monotonous and time-consuming process, don't you think? And it starts to look even more cumbersome if you think that you have the alternative to set up Google Analytics on your Drupal site using the dedicated module. But how does it streamline... everything more exactly?  You'll just need to paste that Google Analytics javascript snippet for tracking data right to this module's Configuration page and... that's it! The module will take it from there! It will distribute it itself to all the pages on your website. Less effort, less time wasted for carrying out in a tedious and repetitive activity. And more time left for customizing all those statistics features to perfectly suit your goals and your site's needs. Luckily enough, the Drupal Google Analytics module puts an admin-friendly UI at your disposal precisely for that:   use it to track down key data  use it for tailoring your web analytics-tracking activity to your needs: by user role, by pages etc.   3. Set Up Google Analytics on Your Drupal Site In Just 3 Simple Steps  As promised, here's a “dead-simple 3-step guide on how to add Google Analytics to your Drupal site (“leveraging the power of the dedicated Drupal module here included”)   Step 1 The very first thing you'll need to do is sign up for a Google Analytics account if you don't have one already. And then to add your Drupal site (obviously!). And here are the quick steps to take:   go to www.google.com/analytics hit “sign in” (you'll find it in the top right corner) and select “Google Analytics” from the unfolding drop-down menu click “Sign Up” and just follow the given steps for setting up your new account next, follow the instructions for setting up web tracking   Now you should be able to see your Drupal site displayed under your account, on your admin page in Google Analytics. And it's now that you should be able to retrieve your site's “Tracking ID”, as well. You'll find it in the “Property Setting” section.   Step 2 The next major step to take as you set up Google Analytics on your Drupal site is to actually go back to your site and... install THE module itself. Since I've already praised its “superpowers” and how they “conspire” to make your life easier, I'm not going to point them out once again. Instead, I'll go straight to the steps to take once you've enabled the module on your website:   access its configuration page (you'll find the “Configuration” tab on top of the page, “flanked by” the “Modules” and the “Reports” tabs) there, right under the “General Setting” section, just enter your “Web Property ID” … which is precisely the Google Analytics tracking code that you've just retrieved at Step 1   And this is precisely the “magic trick” that's going to add the Google Analytics tracking system site-wide. A monotonous, multiple-step process turned into a one-step operation. This thanks to the Drupal Google Analytics module!   Step 3 Here you are now, ready to save your settings and to officially harness the power of Google Analytics on your website! Normally you should be just fine with the default settings that the service provides you with, right out-of-the-box. Yet, if you need to “refine” your searches, your entire tracking activity, feel free to do that. To explore all the options stored in the “Tracking Scope” tabs for you. Speaking of which, let me give you just a few examples of how deep you could narrow down your “investigations” and customize the modules:   roles: a setting which lets you define which user roles to track (and which roles the system should ignore) domains: indicate whether it's a single or multiple domains that you need monitoring privacy: it enables you to make visitors' IP addresses anonymous pages: indicate precisely which pages on your website you need to track messages: track and monitor the messages displayed to your site visitors search and advertising: keep track of your internal site searches and AdSense advertisements; do keep in mind, though, that some additional settings might be needed!   And... more! You actually get even more power for configuring your JavaScript setting and adding custom variables. The END! This is how you set up Google Analytics on your Drupal site in 3 dead-simple steps, a streamlined process powered by the dedicated Drupal module. ... Read more
Adriana Cacoveanu / Apr 05'2018
From Drush Clear Cache to... Rebuilding Cache in Drupal 8: What's the Difference?
The Earth is round, a buttered toast will always fall butter-side down and doing clear cache is every Drupal developer's best practice, these are all globally-accepted truths! And speaking of the latter, when you discover that the familiar Drush clear cache technique is no longer universally unique you wonder: why the change? Why go from clear-cache, to... actually rebuilding cache, starting with Drupal 8? What's the catch? This new way to clear Drupal cache must be stemming from a certain limitation that earlier versions of Drupal presented: Partially completed cache-clearing operations threatening to grow into fatal errors. And now, let's dig into more details on:   clear Drupal cache: why & when the 4 methods for clearing your cache in Drupal Drush clear cache vs rebuilding cache: differences, the initiative behind this change, main benefits to expect    So, shall we proceed?   Clearing Your Drupal Cache: Why Bother? And When? First of all, here's the “motivation” that drives Drupal to create a cache in the first place: Each time a Drupal site has to render a certain web page, it is “forced” to perform specific database queries; and since all these queries have a negative impact on the overall page loading time, Drupal “decides” to store these web pages, once it will have rendered them, in a cache for later (streamlined) reference. OK, now that we've settled this whole “cause and effect” process, let's see why and when you should clear cache on your Drupal site:   when you're troubleshooting problems on your website; clear Drupal cache before you undertake any debugging, since this might just confirm to you that the “alerting issue” was nothing but a bad cache entry whenever you want Drupal to quickly record all the updates that you will have performed via the UI, all the changes you will have applied to your code when you're moving your website to a new host when you're installing a new theme or module on your Drupal site; just another scenario when Drush clear cache should be the very first step to take while you're troubleshooting   In a few words: clearing your cache might just be one of the most frequent actions you'll take while working (or simply maintaining) on a Drupal site.  And in many cases, the one that will “save the day”, without the need to apply other more complex techniques from your “arsenal”.   4 Different Methods to Clear Drupal's Cache  For there are several ways for you to clear your Drupal site's cache. Just go with the one that best suits your work style:   1. The Easy Way: Clear the Drupal Cache From the User Interface  By far the handiest (and some might say “the less-efficient”, too) method to clear Drupal cache is via the UI:   just go to Administration>Configuration>Development>Performance  and hit the “Clear all caches” button   It won't be long till Drupal displays the “Caches cleared” message for you! And that's it! 2. Drush Clear Cache (Drupal 7) or Drush Cache-Rebuild (Drupal 8) And now, the second method in your “arsenal”: the clear Drupal cache command line one! A two-way method, better said, which depends greatly on the version of Drupal on your website: 7 or 8? In this respect, here's the “magic command” to use for clearing your Drupal 7's cache: drush cache-clear all  or drush cc all Whereas in Drupal 8, this is the Drush command for tackling your cache: drush cache-rebuild or, alternatively, these 2 aliased commands: drush rebuild or drush cr And here I'm sure you can already tell which are the specific steps to take for handling your cache in Drupal 8 using Drush (still the most convenient way to do it):   first of all, you open a Terminal window and CD in your Drupal 8 website's root (a step that you can overlook if it's Drush aliases that you're using): next, your run your “magic formula”, your Drush command (“drush cache-rebuild” or “drush cr”) and wait for it to complete its task before going back to your website and finally, you just reload the page you were on, in your web browser   3. Run the /core/rebuild.php file for Clearing Your Drupal 8 Site's Cache  Among all the improvements that Drupal 8 “lures” us in with (built-in WYSIWYG, a Twig templating system and so on), there's the /core/rebuild.php file standing out! And “promising” us to streamline our frequent (and time-consuming) cache tackling tasks that we need to carry out during development: The Drupal 8 site in question doesn't even have to be working and the whole process doesn't require Drupal Console or Drush either! How about that? The one and only requirement (for there still is one) is that your site's configuration supports it.  And how can you check whether your site's config accepts this functionality? Well, there 2 methods at your disposal:   in case you're working locally, just ensure that $settings['rebuild_access'] = TRUE; in your settings.php (settings.local.php) or run this script in your command line: /core/scripts/rebuild_token_calculator.sh; then just use the results there as query parameters for /core/rebuild.php (https://goo.gl/qTrJ9d)   And voila! This “trick” will rebuild all cache without even requiring for the Drupal 8 site itself to be working during the whole process!  Which makes it the perfect “plan B”, whenever you don't have Drupal Console or Drush installed where you're working! The only condition is that your websites' configuration supports this functionality!   4. In the Database: Truncate all Tables Starting With “cache_” Spoiler alert: by “truncate” I do mean emptying, not removing! The fourth method to clear Drupal cache involves clearing all the data from the cache-related tables in your database. Meaning all the tables starting with “cache_”. For this, you just go over to your phpMyAdmin, select all the cache_* table and then click “Truncate” in the “with selected” drop-down menu placed at the bottom of the page: TRUNCATE cache_config; TRUNCATE cache_container; TRUNCATE cache_data; TRUNCATE cache_default; TRUNCATE cache_discovery; TRUNCATE cache_dynamic_page_cache; TRUNCATE cache_entity; TRUNCATE cache_menu; TRUNCATE cache_render; TRUNCATE cache_toolbar; As for the command line, feel free to scan through and then to tap into the valuable info that you'll find here: https://goo.gl/1b4otB here's another practical example: Let's say it's Sequel Pro — an SQL GUI app — that you're using. For truncating those specific tables, connect to the server, track down your site's database, have those specific “cache_” tables highlighted and just choose “Truncate tables”, from the drop-down menu! Also, in the above-mentioned “scenario” you could alternatively go to your PhPMyAdmin's SQL command field or MySQL CLI and run the above-mentioned command:   From Drush Clear Cache to Cache Rebuilding in Drupal 8: Why the Change? Here's the challenge that the conventional Drush clear cache (or “drush cc all”) used to make us deal with: Drupal's using caching intensively and therefore, it implicitely creates lots of inter-dependencies. Only partially flushing this heavy load of caches used to pose some major risks for any website. This is where the “cache-rebuild” method stepped in, starting with Drupal 8! It practically rebuilds (re-bootstraps) the whole Drupal site, after making sure that all cache is perfectly cleared. A “check and double check” technique, you may call it, which makes sure that:   your site is up and running all cache gets flawlessly flushed!   Drupal 7's so very popular Drush cache command itself gets cleared and replaced with “cache-rebuild” in Drupal 8. Which (the Drush cache-rebuild command specific to Drupal 8) carries out the following tasks:   clearing the APC cache  bootstrapping Drupal calling drupal_rebuild()  removing the Drush cache    4. Wrap-Up Summing it up now, the essential info to remember is that:   “clear cache” should be on top of your “best practices” list as a Drupal developer  you have not just 1, but 4 methods to choose from, depending on your work style and context: via the UI, clear cache using Drush, by truncating your “cache_” database tables, by running the /core/rebuild.php file Drupal 8's cache-rebuild is a step forward from the conventional cache-clear practice; it adds a new “re-bootstrapping” operation to the “cache clearing” process! ... Read more
RADU SIMILEANU / Mar 02'2018
4 Free Drupal 8 Themes for eCommerce Trending Right Now
Just imagine: all that masterfully coded back-end, all that hard work performed in the “backstage”, all those great features that you've created from scratch... turned into a worthless effort. And this because you haven't invested the same amount of time and effort in selecting your e-commerce site's theme, as well. So the question that arises now is: what are the free Drupal 8 Themes for eCommerce worth checking out? So you can pick your perfectly suitable one, that would: meet, greet and retain your online visitors and spotlight your products. Well, we've read your thoughts and done our research for you! We've dug deep into the “pile” of free Drupal 8 Themes designed specifically for online stores and put together a top 4. And now, without further ado:   1. SShop, A Bootstrap-Based, Responsive Theme Let's get straight to the features that convinced us that yes, this is a theme that deserves its place in the top 4 Drupal 8 responsive themes for e-commerce sites: it “spoils” you with out-of-the-box Drupal Commerce  it's ideally quick & easy to install  it provides you with a homepage slideshow (delivered by the Views Slideshow module, one of the many modules that the SShop theme supports) you get a multi-level responsive header menu out-of-the-box, as well it enables you to add as many fields as needed to your Default Product type  and should I also add that you get Slider content types and a Blog out-of-the-box, too? A whole “plethora” of built-in features offered to you “on a silver plate” for this theme not to get levelled up from just “another one of those free Drupal 8 eCommerce themes available on the web” to... one of those “definitely worth checking out”!   2. eStore, One of the Feature-Packed Free Drupal 8 Themes for eCommerce If it's a fully responsive, Bootstrap Drupal theme, conveniently “overloaded” with e-commerce site features, that you need, than eStore is the one! Now allow me to dig deep into this out-of-the-box “load” and take out some of the key features and cool functionalities that you'll get: a product layouts collection for you to scan through and select from the option to add your own fields to the Default Product type content types included in the configurations an out-of-the-box Blog to integrate with your e-commerce website Slider content types   And the list of features could go on. Do check it out before investing valuable time in looking through a whole load of Drupal 8 Themes based on Bootstrap available on the web!   3. Commerce Bootstrap-Based Theme: Designed to Speed Up Your Theming Process  That's right, this is one of those free Drupal 8 ecommerce themes —  a sub-theme of the Bootstrap theme — geared towards speeding up the whole theming process of your e-commerce store. And how does it do that? It just overrides the Drupal Commerce templates so that they match both Bootstrap and all the other helpers.  So, it's practically your “trump card” theme boosting the theming process by automatically handling all the matching —  Drupal Commerce vs Bootstrap —  for you. Pretty convenient and definitely worth taking it out for a “drive test”, don't you think?   4. Belgrade: Fitted With Drupal Commerce in Mind Another Drupal theme suitable for your (future) Drupal 8 e-commerce site. An out-of-the-box one, designed specifically for Drupal commerce and developed via the previously mentioned Drupal theme here: the Commerce Bootstrap base theme. Built, from the ground-up, to meet any online store's specific functionality needs. Therefore, worth taking it for a spin, don't you agree? END of the list! Can't hide that I'm more than curious how your own top free Drupal 8 ecommerce themes looks like. What other visually-appealing, feature-packed themes does it include?  ... Read more
Silviu Serdaru / Feb 08'2018
How to Document & Estimate Your Drupal 8 Content Migration Project
About to get your Drupal 8 content migration project off the ground? Still a bit hesitant? No wonder, since just the perspective of: setting up a thorough schedule, including all the major milestones and endless control points deep analyzing the entire source data “overload” setting up a detailed approach to content migrations actually building the new website but not before you've actually put together its Drupal 8 specific technical architecture (with all the Drupal 8 specific content types, modules, entities...) testing till you... drop then rolling back and testing some more ... can get quite discouraging. So, let's simplify it! The entire Drupal 8 content migration process I mean! Let's break it down into multiple phases. And in this blog post here I'll be pointing out to you, briefly, what goes into the: content audit phase (along with an audit of all the features/functionalities) documentation phase (including the project tasks assignment & checking off specific skills that your teams should have) estimation phase With a focus on security best practices to adopt throughout the process. Shall we dive in? 1. What Does “Migration” Even Mean in this Particular Context? It comes down to moving data from one supposedly outdated website to a new one. And in our particular context here “outdated vs current” translates into “an old version of Drupal vs a newer version of Drupal”. The newer one is Drupal 8. 2. (Re)Considering Your Content: 2 Predictable Decisions You'll Take I'm sure you already predicted this step of critical importance when planning your migration to Drupal 8. A content audit is, without question, a critical step to take, yet it shouldn't be a pointlessly overburdening one. By “pointless” I mean spending too much time creating the perfect migration path for... outdated content. Content that you won't be using anyway once you migrate it to your (or your client's) new Drupal site! And so, these are the 2 actions you'll most likely take after auditing your content: you'll be pinpointing outdated, no longer relevant content on the “old” Drupal site, that you don't need to transfer onto your Drupal 8 site you'll be restructuring the current information architecture and covert your content chunks into a more semantic data format (think outside the conventional HTML contexts and about using content as API on your future site) 3. Which Features Stay, Which Ones Go? Undertake a “brutally honest” audit of your current site's features and functionalities this time: Which ones of them are your site's visitors actually using? Which ones of them are they constantly... ignoring? What brand should new functionalities you should implement on your new Drupal 8 website? And speaking of this last question: you should start seeing your Drupal 8 content migration as a site rebuild, as well. You'll be actually setting up, from the ground up, the proper environment in Drupal 8 with new functionalities added to! That should “welcome” and seamlessly accommodate the transferred content. 4. Assigning Your Drupal 8 Content Migration Project to the Right Team(s) At this stage of the migration planning process — the documentation stage — 3 people, standing for 3 district roles in your team, should get co-opted: a project manager/analyst a marketing manager a developer With a focus on the first 2 of them.You'll see why in a minute. Now here are the skill sets and hands-on experience to look for when selecting these key people to work on your project: the assigned project manager (or/and the analyst) should also be a competent information architect; well familiar with the usability principles that the content to be migrated need to comply with they marketing manager (or senior content editor) should be the one deciding precisely what content gets migrated and the form it should take your assigned teams (and this calls for the Drupal developer's expertise), should be well aware of each system's capabilities — your current sites and your future Drupal 8 site's  capabilities — and thus get a straight answer to the question: “What content is, indeed, transferable and how precisely?” also, it's recommended that your team gain an in-depth understanding of your site's traffic and of its usage by the time this Drupal 8 content migration process starts and also, one of them should have the necessary know-how and configuration management experience to set up &export content types and fields As you can see, the Drupal developer's contribution to this documentation & analysis phase is minimal. And this because his technical expertise will be most needed in the next step of the process (when the data gets actually migrated). It's then that he'll be... “stealing the show”. Nevertheless, as already mentioned, his/her input should be asked for to make sure that content can be transferred to the target system. To ensure feasibility of the entire data migration process from a technical standpoint. 5. From “It Depends...” to a Rough Time Estimate  That “Well... you know... it depends...” answer causes a lot of (legitimate) frustration, doesn't it? But there must be some sort of guidelines to help you give a time estimate, right? Even if a very rough one. And there are: Node/User/Taxonomy migrations 1-5 content types 6-10 content types 11+ content types Initial analysis 16-24 hours 32-40 hours 48-56 hours Content type creation & export 16-40 hours 40-80 hours 8 hours/type Configuration Grouping 16-24 hours 24-40 hours 24-40 hours Content migrations 16-40 hours 32-56 hours 8 hours/type Testing 24-32 hours 40-56 hours 8 hours/type   Additional Migrations Files & media migration 32-56 hours Other entity types 16-40 hour per entity type Migrations from non-Drupal sources 16-40 hour per source type Once all the project management aspects of your migration are clearly defined, the process itself should go smoothly, according to the detailed schedule. Also, as you can easily see, numbers state the obvious: the heavy weight of the entire Drupal 8 content migration process gets lifted right at this planning and documenting stage. Implicitly, the developer will start reusing the same fields (or some pretty similar ones). Which leads to convenient code and configuration overlaps. 6. Make User Data Security Your Top Priority And this should be the case when undertaking any web development project after all. Looking on the bright side of a migration process: it's a one time project! Therefore, at the end, you just disable all the custom modules you will have written precisely for this data transfer and leave no traces, no security breaches behind. Yet, common sense precautions and best practices are definitely required! Especially when it's user data (along with other sensitive data) that you're handling. Here are some critical safety measures to apply: ensure that no user data (XML files, database dumps etc.) gets accidentally sent around via emails (or any other unsecured form) ensure your database and development server infrastructures are upgraded to the latest standards ensure that your git repository isn't (God forbid!) public consider clearing your development database off all the email addresses and user accounts still lingering there As you can see, these are nothing but common sense safety measures. Make sure your entire Drupal 8 content migration process complies with them and take no risks. And this is how you, plan and put together your migration strategy, select and prepare your teams and give a close-to-accurate time estimate! What do you say: what other key steps to take/best practices to apply at this stage of the process should I have mentioned here? ... Read more
Serge Karpyuk / Jan 31'2018
5 Drupal 8 Initiatives and The Pressing Issues They Address
Drupal user “complaints” turned into strategic battle-plans, resulting in groundbreaking improvements pushing Drupal forward. This is how Drupal 8 initiatives grow into stand-alone Drupal core features. They signal the “sore points” for the Drupal community of developers to focus on.  And from all the “user complaints” turned into new Drupal 8 features and functionalities so far we can't but mention:   Views, now part of Drupal core the plethora of multilingual capabilities   configuration management   OK, so these ones already developed into widely-leveraged Drupal functionalities. But which are the currently work-in-progress ones? What's going on in the backstage? What “surprises” to expect from the Drupal core maintainers? What best practices should you get a grip on so you can use capitalize on them during your next Drupal projects? Since we kind of anticipated your “curiosities”, we've selected 5 of the Drupal 8 initiatives that you should be particularity interested in. As they're aimed at easing your life both as a Drupal developer and as a Drupal site/app owner. Let's dive right in:   1. The Out-of-the-Box Experience Initiative  A much-needed “promise”, I could call this initiative. The promise of an initiation for all newcomers to Drupal who, at the moment, don't get a very warm welcoming.  They're left pretty much all alone on their discovery “adventure”, where they unveil Drupal's capabilities. Therefore, the goal that this initiative serves is that of showing off Drupal 8's true potential, all its powerful functionalities and tempting features. And all this nicely wrapped in a visually appealing theme and enriched with example content, as well. In short, this out-of-the-box experience is geared at welcoming new users into the Drupal 8 world! Take this scenario for instance: You're facing the challenge of briefly showcasing some of Drupal's functionalities (which are perfectly suited to their project's needs, needless to add) to a potential customer. With the out-of-the-box experience initiative turned into a powerful Drupal 8 core functionality at hand, you'll be able to get a demo site up and running in no time and to... “enlighten” your audience.    2. The Drupal Media Initiative: One of The Drupal 8 Initiatives Getting Loads of Attention The Drupal 8 media initiative started as a reaction to all the content editors' complaints about:   the cumbersome procedure of tracking down specific items from the media library the poorly intuitive media loading process taking place in Drupal's back-end   Moreover, this dissatisfaction risked turning into a reason for some to opt for WordPress, instead, better equipped to answer content authors' needs. And being able to reuse file content is still one of their most pressing ones.   3. The Workflow Initiative  And this is arguably the most ambitious of all the Drupal 8 initiatives in our selection here. That is because it targets a whole lot of content management goals: a whole lot of content creation shortcomings that editors have been signaling for some time now. To name a few:   the content previewing experience: in case of a content-heavy Drupal website, the preview of the site won't give you an accurate preview of how content is going to look (just an interpretation of how it would look); and with new and new devices emerging, this inconvenience might risk turning into a serious drawback for Drupal 8's adoption      multiple publishing states (instead of just the basic published/unpublished duo): specific content creation scenarios call for specific publishing states ( e.g. “draft”, “archived”) and providing content writers with such kind of granular control is one of the goals that this Drupal initiative serves   simultaneous workflow moderation/publishing of content items of the same group (nodes, menus, blocks): and this is when the concept of “workspaces” stepped into the spotlight   granting different levels of role permissions when it comes to changing a content's publishing state (from draft to published or from archived to published etc.); the content creator would be granted his/her own level of permission, the editor and the content managers their own and so on    customizable workflows: so that content managers should be able to set up and juggle with multiple workflows per content types   Summing up:   the Workflow initiative in Drupal 8 means sustained effort and a huge amount of work invested in granting editors (even) more control over the content creation process   … in enriching the editorial experience with new, much-needed content sharing, reviewing and collaboration tools   … in improving the content workflow   … in getting Drupal 8 equipped with content editing, stagging and deployment capabilities   … in making it possible for content editors to stag content in a non-production environment and have it automatically moved to a production environment and get it published   4. The Migrate Initiative  Imagine a world where:   you would no longer need to be constantly on alert, posted on all the critical patches and upgrades to quickly “grab and install” migrations from other platforms to Drupal would run smoothly, requiring much less of your time and of your other resources   … "time" that you could then invest in customization tasks, in creating and tailoring unique features for the site/app that you're working on. Well, it looks like this world is no longer just a product of your imagination, but a soon to become a real one!  The Migrate initiative is geared precisely at streamlining both the migration and the upgrading processes in Drupal 8.   5. The API-First Initiative  And this initiative comes to boost, even more, Drupal's already robust capabilities to integrate with other platforms and modules. Now since these integrations are intermediated third-party services APIs, enabling data to be transferred both ways, the need for Drupal to provide its own APIs emerged. Then, Drupal 8 would be able to make its own content easily accessible to other devices, services, and apps, as well.   End of list! I'm particularly curious now: Which of these 5 Drupal 8 initiatives do you think that will have the biggest impact on your work as a developer or on your Drupal user experience once it grows into a stand-alone core feature? ... Read more
Serge Karpyuk / Jan 11'2018
The 7 Best Drupal 8 Distributions: Why Should You Even Use One in the First Place?
What are Drupal 8 distributions anyway? Why bother using one: what would you gain by using one instead of building your Drupal 8 site from scratch? And, most importantly: which are the best Drupal 8 distributions to choose from? … the top-rated ones, both by other companies already using them and by Drupal experts, as well? There are lots of different Drupal Distributions: Commerce Kickstarter, Open Atrium, Drupal Commerce, etc. build for different versions of Drupal. Which ones are the best? Let's jump straight ahead to the answers you're looking for now, shall we? First Things First: What Is a Drupal Distribution After All? “A Drupal distribution packages a set of contributed and custom modules together with Drupal core to optimize Drupal for a specific use case or industry." (Dries Buytart, Distributions Remain a Growing Opportunity for Drupal) Take it as an all-in-one-place or a conveniently quick and easy-to-install package. One which, once “unwrapped”, delivers you all the site-specific features and business use-case/industry-specific functionality that you need:   Drupal core precisely those contributed and custom modules that you need  themes predefined configuration installation profiles libraries   Bottom line: it's Drupal + additional software components (strategically assembled and preconfigured) that you get with a Drupal distribution software. One that will turn setting up your use-specific Drupal 8 site into a breeze! “How to install a Drupal distribution?” quickly turns from a hard nut to crack into nothing but a child's play. Just imagine how much time and valuable resources you'd otherwise invest in:   scanning through the overwhelmingly rich collection of Drupal modules figuring out which are THE ones catering to your specific use case or industry installing all the needed elements (and here we're not referring to Drupal 8 modules only) one by one   And here we can talk about 2 types of Drupal distributions:   the full-featured ones  the quick-start tools   Key Advantages of Using One Over Building Your Site From The Ground Up Before we push forward, into the spotlight, the best Drupal 8 distributions to choose from, let us outline what you'll gain, precisely, from making this decision:   Using a Drupal distribution over setting up your website from scratch.   launching your website turns into a matter of a few... hours; instead of delving into a load of thousands of modules yourself, the preconfigured site that you get by choosing a software distribution delivers you everything you need in a single download: wrapped up in one installable package!    by comparison, the “traditional” way of setting up your site would grant you access to Drupal core only; any additional functionality needed calls for... additional downloads   maintaining your whole ecosystem of modules and other site components becomes less time-consuming: one single update is enough for all Drupal modules and features (vs “hundreds” of them in a conventional Drupal site build scenario)   And now since selecting the proper Drupal distribution, the one that best suits your specific type of site, your business use case, and industry, is key, let us reveal to you the top-rated ones to consider choosing from:   And Here Are The 7 Best Drupal 8 Distributions 1. Lightning Empower your editorial team and you'll get (even) better content on your Drupal 8 site! With the Lightning Drupal distribution for enterprise, you get to turn crafting, adding, editing, and publishing content into a rich authoring experience! How does it work you say? Practically Lightning's built to "fuel" the editorial experience with these 4 modules' powers combined: Workflow, Media, Layout, and Preview. Hence, content editors get all their feature/functionality needs satisfied for creating great content (and handling content editing operations) with great ease.   2. Varbase The "nitty-gritty" of any Drupal web project! This is what you'll get once you "unwrap" your package with the "Varbase" name tag on! Basically, the essential modules, configurations, features, and functionalities that any Drupal 8 site needs are all bundled up in this starter kit, at a click's distance! Get all these necessities downloaded and installed and give your site's development a major speed boost.   3. Contenta Planning to jump on the decoupled Drupal bandwagon? To progressively decouple your Drupal 8 site maybe? Then Contenta, the API distribution for Drupal 8, makes your best "ally" in turning your decoupling Drupal project into a success story! What it does, precisely, is it eases the overhead of making a decoupled architecture work (or simply “trying it on”, to see first whether it fits you or not):   it provides you with an API-ready platform (admin configuration here included) ... demo content ... and even example front-end applications   4. Reservoir Here's another API-first Drupal distribution, (still) an experimental one, that you can rely on for supporting your Drupal decoupling initiative.  ... if you were looking precisely for a flexible and easy to use tool for building a Drupal content repository that your front-end app could easily access via HTTP APIs. But what makes Reservoir one of the best Drupal 8 distributions?   it takes the burden of modeling and managing content off your shoulders  it enables your team of developers to set up a basic, yet functional content back-end, all while preserving the rich content editing experience (with all the functionality and features that editors get "spoiled" with) that Drupal 8's well famous for    Note: surprised that Contenta and Reservoir have made it to our "best Drupal 8 distributions" list? Don't be! The 2 API-first distributions might still be community-driven experiments. Yet, all the potential they "promise" to unlock in a digital landscape where the channel/device/design-agnostic trend and the API-first approach rule is not to be underestimated.   5. Thunder Out-of-the-box publishing technologies (Riddle Interactive Content, Facebook Instant Articles) and modules from industry partners (Valiton, Nexxt.tv, Acquia) is what you'll get along with your Thunder "package". In short: all you need in an all-in-one the bare necessities and more addressing all your professional publishing needs!   6. LISSA Kickstart A Drupal distribution built to help you streamline your events and client notifications management and publishing process.  What you'll get specifically is a Drupal-based technology stack for real-time messaging in second screen apps. One which, as a media company, you get to leverage for:   pushing notifications to your clients publishing video stream (live or on-demand) ... with convenient ease   7. Open Social By far one of the most popular Drupal distributions, Open Social couldn't have possibly missed from our top including the best Drupal 8 distributions. Go for it if it's a:   social community platform intranet solution portal or any other Drupal-powered social project that you're planning to build   It will dramatically speed up the development process as it provides you, right out-of-the-box, with all the elements that your social community site could need:   Notifications Timeline Events Follow Groups   And this it IT! Our own selection of the very best Drupal 8 distributions to consider as "candidates" for your own specific Drupal project. Select the one that best fits your project's specific use case, then weigh its advantages and... decide how you'll invest the time that you will have saved using it (instead of building your site from scratch). ... Read more
Adrian Ababei / Nov 23'2017
GraphQL on Drupal 8: Inject High Performance Into Your Drupal Decoupled App
Data, database, data fetching, data requests, data retrieving, data receiving... all modern web apps — fully or progressively decoupled front-end applications — have an insatiable “appetite” for data. And satisfying this particular “hunger”, with no compromise on performance, is the “mission” that GraphQL on Drupal 8 — the module —  has been invested with. Retrieving the requested data with as little time and resources used on round trips to the server as possible. With no under- or over-fetching, with no need for versioning. In short: the module “exploits” all the limitations that the Restful approach started to show in addressing well-known data issues; it came out as a result of Dries Buytaert's advice and forecast on advancing Drupal's web services. But let's not beat around the bush anymore and dive right in:   GraphQL This... GraphQL That... But What Is GraphQL After All? It's Facebook's patented technology created in 2015.   And app layer query language designed to revolutionize the way data gets retrieved, interpreted and formatted: all these processes take place based on a GraphQL schema!   Approaching the data in terms of graphs and exposing those graphs in a schema guarantees that the caller's data request is identically structured as the delivered answer. Not to mention that the same caller gets to formulate his data requests more explicitly and specifically thanks to GraphQL. No wonder that front-end Drupal developers have started to perceive it as a powerful rival to REST! To the standard REST approach to retrieving data in apps built with headless Drupal 8. In this respect, let's briefly recap just some of its “luring” features:   it perfectly matches the data request's structure with that of the delivered response  it queries the requested data based on s self-documented, automatically generated data exposure schema   GraphQL & Drupal: A Duo Powering The Future of Decoupled Drupal Take GraphQL as the intermediary used in decoupled Drupal projects between the JavaScript front-end and the Drupal back-end. The one invested with the role of smoothing and streamlining the interaction of the decoupled front-end with the Drupal data source. A role that used to be played, in all Drupal decoupled apps, exclusively by the RESTful web services, remarkably well developed in Drupal 8. Till the traditionally used REST architecture started to prove its failure in addressing data access issues. And GraphQL on Drupal 8, the dedicated GraphQL module, started being built. The improved overall performance, that this new approach to retrieving data promises, derives from:   GraphQL's way of retrieving data based on a schema its entire system of types and fields    … which guarantees predictable responses only (the client-side apps are enabled to request for specific data) and, implicitly: no round trips and no extraneous data. A responsible use of server resources. Moreover, in case of complex, hierarchical data, not only that the caller gets to shape a “straight to the point” request, but it gets to ask for all the needed data on the same query! An efficient use of server power especially when your decoupled Drupal app's front-end requests loads of data in a context of slow mobile internet connection.   GraphQL on Drupal 8: Your Data Graph Conveniently Exposed in a GraphQL Schema   And then... the GraphQL module was born! Not yet part of the Drupal core, but powerful enough to allow front-end Drupal developers to use it to its full potential in their decoupled Drupal projects. The main “mission” that its maintainer, Sebastian Siemssen, invested it with was: to turn Drupal into a GraphQL-powered data hub for decoupled front-end apps, by implementing a schema. A GraphQL schema exposing the available field types and entity. Practically via TypedData API your Drupal 8 site's data graph becomes more “readable” for the GraphQL library.  This way, the client-side app gets to request for more than specific data/field values and to receive precisely the required info. And this streamlined data fetching process with GraphQL on Drupal 8 can only lead to zero bloated responses. There's more!  We can't be talking about “a” module, but a whole ecosystem of submodules that you can read more about on Drupal GraphQL Github:   GraphQL Content  Entity Reference Breadcrumbs Boolean Content Mutation Link Image Menu File Block Views   Have you already harnessed the full potential of GraphQL on Drupal 8 to fuel your web apps with? If not, why hesitate? Why do you still think it might not be a robust enough alternative to the traditional REST approach to data fetching? ... Read more
Adrian Ababei / Nov 17'2017
Drupal 8 Group Module: How to List Related Group Content 
“Fallen for” Drupal 8 Group Module's principle of using entities and entities relations (as opposed to node “knots”) for handling groups? For the entire concept behind it: sectioning your Drupal site into multiple “micro-sites”, where users having different sets of permissions gain access to certain “micro-sites” only? A "seductive" entity API-powered idea indeed! And here you are now: pulling your hair out to find a way to link your user groups with their corresponding content (nodes). To list related group content! How you do that? How do you filter content and relate it to the group that it belongs to? Keep reading...   But First: A Few Words About The Drupal 8 Group Module As you must already know, the Group module was born as a solution to all the limitations that the Organic Groups module, its older “rival”, presented. A major drawback being, for instance, the fact that it provided no API. No API to rely on for configuring a site's role and permission system and content types across its ecosystem of user groups. And before we point out its most significant strong points, allow us to list and to briefly detail a few key concepts to fully understand how this module works:   group type: a fieldable entity (common pitfall: do not take user-defined groups for nodes!) group (user) membership: a “group type” fieldable entity specific to a given group, incorporated through a plugin; in other words: each “Group type” can feature multiple fields that describe their user memberships    the Group Node module: provides “Group type”-specific fieldable entities which describe to what level a group is connected to the nodes of a given content   Now that we've shed some light onto these key notions, let us highlight to you the Drupal 8 Group module's key advantages over Organic Groups:   self-contained admin, great UI: everything you need for configuring your groups' functionalities is right there, in your admin menu, no need to delve into a dozen of pages for adding your groups, your group types etc.; simply look for the Group section (neighboring the “People” one)   improved data model: Group relies on group dedicated entities, opening up a whole new era for handling groups of users, groups of content...   “pluggable” architecture: take the “Group Node Module, for instance, that the Drupal 8 Group module ships with; it enables you to integrate nodes into a given group and to share access to private content among that group's members only   Before We Dig Into It: How Do You Programmatically Add New Content To Your Group? Put yourself into this Drupal developer's shoes: “He/she has just created an Article node and now he's facing the challenge of programmatically adding it to a pre-configured group on his website." How does he solve the “problem”? By using the addContent() method, which leverages the following function added to the Group module: Group::addContent(ContentEntityInterface $entity, $plugin_id, $values = [])  Note: $plugin_id: it stands for 'group_node:YOUR_NODE_TYPE_HERE' $values: add them only if you want to fill in the fields on the node-to-group relation entity   Now What If You Need to Bulk Add Content To Your Group? That's right? What if you had to add multiple nodes to one of the groups on your Drupal site relying exclusively on the Drupal 8 Group module's capabilites? Basically your key objective then would be adding a group content entity to each node connected to your Group. Here are the steps to take:   Make certain that you have a GroupType   Check that this GroupType has all the proper plugins enabled (GroupType::installContentPlugin(); read deprecation notice)   Put together a group of said GroupType   Bulk add those nodes using: $group->addContent($node, 'group_node:NODE_TYPE_HERE');            Tip: do rely on the API at hand, GroupInterface::addContent(), for this! Or, if you prefer a shorter version, one that doesn't “constrain” you to use the API,  here's a three-step migration process to get inspired by:   Ensure that a group does exist, first things first   (Bulk) Migrate your nodes   Manually put together your GroupContent entities   And Finally: This Is How You Show Related Group Content Or, better said “how you create a view for showing that content” using the Drupal 8 Group module. Before we dig into the step-by-step guide, we'd like to highlight the fact that:   you'll be using “node id” as a contextual filter   the process requires 2 types of Views relationships: Contextual Node > Parent Group and Parent Group > Nodes in group   And here are the promised steps:   Create your content view (it should have at least one block)   Under your View's relationships choose “Content: Parent group” and then click the “Require this relationship box”; you'll now see new relationships listed in the dropdown menu   Next, from the same dropdown menu select the following relationship: "Group: Node entities", then hit the “Require this relationship” box   Then it's time to define your contextual filter: select “Content NID” from the dropdown menu, hit the “Provide default value” box, then pick “Content ID from URL” from the next dropdown unfolding there   Now it's time you defined the “Group Node” relationship (under Format more precisely) for every single rendered entity, content and/or field (according to your own selections)   Navigate to /admin/structure/block and select the region of the page that you want this block to be displayed on   In short: all there's left for you to do now is simply display nodes from the second relationship that you've defined and (if you want to) filter them by creation date, content type, whatever criteria you'd like. And this is how you do it! How you show related group content using the Drupal 8 Group module's functionalities! Do let us know if you encounter any (other) roadblocks as you're putting this advice into practice! ... Read more
Adrian Ababei / Sep 08'2017