With popularity comes trouble... In this case here meaning: security vulnerabilities and risky over-exposure to cyber threats. And this can only mean that securing your website, that's running on the currently third most popular CMS in the world, calls for a set of Drupal security best practices for you to adopt.
And to stick to!
There's no other way around it: a set of strategically chosen security measures, backed by a prevention-focused mindset, pave the shortest path to top security.
Stay assured: I've selected not just THE most effective best practices for you to consider adopting, but the easiest to implement ones, as well.
Quick note: before I go on and knee-deep into this Drupal security checklist, I feel like highlighting that:
Drupal still has a low vulnerability percentage rate compared to its market share
the majority of Drupal's vulnerabilities (46%) are generated by cross-site scripting (XSS)
And now, here are the tips, techniques, and resources for you to tap into and harden your Drupal site's security shield with.
1. The Proper Configuration Is Required to Secure Your Drupal Database
Consider enforcing some security measures at your Drupal database level, as well.
It won't take you more than a few minutes and the security dangers that you'll be safeguarding it from are massive.
Here are some basic, yet effective measures you could implement:
go for a different table prefix; this will only make it trickier for an intruder to track it down, thus preventing possible SQL injection attacks
change its name to a less obvious, harder to guess one
Note: for changing your table prefix you can either navigate to phpMyAdmin, if you already have your Drupal site installed, or do it right on the setup screen (if it's just now that you're installing your website).
2. Always Run The Latest Version of Drupal on Your Website
And this is the least you could do, with a significant negative impact on your Drupal site if you undermine its importance. If you neglect your updating routine.
Do keep in mind that:
it's older versions of Drupal that hackers usually target (since they're more vulnerable)
the regularly released updates are precisely those bug fixes and new security hardening features that are crucial for patching your site's vulnerabilities.
Why should you leave it recklessly exposed? Running on an outdated Drupal version, packed with untrusted Drupal modules and themes?
Especially since keeping it up to date means nothing more than integrating 2 basic Drupal security best practices into your site securing “routine”:
always download your themes and modules from the Drupal repository (or well-known companies)
regularly check if there are any new updates for you to install: “Reports” → “Available Updates”→“Check manually”
3. Make a Habit of Backing Up Your Website
And here's another one of those underrated and too often neglected Drupal security best practices!
Why should you wait for a ransomware attack and realize its true importance... “the hard way”?
Instead, make a habit of regularly backing up your website since, as already mentioned:
There's no such thing as perfection when it comes to securing a Drupal site, there's only a hierarchy of different “security levels” that you can activate on your site
And backing up your site, constantly, sure stands for one of the most effective measures you could apply for hardening your Drupal website.
Now, here's how you do it:
make use of Pantheon's “one-click backup” functionality
test your updates locally using MAMP or XAMPP or another “kindred” software
harness the Backup and Migrate module's power, currently available only for Drupal 7
export your MySQL database and back up your files “the old way”... manually
There, now you can stay assured that, if/when trouble strikes, you always have your backup(s) to retrieve your data from and get back “on your feet” in no time!
4. Block Those Bots That You're Unwillingly Sharing Your Bandwidth With
No need to get all “altruist” when it comes to your bandwidth!
And to share it with all kinds of scrappers, bad bots, crawlers.
Instead, consider blocking their access to your bandwidth right from your server.
Here's how:
Add the following code to your .htacces file and block multiple user-agent files at once:
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^.*(agent1|Wget|Catall Spider).*$ [NC]
RewriteRule .* - [F,L]
Or use the BrowserMatchNoCase directive as follows:
BrowserMatchNoCase “agent1” bots
BrowserMatchNoCase "Wget" bots
BrowserMatchNoCase "Catall Spider" bots
Order Allow,Deny
Allow from ALL
Deny from env=bots
Use the KeyCDN feature for preventing those malicious bots from stealing your bandwidth!
5. Use Strong Passwords Only: One of the Easiest to Implement Drupal Security Best Practices
More often than not “easy” doesn't mean “less efficient”.
And in this particular case here, simply opting for a strong username (smarter than the standard “admin”) and password can make the difference between a vulnerable and a hard-to-hack Drupal site.
For this, just:
Manually change your credentials right from your admin dashboard: “People” → “Edit”→ “Username” while relying on a strong password-generating program ( KeePassX or KeePass)
6. Use an SSL Certificate: Secure All Sensitive Data and Login Credentials
Would you knowingly risk your users' sensitive data? Their card information let's say, if it's an e-commerce Drupal site that you own?
And how about your login credentials?
For this is what you'd be doing if — though you do recognize the importance of using an SSL certificate — you'd still put this measure at the back of your list of Drupal security best practices.
In other words, running your site on HTTPs (preferably on HTTP/2, considering all the performance benefits that it comes packaged with) you'll be:
encrypting all sensitive data that's being passed on, back and forth, between the server and the client
encrypting login credentials, instead of just letting them get sent, in crystal-clear text, over the internet.
7. Use Drupal Security Modules to Harden Your Site's Shield
For they sure make your most reliable allies when it comes to tracking down loopholes in your site's code or preventing brutal cyber attacks.
From:
scanning vulnerabilities
to monitoring DNS changes
blocking malicious networks
identifying the files where changes have been applied
… and so on, these Drupal modules will be “in charge” of every single aspect of your site's security strategy.
And supercharging your site with some of the most powerful Drupal security modules is, again, the easiest, yet most effective measure you could possibly enforce.
Now speaking of these powerful modules, here's a short selection of the “must-have” ones:
Password Policy: enables you to enforce certain rules when it comes to setting up new passwords (you even get to define the frequency of password changes)
Coder : runs in-depth checks, setting your code against Drupal's best practices and coding standards
Automated Logout: as an admin, you get to define the time limit for a user's session; he/she will get automatically logged out when the time expires
SpamSpan Filter: enables you to obfuscate email addresses, thus preventing spambots from “stealing” them
Login Security: deny access by ID address and limit the number of login attempts
Content Access: grant permission to certain content types by user roles and authors
Hacked!: provides an easy way for you to check whether any new changes have been applied to Drupal core/themes
Security Review Module: it will check your website for those easy-to-make mistakes that could easily turn into security vulnerabilities; here's a preview of this module “at work”
8. Implement HTTP Security Headers
Another one of those too-easy-to-implement, yet highly effective Drupal security best practices to add to your Drupal security checklist:
Implementing (and updating) HTTP security headers
“Why bother?”
Cause:
first of all, their implementation requires nothing more than a configuration change at the web server level
their key role is letting the browsers know just how to handle your site's content
… thus reducing the risk of security vulnerabilities and brute force attacks
9. Properly Secure File Permissions
Ensure that your file permissions for:
opening
reading
modifying them
… aren't too dangerously loose.
Since such negligence could easily turn into an invitation for “evil-minded” intruders!
And it's on Drupal.org's dedicated page that you can find more valuable info on this apparently insignificant, yet extremely effective security measure
10. Restrict Access To Critical Files
Told you this was going to be a list of exclusively easy-to-implement Drupal security best practices.
Blocking access to sensitive files on your website (the upgrade.php file, the install.php file, the authorize.php file etc.) won't take you more than a few minutes.
But the danger you'd avoid — having a malicious intruder risking to access core files on your Drupal site — is way too significant to overlook.
END of the list! These are probably the easiest steps to take for securing your Drupal site.
How does your own list of Drupal security tips, techniques, and resources to tap into look like?
RADU SIMILEANU / Apr 06'2018
Who are your visitors? Where do they come from? And what do they do precisely during their visits on your Drupal site? How long are their visits? What content on your site do they linger on and what content do they “stubbornly” ignore? Needless to say that for getting your answers to all these questions you need to set up Google Analytics on your website.
Since:
“This data--aka analytics--is the lifeblood of the digital marketer.” (Jeffrey Mcguire, Acquia, Inc. Evangelist)
The good news is that integrating it is nothing but a quick and simple 3-step process. And the great news is that:
Drupal's got you covered with its dedicated Google Analytics module, geared at simplifying the otherwise tedious and time-consuming process.
So, shall we dive into the installation guide?
1. But First: Why Web Analytics? And Why Precisely Google Analytics?
In an UX-dominated digital reality, that takes personalization to a whole new level, user behavior data turns into... superpower.
And by “user behavior data”, I do mean web analytics.
Therefore, injecting a web analytics service into your Drupal site is like... injecting true power into its “veins”.
But why precisely Google Analytics?
Why set up Google Analytics on your Drupal site instead of another web analytics tracking tool? Is its popularity a strong enough reason for you to jump on the trend?
To answer your question, I do think that its own key features make the best answers:
audience demographic reporting: discover where your site visitors come from, their native languages, the devices and operating systems they use for accessing your website...
goal tracking: monitor conversion rates, downloads, sales and pretty much all stats showing how close (or far) you are to reaching the goals that you've set for your website
acquisition reporting: identify your site's traffic sources; where do your visitors come from exactly?
on-site reporting: gain a deep insight into the way visitors engage with specific pieces of content on your website, so you know how to adjust the experience your deliver them on your site/app to their specific needs
event-tracking: tap into this feature for measuring all activities carried out on your Drupal site
And the list of features could go on and on. Providing you with a high-level dashboard and enabling you to go as deep as you need to with your “data digging”.
For Google Analytics is only as powerful as you “allow” it to be. It empowers you to dig up both surface and “in-depth data”.
Moreover (or better said: “thanks to...”), being such a feature-rich tracking tool, Google Analytics's highly versatile, too. From email marketing to social media marketing, to any type of marketing campaign that you plan to launch, it's built to fit in just perfectly.
To power all forms of marketing strategies.
And where do you add that it's been a while now since we've been having Google Analytics for mobile apps and the Google Analytics 360 suite, too! 2 more powerful GA tools to add to your web analytics “tracking arsenal”.
2. The Drupal Google Analytics Module and How It Will Make Your Life (So Much) Easier
Let me try a lucky guess:
Your Drupal site has... X pages (have I guessed it?)
The “standard” way to add Google Analytics to your Drupal site would involve:
Copying the tracking ID that Google Analytics provides you with and pasting it on each and every page on your website.
A hair-pulling monotonous and time-consuming process, don't you think?
And it starts to look even more cumbersome if you think that you have the alternative to set up Google Analytics on your Drupal site using the dedicated module.
But how does it streamline... everything more exactly?
You'll just need to paste that Google Analytics javascript snippet for tracking data right to this module's Configuration page and... that's it!
The module will take it from there! It will distribute it itself to all the pages on your website.
Less effort, less time wasted for carrying out in a tedious and repetitive activity. And more time left for customizing all those statistics features to perfectly suit your goals and your site's needs.
Luckily enough, the Drupal Google Analytics module puts an admin-friendly UI at your disposal precisely for that:
use it to track down key data
use it for tailoring your web analytics-tracking activity to your needs: by user role, by pages etc.
3. Set Up Google Analytics on Your Drupal Site In Just 3 Simple Steps
As promised, here's a “dead-simple 3-step guide on how to add Google Analytics to your Drupal site (“leveraging the power of the dedicated Drupal module here included”)
Step 1
The very first thing you'll need to do is sign up for a Google Analytics account if you don't have one already. And then to add your Drupal site (obviously!).
And here are the quick steps to take:
go to www.google.com/analytics
hit “sign in” (you'll find it in the top right corner) and select “Google Analytics” from the unfolding drop-down menu
click “Sign Up” and just follow the given steps for setting up your new account
next, follow the instructions for setting up web tracking
Now you should be able to see your Drupal site displayed under your account, on your admin page in Google Analytics.
And it's now that you should be able to retrieve your site's “Tracking ID”, as well. You'll find it in the “Property Setting” section.
Step 2
The next major step to take as you set up Google Analytics on your Drupal site is to actually go back to your site and... install THE module itself.
Since I've already praised its “superpowers” and how they “conspire” to make your life easier, I'm not going to point them out once again.
Instead, I'll go straight to the steps to take once you've enabled the module on your website:
access its configuration page (you'll find the “Configuration” tab on top of the page, “flanked by” the “Modules” and the “Reports” tabs)
there, right under the “General Setting” section, just enter your “Web Property ID”
… which is precisely the Google Analytics tracking code that you've just retrieved at Step 1
And this is precisely the “magic trick” that's going to add the Google Analytics tracking system site-wide. A monotonous, multiple-step process turned into a one-step operation.
This thanks to the Drupal Google Analytics module!
Step 3
Here you are now, ready to save your settings and to officially harness the power of Google Analytics on your website!
Normally you should be just fine with the default settings that the service provides you with, right out-of-the-box.
Yet, if you need to “refine” your searches, your entire tracking activity, feel free to do that. To explore all the options stored in the “Tracking Scope” tabs for you.
Speaking of which, let me give you just a few examples of how deep you could narrow down your “investigations” and customize the modules:
roles: a setting which lets you define which user roles to track (and which roles the system should ignore)
domains: indicate whether it's a single or multiple domains that you need monitoring
privacy: it enables you to make visitors' IP addresses anonymous
pages: indicate precisely which pages on your website you need to track
messages: track and monitor the messages displayed to your site visitors
search and advertising: keep track of your internal site searches and AdSense advertisements; do keep in mind, though, that some additional settings might be needed!
And... more! You actually get even more power for configuring your JavaScript setting and adding custom variables.
The END! This is how you set up Google Analytics on your Drupal site in 3 dead-simple steps, a streamlined process powered by the dedicated Drupal module.
Adriana Cacoveanu / Apr 05'2018
Building or “redecorating”? Are you putting together your online store from scratch or refurbishing your current one? No matter which one of these 2 scenarios fits your plan, you must be running your own “investigations” right now: which are the very best free Drupal 7 eCommerce themes out there?
Having a “top X” selection at hand would definitely speed up your “research”, right? A top including:
feature-rich themes, “loaded” with all those functionalities crucial for any eCommerce business, such as freedom to style your own product pages, checkout forms, custom cart, “add to cart” button, custom login and logout
Drupal 7 responsive themes
themes empowering you with plenty of customization freedom
Well here's the selection of 5 Drupal themes for e-commerce that you should start your "investigations" with.
1. Omega Kickstart
Jumpstart your Commerce Kickstart theme development using this base theme as a... strong “push”.
A responsive subtheme, a “kickoff” to your whole theme development process on Commerce Kickcstart, Omega Kickstart comes packed with all the crucial features:
it's free
it's built with Drupal Commerce in mind
its layout is fully adjustable to any screen size (desktop, tablet, smartphone)
it's conveniently more user-friendly than the pre-built Omega
Therefore, it makes the perfect impetus for kick-starting your theme development plans!
2. AT Commerce, One of the “Feature-Overloaded” Free Drupal 7 eCommerce Themes
A “full-option” Drupal commerce theme we could say!
AT Commerce “spoils” you with out-of-the-box support for the Drupal Commerce module and Ubercart and .... “overwhelms” you with a heavy load of great features.
Now to name just a few:
it's equipped with support for a lightweight and nonetheless responsive slideshow
pre-built support for a Color module (Garland or Bartik); this enables you to go beyond the 3 default color combinations and, using the color picker at hand, to “color up” your theme to your liking
heading styles that you're free to customize
built-in Superfish module support
custom login block
support for 26 regions
a custom and configurable responsive grid layout for the front page and the taxonomy pages (that you're free to disable if you want to)
Google fonts
mobile support
multiple image field alignment options
And the list is a never-ending one.
As you can see, AT Commerce is a theme that not only that provides you with a wide range of e-commerce-specific functionalities, but with almost unlimited customization freedom, too. You'll get to put together your site's “signature” web design in no time, with no need to “get your hands dirty” in code.
From creating your “trademark” color scheme, to “playing” with all the settings that would impact the overall design and layout, your styling power is significant.
A word of caution: do keep in mind that this is a sub-theme; before you get to leverage all the above-mentioned AT Commerce features (plus a few more) on your own website, you'll need to install the latest version of the AdaptiveTheme.
It's this theme that will provide the needed core functionality
3. Commerce Theme
Here's another one of those free Drupal 7 eCommerce themes geared at helping you get a fully functional and attractive online store up and running in no time!
Moreover, the theme behind this theme “tempts” you with a Commerce Installation Profile bringing you, right out-of-the-box, all the needed functionalities to start selling your products.
A profile coming with built-in Drupal Commerce support and perfectly organized files enabling you to easily customize any eCommerce component you need to.
4. Storefront
As its name suggests:
if it's a clean and “inviting” storefront that you need to implement on your eCommerce site, this is the theme to consider!
One that “plays well” with Drupal Commerce and that you can easily style up, further, adjusting it to your customer's future preferences.
In short: Storefront is that Drupal commerce theme that will implement a clean and appealing interface to your Commerce Kickstart installation.
And now if I am to highlight some of its key features:
responsive techniques via media queries
various settings to “play with” for customizing your site framing, home grids, your color schemes, layout...
an entire collection of template files essential for eCommerce sites: review pane, cart block, product-node
options for cleaning up checkout panes, various form elements (specific to add-to-cart links, product attributes) and check-out layouts
Note: since this theme's compatible, out of the box, with the first version of Commerce Kickstart, the team behind it commits itself to making Storefront “play well” with the second version, as well.
5. Metropolis
A versatile (“fitting” all site types) and feature-rich theme “praising” simplicity.
This is a concise, yet comprehensive definition of Metropolis, one of the most popular free Drupal 7 eCommerce themes.
A more detailed definition would need to include “details” such as:
the fact that it's a tableless theme, with a 1-2 column layouts
it provides you with a superfish drop down menu
comes “equipped” with 10 collapsible block regions
an image slideshow, that you get to customize to your liking via the Views Slideshow
heading H1 optimization for boosting your SEO efforts
primary and secondary links
custom login and logout options
The END! These are the top 5 free Drupal 7 eCommerce themes that you should consider evaluating first. To check whether their built-in collections of eCommerce-specific features suit your own needs and goals or maybe just partially.
Silviu Serdaru / Mar 09'2018
I am a woman of my word and so, as promised to you in yesterday's post, I'm back now with a handful of Drupal SEO best practices to follow this year.
Best practices, valuable tips & tricks and key Drupal SEO modules waiting for you to unlock their optimization power and “inject” it into your website...
All which, once put together, will give you a significant boost in (Google) ranking. So, shall we?
5. Build Your Keyword List, One of the Drupal SEO Best Practices to Stick to
So, you've given your links a “deep clean” (as seen in Part 1), turned on your Google Analytics “tracking” power and your Drupal SEO Checklist's engines, too. What next?
Putting together your targeted keyword list!
And this is one of those Drupal SEO best practices that can either “turbocharge” or turn your entire site optimization strategy into worthless effort. That if you underestimate its “superpower”.
And here are the tools to rely on when you go “keyword hunting”:
Google Keyword Planner:
it shows the no. of searches for each potential keyword that you could rank for
so you'll know whether it's worth adding it to your list or not, depending on the traffic that it can generate
Google Trends:
it gives you an insight into how a specific keyword has “performed” over the years
Moz:
a whole SEO toolkit put at your disposal, including tools for keyword research, link building, site auditing, reporting, you name it...
WordTracker:
it puts a whole “ecosystem” of keyword-identifying tools at your disposal
6. From Lifeless Keywords to "Living", Keyword-Optimized Content
Now it's time to sprinkle your keywords across your website. And not just anyhow, but... strategically!
Your “battle plan” should include the following content optimization steps:
create (if there isn't one already) one page for each target keyword
consider removing certain keywords from your list before designing new keyword-optimized pages; some keywords may just not be suitable for your particular business
write custom page descriptions, page-focused titles, add page-relevant keywords
… and make sure to optimize the content on each one of these targeted pages, pulling off a proper keyword density
7. Add 2 More Essential Modules to your Drupal SEO Toolbox
2 Drupal 8 SEO modules, to be more specific: the RDF UI module and the Linkit module (available in Drupal 7, as well).
RDF (Resource Description Framework) UI:
it's built, from the ground up, with the idea of empowering you to (seamlessly) integrate Schema.org with your Drupal site (whether during or after the development process)
… another one of those Drupal SEO best practices with a clear impact on your Google ranking
with this on-page markup “on”, it will be fairly easier for search engines to “understand” what each page on your site is about
… and thus deliver richer search results
Linkit:
it “spoils” you (or I'd better say your content team), with a convenient UI for easily setting up links right in the WYSIWYG, using the autocomplete field
it sees that they're properly formatted, that they use the right path and that they're up to date, as well
8. "Fast" Is Just Another Word for "Optimized"
As fast as your budget allows! Fast-loading pages will:
have a huge impact on the overall user experience
“please” the search engines and signal them that your site's optimized for speed and thus for enhancing UX
and implicitly give you the boost in rankings (the reason why you've put together this whole Drupal SEO strategy in the first place, right?)
From the dozens of techniques, tools & modules at your disposal, that you can leverage for optimizing your website for high speed, I outline just one: the Google AMP module.
Integrating it with your Drupal site you'll be killing two birds with one stone:
you'll give your site a massive performance boost
you'll make it mobile-responsive
A Note of Caution as a Conclusion
Focusing on your links and forgetting all about the right keyword density across your site's content. Or injecting high speed into your website and forgetting to setup Google Analytics for your website.
Or undermining the meta tags' critical role and focusing exclusively on building your target keyword list, won't give you that boost in ranking that you're aiming at.
Make them ALL work together!
Take these 8 Drupal SEO best practices as a clock mechanism: in vain do 7 parts get all your attention. If you neglect just the 8th component, the whole mechanism/SEO strategy won't work /won't give your site that boost in ranking that you're expecting.
Adriana Cacoveanu / Feb 14'2018
Aiming high? Do you have big plans for your Drupal site? Maybe even propel it right to the front page of Google? Well, you're already one big step closer to your goal: you've chosen Drupal, a content management system geared at granting you unparalleled functionality and flexibility to optimize its every node, snippet of code and view. But which are the essential Drupal SEO best practices to adopt in order to harness this SEO machine's full potential?
Which are the right Drupal modules for SEO, the updated tips & tricks: the SEO essentials of 2018 for optimizing your Drupal website?
For Drupal (and even so more Drupal 8) might be "spoiling" you, the marketer, with an ecosystem of SEO-focused tools and modules to “fuel” your optimization strategy with. Yet, you can't actually rock Drupal SEO if you don't know exactly:
which of them are the truly "can't live without" ones
how to put them all together and (most of all) make them all work together... to your site's advantage
In short: what precisely do you need to set up and tweak on your Drupal site to give it a mega boost in rankings?
And this is why we've put together this step-by-step guide on how to use Drupal's out-of-the-box potential for SEO to the fullest.
Here's your list of 8 tips, tricks, Drupal SEO best practices for 2018:
1. Start By Giving Your URLs a "Deep Clean"
Enabling clean URLs on your website should be on top of your Drupal SEO best practices list!
Why?
first of all, because all Drupal URLs get unique IDs instead of meaningful names
secondly, because readable, clean URLs wearing the pages' titles, enhance both the search engines' crawling and the overall user experience
And although in Drupal 8 you get clean URLs by default, there still are 2 particular scenarios that call for special Drupal SEO modules:
when you move a piece of content to another section of your site and change its URL (Drupal won't automatically remove the old path and you run the risk to end up with duplicate content on your website)
when you're facing the cumbersome SEO chore of manually naming each and every URL on your website
Introducing the Redirect and Pathauto Drupal modules!
Redirect:
it creates 301 redirects which... redirect (obviously!) from the old URLs to the new ones
it guarantees you that the links on your site preserve their value even when you apply changes to your Drupal content
it pretty much takes the burden of fixing every broken link, manually, off your shoulders
Pathauto:
it automatically creates SEO-optimized URLs based on the content that you, yourself, define
for instance, you can set the URL for your blog posts to always have the following path alias: /blog/[blog title]
also (and this is a huge SEO factor) if you have ideally keyword-packed page titles, the Pathauto-generated URLs will automatically contain all those valuable keywords, as well
2. Install The Drupal SEO Checklist Module: One of The Very Best Drupal SEO Modules
And, implicitly, the very first one to install before you go ahead and add any other Drupal tool or module to your SEO essential kit.
“Drupal SEO Checklist is the most powerful Drupal module that "does nothing.” Robert Shea, IBM.
And this says a lot, yet... not everything.
For it's true, the Drupal SEO Checklist module doesn't show you how to optimize your website, yet it delivers you a full list of Drupal SEO best practices to adopt. Or a to-do list of actions you should take, modules you should consider implementing if you prefer.
One covering several key sections on your site to focus your SEO efforts on:
title tags
paths
content
and more ...
3. One of The Key Drupal SEO Best Practices: Adding Meta Tags to Every Web Page
"Letting Google (and other search engines and social media sites) know what the content on your web pages is all about", this is how we could sum up the meta tags' role.
They're snippets of text that not only that:
let Google know what each one of your web pages is all about
but also indicate how you want the content of each page on your site to be described on other websites.
Now, can you imagine the arduous task of manually adding a custom browser and page titles, descriptions and keywords to every single page on your website?
No need to, for you can always install the Metatag module, one of the must-have Drupal SEO modules to add to your toolkit!
Here's how it works:
it enables you to add all the needed meta tags automatically, to each page on your Drupal site
it places both the meta tags and the meta title in the pages' headers, which translates into less code to write for you and faster rendering
And since we've reached the meta tags "chapter" on your Drupal SEO best practices list, let's put another key module into the spotlight: the Alternate Hreflang Module!
A particularly vital module if it's a multilingual Drupal website that you're about to optimize:
it adds hreflang tags to every page on your site
alternative hreflang tags that search engines can then reference in order to serve the right language/regional URLs in their SERPs
Pretty convenient, don't you think?
4. Set Up Google Analytics for Your Website & Other Must-Have Drupal Modules to Enable
"Help them help you!"
Ease search engines' "job" of crawling and indexing your website, by making your website... easy to crawl into and to index (obviously!).
And by tapping into all those Drupal SEO tools put at your disposal for better “communicating” with them (the search engines).
… for gaining a deep understanding of where your site's standing when it comes to its relationship with search engines and social media sites.
Which brings us to 3 Drupal modules/tools that can intermediate (and enhance) your site's communication with the search engines: Google Analytics, XML Sitemap and Cron.
Google Analytics:
it automatically adds the more-then-valuable Google Analytics code snippet to your site
... that you can control (deciding how and when it should be used) to your liking
it "injects" Google Analytics superpower into your website: priceless insights into your site visitors' behaviour on your site, what keywords they've used to land there, their demographics etc.
moreover, the module fixes Google Analytics' known drawback of tracking down ALL visitors, admins here included
... and it does that by showing the code snippet only when "regular" (non-admin) users are visiting the website
XML Sitemap:
it generates an ideally formatted XML sitemap listing the content on your website, that you can submit to the search engines
this way, they (search engines) get to crawl in easily and index ALL the pages on your site (all those that you want them to crawl)
Cron:
a system that keeps your Drupal site conveniently updated and "clean"
it checks for updates itself, it recreates the XML sitemap if needed, keeping it up to date, it indexes the newly added content...
End of Part 1! The second half of this post on Drupal SEO best practices to adopt in 2018 will tackle aspects such as:
building your keyword list and using it to "fuel" your content with
a few more essential Drupal SEO modules to add to your toolbox
valuable tips and tricks on how to speed up your website (since top speed and search engine optimization go hand in hand)
... and more! Stay tuned!
Adriana Cacoveanu / Feb 13'2018
Robust, conveniently scalable, fully (and easily) customizable... What else? Oh, yes, it should definitely be a 2-in-1: CMS & e-commerce platform. This is pretty much how your “wishlist” looks now when you're choosing the best eCommerce solution for your website, right? Would you be able to check off all the “wishes” listed there if you want to build a Drupal eCommerce website?
That is the question!
What makes Drupal not just a good choice, nor just the best one, but the most SUITABLE one for your own e-commerce site?
One that would meet all its needs (quick and easy integration with third-party systems, a flexible content editing process, easy to control SEO etc.)?
Well, here's OPTASY team's top 10 good reasons why you should “bet on” Drupal:
1. It Shortens Your E-Commerce Site's Development Time
And it's pretty much... self-evident:
Compared to a standalone eCommerce platform (e.g. Prestashop or Magento), with Drupal you get Drupal Commerce built right on top of it!
Built, from the ground up, to seamlessly integrate with your CMS.
In short: with Drupal (&Drupal Commerce) you get one tightly integrated platform system simultaneously serving as a content management system and as an e-commerce platform.
Save the time you'd otherwise invest in:
custom-integrating a CMS with your standalone eCommerce platform
making them “play well” with one other
“joggling” with 2 platforms (or a 2-platform system, if you prefer) instead of one and investing twice as much time and effort in their ongoing management and maintenance
2. It "Plays Nicely" With Third-Party Systems
And this is not even an advantage, but a vital functionality drawing a line between effective and ineffective e-commerce solutions.
As a (current or future) e-commerce website owner, your “jam-packed” list of specific needs does include integrating systems and apps such as:
Paypal
Verisign
Authorize.net
… and so on and extending your site's functionality all while enriching user experience, right?
Luckily, Drupal, and implicitly Drupal Commerce, integrates seamlessly with third-party getaways via RESTful API!
3. It's Both Free and Open Source
One of the many valid answers to your “Why Drupal for ecommerce use?” could be:
“Because it's free to use!”
Moreover, by being open source, the no-fee feature doesn't translate into poorly supported modules!
With Drupal, you don't have the “premium plugins” concept otherwise specific to WordPress or Magento, yet you still get to explore a plethora of free modules.
Modules which, moreover, are backed up by a worldwide Drupal community.
In a few words: you get default “premium” modules without the price tag on!
4. A Drupal Commerce-Powered Site Is Conveniently Easy to Handle
And this “convenience” derives from 2 major “requirements” that your future Drupal ecommerce website easily meets:
that it should empower you and your team to operate with one set of tools only
that this “toolkit” put at your disposal — which you'll be using for carrying out specific admin tasks — should include flexible and fully configurable tools only
Checked, checked!
5. You Get a 2-in-1: CMS & Ecommerce Platform
And this might just be one of the strongest arguments to build a Drupal eCommerce website!
Not only that Drupal Commerce
is built on Drupal, from the ground up, deeply “rooted“ in it
which enables it to explore and exploit the CMS's power to the fullest
... but it's actually the ONLY commerce platform built on a CMS!
And this translates into:
a unified, rich and seamless user experience
less development and maintenance time resources for you to invest
6. You Get to Leverage Its Granular User (and Role) Management System
And this is, indeed, a superpower that Drupal puts in your hands!
Basically, you're given full control over who's accessing what, over which functionalities and features (from your CMS and your online shop) your:
team members (who are granted different user roles and levels of permission)
and your site visitors
… gain access to.
7. It Streamlines Your SEO Efforts
It's quite obvious that a tightly integrated platform grants you easier control over your entire SEO strategy. As compared to a 2-platform system.
It streamlines your efforts to constantly improve the customer journey on your online store.
8. Why build a Drupal eCommerce Website? 'Cause It's Flexible
Needless to stress out this feature even more: Drupal's already way “too” famous for its modular nature empowering users to configure and to “custom-tune” their websites to meet their needs to the slightest detail!
Add on new modules, mix and match them to your liking and use Drupal's modular power to the fullest!
9. It's Conveniently Extensible: It Seamlessly Accommodates Sites of All Sizes
Another strong reason for building a Drupal eCommerce website: it seamlessly adapts to all sizes and levels of complexity.
Hence, whether it's:
a small ecommerce site handling basic transactions
or a content-heavy, high trafficked ecommerce website
... that you're building, Drupal's got you covered!
It's built to effortlessly power all sites, large or small!
10. It's a Content-Driven Ecommerce Solution
Since Drupal is, primarily, a content management system!
And content is the driving force of any successful e-commerce site or, better put: all e-commerce efforts are centred on content!
With Drupal and the ecommerce software deeply integrated within — Drupal Commerce — you're empowered to:
deliver a rich and unified user experience on your site
… by easily linking your products/services to corresponding content (descriptions, banners, icons...) that tells the story behind and creates added value
And it's content that engages your customers, that ultimately drives sales and builds brand loyalty! That builds communities.
END of the list! These are, in our opinion, the 10 reasons strong enough to tip the balance in favour of choosing Drupal for your ecommerce website!
Adriana Cacoveanu / Dec 21'2017
You sure didn't expect it to take more than... 2 minutes (3 at most) to add a Drupal 8 Webform to a content type on your website and yet...
What's the “catch”? Is there a "magic" tab that elopes you? Haven't you installed your Webform Drupal module properly?
Or maybe it's the UI itself the real culprit for turning what should have been a "ridiculously intuitive operation into a time-consuming (and hair-pulling) one?
Let us lend you a hand! Let us help you put an end to your "turmoil".
But First: A Few Words About the Webform Drupal Module
Surpassed in popularity only by the Views Drupal module, Webform shouldn't miss from your Drupal toolkit. For it makes the most "usable" tool to rely on for building your custom contact forms/user registration forms/surveys.
A far more efficient solution than building content types leveraging the Field module or using CCK.
Drupal 8 Webform Module
... ships with a whole different code base than that of its “predecessor” and makes an even more powerful, feature-richer form builder enabling you to put together:
flexible
rich
maintainable
… webforms on your Drupal 8 website
Moreover, its capabilities don't limit to the forms' building and publishing, but extend to:
sending confirmation forms and client notifications
collecting, storing and downloading form submission data as CSV
Your Current Scenario
Here's how we see your current “situation” in... 4 steps:
First, you installed your Drupal 8 Webform module
Then you rushed to add a webform to a content type
… so you went to admin/config/content/webform and checked your content type, next you saved your webform settings
And then ... you “hit a blank wall”!
No clue whatsoever where to go next to attach your webform to your content type...
The Solution to How to Add a Webform to a Content Type
Now the above screenshot's “transcription”:
You navigate to your Content type's edit page: /admin/structure/types/manage/[ContentTypeName]
See the “Webform” tab, on the bottom left side of the screen, right under the “Menu Settings” tab?
Just go ahead and enable it and your webform will get automatically attached to that specific content type
Tada! This is how you add a webform to a content type in Drupal!
You just knew it couldn't be anything more complex than a two-minute job, right?
How to Embed a Webform Inside a Node Content: 2 Solutions
In other words: no matter which way you take it, you'll reach the same “destination”.
Here are the 2 methods available to you:
you go ahead and put together a custom Panel page for your node; one with the content area incorporating both the “node being viewed” and the custom block displaying your web form
you leverage the Webform module's power: simply create your web form via the module's user-friendly UI and then just add your form to your “target” content type
Tada... again!
The END of our more or less “enlightening” little tutorial on how to add a Drupal 8 Webform to a content type on a Drupal site. Good luck with your... form building!
Adrian Ababei / Nov 30'2017
It's overwhelmingly lengthy, it's discouragingly “crowded”... it's your checklist to follow when choosing the right CMS for your content-heavy website!
And there's no way around it: you need to check them ALL off, all the must-have features and functionalities included there.
For you can't afford to make compromises on security for a boosted performance, for instance. And you sure can't get away with trading high speed for easy authoring, right? Or with accepting anything less than “the very best” editorial experience for the sake of easy-to-customize design, for example.
It should be an all-in-one CMS solution!
Well, it looks like Drupal is the only platform to fit the profile: it lives up to your legitimately high standards and is capable to meet your content-packed site's specific needs.
Here's why:
1. It's Ideally Flexible & Conveniently Extensible
Dare to dream big, for your Drupal site's content infrastructure is built to grow, seamlessly and almost organically, at the same rate as your future plans!
For any performance, security, content management-related, or any other heavy-content site/industry-specific functionality that you might need to add... there is a Drupal contributed module!
… or there is a team of Drupal developers ready to write custom code for you and build your custom-fit Drupal module from scratch!
And here are 2 possible scenarios where you could capitalize on Drupal's impressive flexibility and extensibility:
you need to integrate SalesForce with your website: there isn't just one, but several Drupal modules that you can use for injecting this type of functionality into your website
you need to add an Apache Solr to your search bar for indexing results (a critical integration for any large-scale, content-heavy website): Drupal turns this type of integration into a... breeze
Whether it's a blog or a content-packed, high-trafficked website that you own or plan to build: Drupal's conveniently extensible to fit any size, any business needs.
2. It Provides a Both Flexible and Rich Content Authoring Experience
Here's another strong reason why Drupal's the right CMS for your content-heavy website: it makes content authoring unexpectedly easy!
“Armed” with the WYSIWYG editor — which makes such an easy to use content management and editing interface — with URLs, taxonomy, custom lists and tags, your editorial team gets to:
craft
edit
publish
perfectly structure
… content on your site.
Podcasts, articles, infographics, guides, e-books, case studies... your heavy infrastructure gets ideally easy to manage with Drupal as your site's backbone-CMS.
3. It Ships With Impressive Database Accommodation Capabilities
Not only that your Drupal CMS's built to seamlessly accommodate your large and enlarging database, but it ships with organizing and sorting features, as well.
Features/functionalities delivered to you in the form of dedicated modules.
In other words: setting up your customized, ideally structured, perfectly usable library calls for zero custom code writing when using Drupal as your website's CMS!
4. It's Open Source, Making It a Perfectly Suited CMS for Your Content-Heavy Website
Drupal's open source nature opens the door to a whole world of possibilities (free of charge) to you!
Just imagine this scenario here:
Your heavy-content website has a huge influx of regular visitors and then...all of a sudden... a big nasty bug attacks! And it's just inevitable when we're talking about a content-rich website, with content being added and updated almost on a daily basis!
What do you do then?
You reach out for a patch digging deep into all the free resources put at your disposal by the Drupal community!
Just think of all the costs that you'll be cutting off when building your large-scale project with so many modules, site elements specific to your use case and features out there for you to just... “grab” and implement.
5. It Meets The Highest Government Online Security Standards
High waves of traffic and a robust content infrastructure do come at a cost: the cost of the highest levels of security.
And it's by far the most important point on your checklist to finding the most suitable CMS for your content-heavy website.
Drupal's already built a solid reputation around it as the CMS that powers government and high education websites.
Need we add more?
If it's powering and safeguarding the White House's website from cyber threats, then it must be built with high-security standards mind, don't you agree?
Where do you add that, in addition to its robust built-in security features, there's always the worldwide large Drupal community out there to “alert” if something goes bad. A community constantly monitoring Drupal's status at a security level.
6. It's Highly Customizable in Terms of Design
How to design content for heavy websites? The best example in this respect is the Panels module that Drupal puts at your disposal.
Harness its power to create layouts perfectly tailored to each specific use case.
How? With drag and drop! Put together the custom layout and then just fill it in with its corresponding content.
Hence, you get to personalize each page on your website all while keeping a visual continuity throughout it!
The END! Do you find these 6 reasons strong enough for you to start seeing Drupal as the most suitable CMS for your content-heavy website?
What other must-have features (if any) would you add to your checklist?
RADU SIMILEANU / Nov 23'2017
“Hasty climbers have sudden falls...”
So you're ready to take off. To release into the wild that shiny and new Drupal site of yours, carrying hundreds of hours of work. It's got the looks and it sure has the power, but is that all it takes to ensure it a successful launch? How about SEO? Here's the essential Drupal SEO checklist to go through for boosting its search engine ranking and for ensuring it a significantly high traffic wave right from its early days.
1. On Top of Your Drupal SEO Checklist: Is The Redirect Module On?
Take it as a more than handy solution for getting your users on the right track. The track to your Drupal site!
Practically here's how this module works:
whenever a potential site visitor clicks a broken URL to your website
whenever a user enters a typo while trying to access your site
… Redirect... redirects (obviously!) those users from their way to “no man's land”, where those broken links (and typos) would have taken them, to your welcoming front page.
Moreover, the module helps you keep track of how many times your site visitors land on your website via redirects!
2. Have You Been Using The Pathauto Module to Create MEANINGFUL URLs?
In other words: have you actually built your Drupal site for the users? And implicitly for search engines, too?
For, if not, neither of them will “digest” those “node/123” type of path aliases that Drupal automatically created for you.
This is where the Pathauto module comes in handy: it will set up specific patterns and rules to be followed when putting together new URLs, making site navigation a breeze for your visitors and search engines' bots crawling in.
In short: it creates “meaningful” links, replacing the “node-like”, totally user-unfriendly URLs on your Drupal site. How could we have possibly not included this point in your Drupal SEO checklist, right?
3. Does Every URL On Your Site Include a Target Keyword?
We're well aware of it. This sort of “mapping” all the targeted keywords on your website and all the associated page URLs is probably one of the most tedious of all the steps included in your Drupal SEO checklist!
Yet, it's worth it! And it's crucial that you carry it out now, before launch day:
double check whether all those keywords included in your “target keywords list” (that you will have set up after a throughout keyword research process) are there, on your Drupal site
next, that every web page has a target keyword assigned to
Where there's a gap, a “missing” keyword or a URL with no focus keyword, make sure you fill it in!
4. Have You Enabled the Site Verification Module?
No? Then hurry up and get it enabled and properly configured.
The insignificant time you'll spend and the little effort you'll invest in carrying out this quick step is minimal compared to the benefits you'll reap:
the Site Verification module will indicate to you all the boxes to check for “reassuring” search engines that you actually own this site
which will grant you access to more in-depth, private Google search data
… and help win web crawlers' “trust”; they will then crawl your website more “confidently” and this cannot but translate into high ranking for your new Drupal site.
5. Is The Global Redirect Module Enabled? And Properly Configured, too?
Is it a Drupal 8 site that you're about to launch? Then just skip this step from your Drupal SEO Checklist: in Drupal 8 the functionality we're about to point out to you has been “injected” into the Redirect module!
If not, we strongly recommend you to “team up” your Redirect module with Global Redirect.
And here are the arguments:
it monitors and runs tests on all your URL, the ones without a trailing slash here included
it makes sure that all your site's links are case-insensitive
it redirects those “unlucky” users that run into broken links from a far less welcoming “404 page” to your site's front page instead
In short: as you leverage these 2 modules' powers you're basically welcoming in all potential visitors; both those trying to access your website and those who are already surfing it, trying to get to specific pages on your site, and all this even if they use broken access links.
6. How About the Search 404 Drupal Module?
And speaking about properly handling All user requests, even to temporarily inaccessible sections of your Drupal site, the Search 404 module makes your best ally!
It does precisely what its names says: it helps you greet those “unfortunate” visitors with a “404” page instead of a discouraging “Error: Page not Found” one.
Moreover, it “rescues” them from that “dead-end” type of page by recommending them an alternative URL on your site.
A true “bounce rate” killer!
7. Are Both The Google News Sitemap and The XML Sitemap Properly Configured?
And what handier way to make sure that they are than by simply installing and correctly configuring the XML Sitemap module?
It will automatically set up that bot-friendly map of your Drupal site that search engines can use to crawl in and easily index your website.
So, once you've enabled your module, make sure you go for the right configuration options at admin/config/search/XML sitemap and that you properly set up your XML Sitemap.
Note: no need to put together your site's XML sitemap if it contains AMPs!
Now that you've reached that point of your Drupal SEO checklist where you're addressing issues that might make your website inaccessible (or simply “unattractive”) to search engines, here are just a few more aspects to check:
that you've left no duplicate content lingering on your website
that there are no broken URLs
that web crawls can easily... crawl any page on your website
that there are no pages lacking any sort of content or having too little of it
8. Have You Used Proper OG Tags? A Key Box to Check on Your Drupal SEO Checklist!
Why should you rely on... chance while striving to make your shiny and new Drupal site ideally social when you can actually control its appearance on social media.
And OG (Open Graph) tags make a great example of how you get empowered to define, yourself, how your site will look on Facebook, which taglines to be used, which images etc.
Just double check that you've implemented the most suitable, properly descriptive ones before you... press that launch button!
9. Does Every Page on Your Drupal Site Have A Unique Title?
“A unique and meaningful title” we should add.
Do not underestimate the power of an attractive, SEO-friendly title! And if you want to make sure that all the pages on your brand new website have titles that:
stand out in search engines
stir attention
match the user's search terms
… just lay back and let the Drupal Page Title module do all the hard work for you.
10. Are Your Meta Tags Attractively and Relevantly Descriptive?
They should be, so mind you don't neglect them before you let your site... take off! Since meta tags still enjoy a “VIP status” among on-page ranking factors.
And for streamlining the whole meta tags SEO-optimizing process just harness the Metatag module's power!
It will:
provide you with a user-friendly UI for managing your meta data
enable you to easily fill in your metadata fields with relevant keywords, with a user-friendly, SEO-optimized page description and so on
grant you additional control over your Drupal site's looks when shared on social media
End of the list! The essential Drupal SEO checklist for you to go through if you want to jump-start your SEO before launch day!
Adrian Ababei / Nov 02'2017