Feeling a bit... uninspired? Or maybe you just don't see why you should consider Drupal for your NGO website? What if you could have a look at the top 10 nonprofit websites built with Drupal?
And we're talking here about some of the world's most influential charity and non-profit organizations.
Here are the 2 main criteria that we've used for putting together this top:
to be straightforward and easy to navigate
to be visually pleasing and engaging: a clean and simple design helps the NGO's message shine through
Are these your own requirements, as well, for your non-profit website?
Then, get ready to find plenty of inspiration by scanning through these great examples of what other non-profits have managed to do with Drupal:
1. Equal Opportunity Community Initiative
Who is EOCI?
The organization defines its own mission so clearly on its website:
“... to build a world where children have equal opportunities to reach their dreams.”
And all their projects and initiatives converge to meet this goal: providing equal access to educational resources for all children. Equal opportunity to compete and to succeed.
The website that we've built for this international profit (revamping an age-old site, with little traffic and low conversion rate) is still one of the projects in our portfolio that we're most proud of.
What makes it a great nonprofit website?
it's visually engaging: it tells a compelling story through visuals
it's well-organized and easy to navigate: Drupal 8 has made it easier for us to structure content and to put together an information architecture that's easy to step through
it's fast: the better the user experience, the higher the chances that they should turn themselves into the future volunteers or donors supporting the EOCI's initiatives
“The site’s beautiful and performing exactly how we’d hoped it would. The company that manages our Google Ads has found that our conversions have increased... A couple of our donors are thrilled with the website and have committed their support again. They’re happy to be on the partners' page with a fresh look and approach to the public.” (Sean Kelly, Executive Director, Equal Opportunity Community Initiative, Source: Clutch.co)
2. Rotary International, One of the Top 10 Nonprofit Websites Built with Drupal
Who hasn't heard of Rotary International? A global network of community volunteers (1.2 million leaders and problem-solvers) actively involved in a wide variety of campaigns:
kicking Polo out of Africa
providing clean water
growing local economies
supporting education
Why did they go for Drupal?
For 2 strong reasons:
it's flexible: there's a module for almost any feature, any functionality they needed to implement to their nonprofit website
it's extensible: no matter how "ambitious" the organization's future causes and campaigns and expectations from their website might get, Drupal's built to scale up to their growing needs
3. Doctors Without Borders
Probably one of the best examples of nonprofit websites built with Drupal is Doctors Without Borders (Médecins Sans Frontières).
A Nobel Prize-awarded organization of volunteering doctors, nurses, other staff, and journalists.
Their mission? Providing medical aid to people affected by pandemics, epidemics, natural disasters, or armed conflicts, no matter their sex, nationality, religion, or political affiliation.
Why Drupal?
because it's a multisite network that this global NGO needed and Drupal's famed for its built-in multi-site support.
because Drupal's robust enough to withstand massive amounts of traffic (it's the biggest NGO in the world), all while being a conveniently flexible content management solution.
4. Habitat for Humanity International (HFHI)
Another one of the top 10 nonprofit websites built with Drupal.
HFHI is an international, Christian NGO with a clear mission: building and renovating houses for low-income people.
To carry out its mission, it brings together donors, volunteers, and members of the families in need, who're co-opted in the process of building/repairing their own houses.
How come their website is built on Drupal 8?
Drupal 8 is mobile-ready right out of the box
it's open-source, which translates into lower costs
it's flexible enough to empower their team to create, update, publish, and manage content on the go
it scales to meet all the organization's future needs
it ships with outstanding multi-language support
it's fast
5. World Vision International
"What are the most popular nonprofit websites that run in Drupal?"
World Vision International's website is listed in any "top 5".
No wonder:
the organization is the world's largest international children charity
their website taps into Drupal 8's best features: easy third-party integration, freedom of customization, flexibility, and scalability guaranteed by its rich module collection
A nonprofit multisite that tells a series of highly compelling stories and grants a simplified donation process.
6. Human Rights Watch
A worldwide known independent organization, headquartered in New York, dedicated to protecting human rights.
And they define their own cause better than anyone else:
"... we give voice to the oppressed and hold oppressors accountable for their crimes.”
Why did one of the most powerful NGOs in the world opt for Drupal?
because it's the best option for multilingual websites
because it makes it easy to keep consistency while "joggling with" multiple content types
because it empowers content authors and editors to publish content quick and easy
7. Save the Children Spain
A member of the Save the Children International — the world's leading NGO dedicated to protecting and improving children's lives — Save the Children Spain has its website running on Drupal 8.
And it is, by far, one of the 10 best nonprofit websites out there.
Not just due to the global reputation of this humanitarian organization, but thanks to the complex needs that the Drupal website manages to meet:
it handles an entire network of operations that are critical for the NGO's activities: donations, news publishing, crowd fundings, training, collecting signatures, communicating with the press, etc.
it withstands large influxes of traffic
it supports a multi-site infrastructure
it makes it easy for multiple teams (see Drupal's granular permission and access control system) to operate on the website, to integrate the tools they need for doing their work
it integrates easily with all kinds of e-commerce third-party platforms (needed for their donation process, signature, membership, etc.)
8. Great Ormond Street Hospital Children's Charity
One of the UK's largest charities, Great Ormond Street Hospital Children's Charity (GOSH ) is dedicated to supporting the Bloomsbury-based children hospital and its patients.
How? By focusing their efforts in 4 major areas:
supporting the little patients and their families
investing in rebuilding and renovation projects
pioneering research into children's health
investing in life-saving medical equipment
When did Drupal come into the picture?
When the charity looked for a platform that would provide them with:
scalable architecture for their website, robust enough to scale up and down, to their fluctuating levels of traffic
multi-site support, out of the box: GOSH.org is made out of 2 large websites and an ecosystem of 10 different sub-sites
easy third-party integration: they needed to keep the same staff, so they looked to streamline their team's work, by integrating time-saving tools
9. The Wildlife Trusts
We couldn't have left the Wildlife Trusts website out of our list Drupal nonprofit organization websites that stand out.
The UK-wide group, comprising 45 local Wildlife Trusts, shares a common interest in preserving the wildlife and the biodiversity in their local area.
And we're here talking about 2,300 nature reserves, on 98,000 hectares.
46 different independent charities, each with its specific activities, constitution, and membership criteria, under one “umbrella”?
This multi-site project had “Drupal” written all over it...
Now, let me outline, briefly, the key reasons why Wildlife Trusts has chosen Drupal for its website:
it provides great multi-site capabilities: the organization wanted to empower each trust to control its own content creation and publishing process, but they still needed some sort of a “central hub”
it provides outstanding content management capabilities, much needed in this case, where huge volumes of content had to be managed effectively
it meets their need of delivering the best mobile user experience
it empowers the Wildlife Trusts editors to tailor page layouts as needed: and we're talking here about a multi-site that's rich in stunning visuals and video content
10. Top 10 Nonprofit Websites Built with Drupal: Allard Prize for International Integrity
Another project from our portfolio that we're particularly proud of.
The Allard Prize for International Integritiy is a photography competition that recognizes and awards people and organisations standing out through their efforts in fighting corruption and defending human rights.
Why did they go with Drupal?
because they wanted to give their website a performance boost
because Drupal provides them with a reliable translation system, a crucial feature when dealing with a global audience
In Short, Why Would You Choose Drupal for Your Nonprofit Website?
Here's a short inventory of the main reasons why you'd choose Drupal for setting up your nonprofit website:
you save money (Drupal's open-source)
you get your multi-site, multi-language website ready to go in no time (especially if you opt for a Drupal distribution)
you're free to further extend your website's capabilities by adding new modules and integrating new third-party apps
you get robust SEO features right out of the box
you get a website that scales to fluctuating levels of traffic
you get to categorize, neatly structure, create, edit, publish, and manage your content quick and easy
you're free to customize your page layouts to your liking
Need help setting everything up?
Just send us a message with your feature requirements and specific expectations from your future nonprofit website and let's get your message out there.
Adriana Cacoveanu / Jun 05'2020
Ready to dig up some more (all too) common SEO mistakes to avoid in 2020?
As promised, in this post I'll be exposing to you another 6 bad habits that are costing you your website's ranking and traffic.
They range from neglecting serious issues, that you consider "minor", to highly damaging practices that you're probably still doing.
So, let's dive right in:
8. You're Ignoring Site Structure Issues That Are Affecting the UX
And this is one of the biggest SEO mistakes that you could make.
Here's how you can identify a poor website structure:
users don't get directed to your homepage once they click on the logo
your service pages don't automatically load in new tabs
your website feels cramped and cluttered; users need to work hard to navigate through
And since user experience is a huge SEO factor, you might want to consider scheduling a declutter and reorganizing process for your site.
Aim for a clean, fluid, and intuitive navigation on your website.
9. You're Not Optimizing Your Web Presence for Local Search
A bad practice that you'll find in any "top 10 SEO mistakes".
And which seems to be still so "popular" in 2020, as well (but you'll be bucking this trend, won't you?).
Here are the opportunities that you miss when you don't optimize your website for local search:
you could have stepped ahead of your competitors, who may not have a region-specific strategy set in place
you could have turned it into a huge advantage when competing against larger, national brands (with huge budgets to invest in SEO), that might be targetting broader keywords
you could have turned all those potential local visitors into more traffic and... loyal customers
Source: moz.com
10. You've Updated Your Website But... Kept the Old URLs
Another rookie and still so common SEO mistakes to avoid in 2020.
So, you've updated your website. It's optimized for the best-fitting keywords, it has well written, SEO-friendly meta descriptions... but all these efforts are pointless if your URLs:
include underscores
open HTTP pages and you've just enabled HTTPS on your website
See my point?
Updating your website, but forgetting to update the URLs, as well, is like... changing your oil, but forgetting to fill up your gas tank.
It won't get you too far.
11. You're Using H1 Tags the Wrong Way: One of the Most Common SEO Mistakes to Avoid in 2020
Are you "guilty" of any of these 2 bad habits when it comes to using H1 tags?
there are no H1 tags, at all, on your web pages
you're using multiple H1 tags on the same page (for aesthetic purposes)
you're turning all the headings on a page into H1 tags
It's the H1 tags that let the search engines know what the topic of a page is.
By using none or multiple H1 tags, you're just confusing them and lowering your website's chances to rank high on the results page.
12. You Have No Link Building Strategy
Or you have a totally ineffective one, based on:
a too low number of backlinks
low-quality backlinks
Start building more backlinks to your website, from relevant authority websites.
13. You've Overlooked to Add Your Sitemap to Your Robots.txt File
And so you've left search engines with no clue on what URLs you have on your website.
This is the surest way of sabotaging their own work — indexing your website's pages — and, implicitly, your website's SEO performance.
Source: semrush.com
But you can still fix it: just go ahead and add a sitemap.xml file to your robots.txt file.
Key Takeaway
The common mistakes to avoid in 2020 are the... basic ones. Those issues that you might find too trivial to fix or to avoid.
And these apparently insignificant SEO mistakes fall into 3 major categories that you should focus on:
content: too thin or duplicate content (stuffed with keywords) won't add any value to the user experience delivered on your website
internal links: let your common sense tell you how many is enough; make sure they're relevant and useful to the readers
website architecture: avoid poorly written, unoptimized descriptions and title tags, use H1 and H2 tags the proper way, add ALT tags to your images, look for broken or unoptimized URLs...
In short: don't underestimate the basic stuff, that's still being ignored or considered "acceptable" on too many websites.
Now, have you decided to break your bad SEO habits, but you just don't know how to fix the mistakes?
We're ready to help you with that.
Just drop us a line! Let's identify all the SEO errors lowering your website's potential and get them fixed.
Image by xiaoxinghai from Pixabay
Adriana Cacoveanu / Jun 03'2020
Have you seen a downfall in your website's ranking (and traffic)? What if you're to blame? What if you're making the all-too-common SEO mistakes to avoid in 2020?
Or at least some of them...
"But which are they?" you ask yourself.
This is precisely what I'll be pinpointing in this post:
The 13 all-too-frequent bad SEO habits that you, too, might be guilty of. And which are harming your website's SEO potential.
You're Optimizing for All the Wrong Keywords
You're Leaving Broken Images and Broken Links Lingering in There
You're Ignoring The Simplest Fixes to Your Site's Performance Issues
You're Not Including the Target Keywords in Your URLs
You're Using Automatically-Generated (Duplicate) Page Titles
You're Not Optimizing Your Site Pages' <Title> Tags
You're OK with Having One Internal Link and Even Orphan Pages
You're Ignoring Site Structure Issues That Are Hurting the User Experience
You're Not Optimizing Your Web Presence for Local Search
You've Updated Your Website But... Kept the Old URLs
One of the Most Common SEO Mistakes to Avoid in 2020: Improper Use of H1 Tags
You Have No Link Building Strategy
You've Overlooked to Add Your Sitemap to Your Robots.txt File
So, let's dive in:
1. You're Optimizing for the Wrong Keywords
And by "wrong keywords" I mean:
short-tail keywords
keywords that are "out of your league" (i.e. high competition keywords)
Instead, target long-tail keywords, that you can realistically rank for.
It's the "2-step" formula to success when optimizing a website for specific keywords.
Pro tip: if you're running an e-commerce website, target transactional keywords (they usually include terms like "subscribe", "for sale", "order", "apply", "reserve", "schedule" + the exact name of your branded product/service or general industry products/services)
2. You're Leaving Broken Images and Broken Links Lingering in There
One of the top SEO mistakes (since it's still so "popular") that you, too, might be making on your website:
You're being "sloppy" with your website's links and internal images.
In other words, you leave behind "residues" like:
misspelled URLs
images with no ALT-text
images with poor file names
image linking to files that no longer exist
3. You're Ignoring The Simple Fixes to Your Site's Performance Issues
Has your website started to... slow down?
How about implementing the quickest fixes at hand to speed up things a bit in there?
Here are 2 simple and effective steps you can take right away:
minify your CSS and JS files
enable a good caching plugin
4. You're Not Including the Target Keywords in Your URLs
"What are some common SEO mistakes?"
Sticking to a poor URL structure is one of them.
And why would you bother including keywords in your URL structure? Since users can still find your website, even if it doesn't have keyword-optimized URLs?
Because keyword-rich URLs make it easier for search engines to locate your website.
5. You're Using Automatically-Generated (Duplicate) Page Titles
Another one of the all-too-common SEO mistakes to avoid in 2020:
Generating your page titles dynamically instead of creating them manually.
Especially if we're talking about key pages on your website.
In this case, the risk of ending up with duplicate page titles, that will only confuse search engines, is very high.
6. You're Not Optimizing Your Title Tags: One of the Most Common SEO Mistakes to Avoid in 2020
And this is one bad habit that's going to cost you your website's high ranking in the search results.
As a rule of thumb, keep in mind to always insert your target keywords in the pages' title tags, as well.
And to stick to the proper length: less than 60 characters.
7. You're OK with Having One Internal Link and Even Orphaned Pages
"What SEO mistakes am I making with my website?"
You're underestimating the power of internal linking.
Or the negative impact that such a bad practice can have on your site's ranking if you want to put it this way.
In other words:
having just one internal link on a page is not enough
having orphaned pages, that are not linked to anywhere on your website, is... unacceptable
Source: searchenginejournal.com
The END of Part 1!
These are the first 7 common SEO mistakes to avoid in 2020 from the list that we've put together for you. So, stay tuned for the second series of SEO bad practices...
Now, how many of them have you identified on your own website?
Are you having trouble getting them fixed? Or maybe just not enough time or enough SEO expertise in your team?
We're ready to land you a hand with that.
Just drop us a line and let's identify and fructify all those missed SEO opportunities on your website.
Image by Andrew Martin from Pixabay
Adriana Cacoveanu / Jun 02'2020
Which tool should you be auditing your website with? In a Google PageSpeed vs Lighthouse “debate”, which score is right?
What's the difference between running a Google PageSpeed test and running Lighthouse Audit in Chrome?
You have all the reasons to be confused about the fact that they use similar technology, yet they deliver you different results.
It's time to shed some light here.
So, keep on reading to get your answers to questions like:
What Is Google Pagespeed Insights?
What Is Google Lighthouse?
What Are the Main Differences Between Them?
When Should You Use Each of Them?
1. What Is Google PageSpeed Insights?
Or:
“What is Google PageSpeed score?”
What does it measure? And what type of data does it use when evaluating your website?
Lab and real-world data...
In other words, Google PageSpeed will use both real-world data available in the Chrome User Experience report and lab data.
Now, if I was to put together a short, yet complete definition, it would be:
Google PageSpeed is a tool that analyzes the performance of your web pages, generating a report of the overall speed of your website. As well as actionable advice on how you can improve its score.
2. What Is Google Lighthouse?
“How does Google Lighthouse work?”
It uses lab data (only) to measure your website's performance, but also its SEO performance, PWA, and other best practices.
And here, you can already identify the first difference that any Google Lighthouse vs PageSpeed comparison reveals:
Lighthouse goes beyond the page speed metric when auditing your website.
3. Google PageSpeed vs Lighthouse: How Are They Different?
What's the difference or, better said, “the differences” between these two audit tools provided by Google?
PageSpeed Insights measures the performance metric only, whereas Lighthouse audits other aspects of a website, as well (SEO, accessibility, progressive web app, etc.)
Google PageSpeed uses a “combo” of lab and real-world data, whereas Lighthouse uses lab data only (under consistent conditions) to build its report
Lighthouse is now incorporated into PageSpeed Insights. It is PageSpeed's integrated analysis engine.
4. When Should You Use Google PageSpeed Insights?
So, you have your answers to your “Google PageSpeed Insights vs Lighthouse” dilemma. You know now how they differ from one another.
But how do you know when to use... PageSpeed, for instance?
Here are the 4 main scenarios:
you need to share a link to your website's audit report
you're only interested in checking your website's page loading speed
you want an accurate report of the loading times experienced by your website's visitors
you're not a big fan of using Chrome developer tools for analyzing your website's performance
5. When Should You Use Lighthouse?
What are the specific scenarios when you should consider turning to Lighthouse for auditing your website's performance?
when you want to run audits programmatically
when you need to evaluate other aspects of your website, in addition to its loading times
when you want to incorporate the Lighthouse API into your own systems
For instance, you can use Lighthouse API to automatically block those releases that don't meet your pre-defined performance and SEO standards.
6. Google PageSpeed vs Lighthouse: Key Takeaway
If there was only one takeaway that you'd take from this post it should be that:
While Google PageSpeed uses the information generated by Lighthouse, enriching it with real-world data, Lighthouse delivers you more than just one score. It goes beyond measuring your website's loading times.
Do you need to know how fast your website loads from its visitors' perspective?
Or do you need to dig deeper? To evaluate more than just its speed, knowing, though, that the results that you'll get are based on lab data only?
Now, let's say that you've already made your decision. You've chosen the website analysis tool that best suits your needs and you've run the test on your site.
With your list of optimization suggestions at hand... what do you do?
You can either put all your current projects “on hold” and ask your own team to implement those recommendations.
Or you can drop us a line and leave it to us.
Photo by Dids from Pexels
Adriana Cacoveanu / May 29'2020
You want it to be easy to use, to provide you with as much automated maintenance as possible and... up to 100% uptime. So, what's the best Drupal managed hosting solution for your needs?
And, let me guess: your “feature wishlist” is a bit longer actually:
autoscaling capability
multi-site support: you want to be able to manage all your Drupal websites from a single dashboard
CDN
backups and easy restores on a daily basis
support for migration
Given your list of requirements, what are your best choices here?
I've done my research and narrowed down your options to 4.
4 fully managed hosting solutions for Drupal that you should consider first.
Here they are:
But First: Why Managed Hosting? What Does It Really Get You?
Why would you want to go for a fully managed hosting solution for your Drupal website(s) instead of a... self-managed one?
Because:
you gain so much time; time that you'd otherwise invest in setting the Drupal infrastructure yourself, from the ground up
you avoid the risk of getting tangled up in software installation, configuration, infrastructure management (which can turn into a time and energy-consuming ordeal even if you have the know-how to set up a scalable VPS on AWS yourself)
you avoid the headache of maintaining a whole infrastructure of Drupal sites
you get remote administration that covers mundane, regular operations such as module updating
In short: you delegate your managed hosting provider with everything outside the codebase.
Why spend time on the ongoing maintenance of your website when you can invest it in... improving it? In growing it?
1. Pantheon Drupal Hosting
Disclaimer: it's the Drupal hosting that we are using here, at OPTASY.
But is Pantheon the best solution for your own use case? For your expectations of a hosting platform?
It is if it's a simplified, easy to use hosting solution that you need for your Drupal website(s). One that provides you with:
great support
solid tooling
almost instant patching
great developer experience
ease of use with Drupal
high availability and scaling
intuitive interface, which makes migrating and cloning your Drupal websites so much easier
lots of integrations
But let's see precisely what services it provides you with.
Pantheon Drupal's Key Features
php7
Git
24/7 Drupal support
Once-click core updates
Built-in stagging environments: dev, test, live
Global CDN
Solr
Developer dashboard
2. Acquia, One of the Best Drupal Managed Hosting Solutions
Acquia Drupal hosting is another great option to consider when you're trying to figure out which is the best service for you.
Why? Because it provides you with:
some of the best tools: both powerful and easy to use
enterprise-level security
cloud hosting specifically tailored to suit Drupal websites
unmatched scalability: Acquia Drupal 8 hosting powers some of the largest Drupal websites in the world
Acquia Drupal Hosting Key Features
Enterprise-grade security and recovery: a whole set of firewall controls and access and authentication controls; Acquia-hosted websites are known to be better equipped to recover from cyber attacks
A hosting platform optimized for Drupal exclusively
A turnkey solution: the built-in Node.js support enables you to develop your Drupal back-end apps, as well as your server-side rendered front-end apps, on the same hosting platform
Robust development tools: APIs, integrations, and command-line tools that help you build and optimize your apps in no time
Real-time monitoring, analyzing, and troubleshooting
Close to 100% uptime: Drupal hosting Acquia makes the best choice for you if your uptime and performance requirements are way beyond basic
Centralized dashboard for all your websites and a unique Drupal codebase
Source: acquia.com
3. SiteGround Drupal Hosting
Another popular hosting option for Drupal websites is Siteground, a platform robust enough to withstand the challenges of user-heavy, high traffic sites.
It's also the most versatile managed hosting solution on this list, for it meets the needs of both small website owners and enterprise and large organizations.
But why would you choose if over other Drupal 8 hosting services?
SiteGround Drupal 8 Hosting Key Features
Daily backups
1-Click Drupal installation
Responsive support from actual Drupal developers by mail, chat, helpdesk ticket
Dynamic NGINX caching (available only on some of the hosting plans)
Website transfer assistance with zero downtime
4. Cloudways Managed Drupal Cloud Hosting
Cloudways is not just one of your best Drupal managed to host options. It's also one of the most... different.
It allows you to choose the cloud hosting provider for your Drupal infrastructure. You're free to go for Amazon AWS or Digital Ocean, Google Cloud or maybe Vultr, you name it.
Why cloud hosting?
Because it's easier to scale, more cost-effective, and faster.
In short: it's top performance hosting that scales that you get with Cloudways.
But there are also other strong reasons why you'd want to choose to host your Drupal website(s) on Cloudways.
Cloudways Managed Drupal Hosting Key Features
Composer support
ease of use: just sift through all the different options that it provides you with through an intuitive UI, select the ones that you prefer via quick one-click access, and set up your Drupal website in no time
HTTP/2 support
PHP migration support
Free migration
SSD-Based Drupal Cloud Hosting
CloudwaysCDN
you get to host multiple Drupal websites on one server
you can add more team members and share server access across your entire team
built-in caching options
auto-scalable kyup servers: they downscale and upscale, depending on the amount of traffic on your website(s), with zero downtime
managed platform: you can spin up servers and deploy your apps in the blink of an eye
Final Word
The key takeaway is that choosing the best hosting services for your Drupal site(s) is crucial.
Imagine that you'd buy yourself a Porsche, but you don't afford a... garage for it. Or its maintenance costs.
See my point? When you run your website on a performance powerhouse like Drupal, you need to look for a hosting platform that can match such a robust setup.
And speaking of keeping your Drupal infrastructure secure and well-maintained, we have an entire team of Drupal experts that you can delegate your time-consuming maintenance tasks to:
updating Drupal modules
running security patches as they get released
monitoring your website's performance
monitoring it for suspicious activities
...
Just drop us a line and let's tailor a Drupal security and maintenance plan to suit your website(s) needs.
Image by kropekk_pl from Pixabay
Adriana Cacoveanu / May 28'2020
So, you need to do a quick risk assessment of your site. How do you perform a security audit?
Are there any quick and easy (and effective) things that you can do to evaluate your website and to detect any security risks lurking in there?
And what are some of the tools that you could use?
Here are the answers to all the dilemmas stemming from your main question:
"Security auditing: what do to?"
1. But First: What Is a Security Audit Report?
What do we mean by "audits" in this context?
pentests
regular security assessments
"security posture" tests
auditing logs
And what is a security audit report, more precisely?
Source: searchcio.techtarget.com
In short: when you run a security audit you evaluate your website's performance in relation to a list of criteria.
And, more often than not, you'd want to include other types of security diagnosis into your workflow, as well:
penetration testing: where you (or an expert in your team) simulate the actions of a potential hacker, performing several attacks on your website to test its resilience
vulnerability assessment: where you try to identify any security weaknesses
2. What Tasks Should You Put Into Your Security Audit Checklist? Top 11
What should you do in your regular security audits?
What security audit procedures to include?
We've put together a list of 11 steps to put on your checklist. So, when conducting a security audit the first step is to:
2.1. Determine the Assets that You'll Be Focusing On
Set the scope of your audit:
Which are the high priority assets that you'll be scanning and monitoring?
For example, your list could include key assets like:
sensitive customer and company data
internal documentation
IT infrastructure
You can't expect to future-proof your website's improved level security if you're going to use the same vulnerable IT equipment, right?
Next, you'll want to set your security perimeter, as well:
What are the things that your audit will cover and those that should be skipped?
2.2. List Out Potential Threats
You can't build a shield around your website against a "no-name" threat, right?
You need to go ahead and name those threats, so you know what to look for and how to adapt your future security measures:
Here are just some examples of security threats that you might want to put on your list:
negligent employees using weak passwords for sensitive company data
malware
phishing attacks
denial of service attacks
malicious insiders
2.3. Assess the Current Level of Security Performance
Another key step to put on your security audit checklist.
Your team could be using the strongest passwords. They could be sticking to rigorous security procedures and best practices.
And yet, they might not be informed about the latest methods that hackers use to infiltrate systems...
A good evaluation of your organization's current security performance will help you identify precisely weak links like that one.
2.4. Set Up Configuration Scans
Using a higher-end scanner will help you:
detect security vulnerabilities
assess the hardening of the PCs
Are there any malware/anti-spyware programs in there? Turned on encryption, settings that are temporarily changed?
Therefore, keep in mind to run some configuration scans, too, when you do a security audit. They make a great "ally" for spotting any config mistakes that people in your team might have made.
2.5. Keep an Eye on Reports (Not Just on the Urgent Alerts)
As you put all your focus on urgent alerts, you might be tempted to underestimate the value of the reports generated by your auditing tools.
Now, that's one risky thing to do.
Instead, you'd want to keep an eye on those reports, for they can be a tremendous source of valuable information.
"Information" that might look non-alarming to you now, but, which — with time, if a suspicious activity becomes a routine — can turn into a major threat.
One that you'd ignore by... overlooking to go through your reports.
2.6. Monitor DNS for any Unexpected Changes
Are there any signs of sloppiness when it comes to the credentials used for your domain?
The quicker you identify them, the lower the security risk.
2.7. Run Daily Scans of Your Internet-facing Network
As you'll security audit your website, you'll want to be alerted (on a daily basis, if possible) about any "surprising" changes.
2.8. Mirror Your Website
Why is this a "must" task to include in your security auditing plan?
Because by mirroring your website you spot some otherwise hard-to-access files and directories.
You'd be surprised at how many valuable:
internal IP addressing schemes
email addresses and phone numbers of people in your team
code-related comments
software versions
server names
... you can find in those comment fields.
2.9. Perform an Internal Vulnerability Scan
How? By opting for an enterprise-level vulnerability scanner.
What it does is install an agent on each computer in your organization, that will monitor their... vulnerability level.
How often should you run this type of scan?
Monthly or quarterly would be great.
2.10. Run Some Phishing Tests
You'll want to set up a routine of sending out fake phishing emails to people in your team.
It's still the most effective type of cybersecurity training that you could give your team:
they get a close-to-real-life experience of a phishing attack
they can assess their own vulnerability to scenarios where they'd give hackers access to sensitive information (by clicking on links or attachments in a phishing email)
2.11. Monitor Your Firewall's Logs
Watch for any inconsistent or unusual behavior in your firewall.
3. What Are Some of the Best Security Auditing Tools You Can Use? Top 5
Now that you have a plan put in place you need some tools to carry it out, right?
We've done our research, put together a list, then narrowed down the options to 5 tools that you should consider evaluating first:
3.1. The OWASP Testing Guide
A step-by-step checklist that'll streamline your manual testing efforts.
Note: running an OWASP top 10 check is one of those "quick and easy" things you that can do for assessing your website's security performance. You'd be testing it for 10 of the most common security risks.
3.2. Burp Suite
What if you wanted to put your security audit on autopilot?
You could go for Burp Suite to manually analyze your website, then run an active scan.
Note: the tool comes in two "flavors", a pro and a free version.
3.3. Nessus
If you're looking for an easy to use tool, Nessus Tenable's the one.
Use it to track down security vulnerabilities on your website. It's effective and it generates some detailed reports.
3.4. Qualys Web App Scans
Its main selling points:
great coverage
accurate reports
3.5. Rapid7
You might want to try their vulnerability scanner.
And 2 honorable mentions: Rapidfiretools.com and Risksense.
4. Final (Wise) Word
The keyword that best describes an effective security audit is "on-going":
It's definitelty not a one-time event, but rather a routine made of several "healthy" habits that you stick to.
A "routine" aimed at helping you formulate a custom set of security solutions:
network monitoring
data backup
employee education awareness
software updates
email protection
What if you don't have the resources — the time and the available people in your team — to run a security audit?
We're here to help.
Just drop us a line and let's tailor a security audit checklist that meets your website's specific challenges.
Image by raphaelsilva from Pixabay
Adriana Cacoveanu / May 22'2020
Drupal 9 Features: From “No New Features” to... 9 New Shiny Things You Can Expect to See in Drupal 9
What new Drupal 9 features can you expect to see on June 3rd, 2020?
For, it's a bit confusing, isn't it?
on one hand, you have the “no new features“ statement
on the other hand, you get answers like: “the easiest upgrade in a decade”, “newer PHP libraries”, “a brand new admin theme”, and so on
So, are there any new shiny things in Drupal 9 that you can look forward to? Or maybe get worried about...
There is one shiny new feature and 8... improvements, from what I've seen.
And I've grouped all together in a list. Here it is:
1. The New Shiny Thing: Easy Upgrade from Drupal 8 to Drupal 9
A smooth upgrade experience, this is the only new shiny thing that Drupal 9 ships with.
In short, moving to Drupal 9 will be as easy as updating from one minor Drupal 8 version to another.
Source: Drupal.org
Word of caution: the upgrade path to Drupal 9 is “buttery smooth” if and only if you stick to a “healthy” routine of weeding out old and deprecated code from your current codebase.
2. Drupal 7 and 8 Will Continue to Get Supported Alongside Drupal 9
One of the biggest Drupal 9 vs Drupal 8 (and even Drupal 9 vs Drupal 7) difference is the overlap of security coverage:
Till Drupal 9, whenever a new stable version got released, the previous one lost its support. Starting with the 9th version of the CMS, Drupal 7, and Drupal 8 will continue to get community support till November 2021.
In other words, Drupal 8, cleaned-up of all deprecated API will continue to work on Drupal 9.
And Drupal 7 will get community support for... 1-1.5 years after Drupal 9 gets released.
One of the unexpected Drupal 9 features.
For it disrupts the way that the Drupal community used to approach major versions once they were no longer “the latest” ones.
3. Claro Becomes the Default Administration Theme
… once it gets stable.
4. New Drupal 9 Features: CKEditor 5 Gets Implemented
... in a future version of Drupal 9.
Security support will drop for CKEditor 4 sometime around Drupal 9's end of life.
Therefore, Drupal 9's roadmap includes adding CKEditor 5 to a future version (and eventually removing CKEditor 4 completely in Drupal 10).
5. The Workspace Module Goes from Experimental to Stable
Source: Drupal.org
How is this good news for you?
Let's say that you need to prepare multiple versions of your Drupal site and, depending on certain factors, to push live only one of them.
The Workspace module allows you do to precisely that: to replicate content between workspaces on the same Drupal site.
And, luckily, the module will be generally available starting with Drupal 9...
6. What's New in Drupal 9? Twig 2
That's right, Drupal 9 comes with support for newer PHP libraries. Support for Twig 2 here included.
7. Drupal 9 Will Be Backward-Compatible with Drupal 8 from Day One
What are the new Drupal 9 features?
Minor upgrade versions of Drupal 8 will be backward-compatible with Drupal 9.
This means that all your Drupal 8 components will work with Drupal 9. This ninth version of Drupal is built on top of Drupal 8, basically.
In other words: no need to panic that your (Drupal 8) website's key features will no longer be valid in Drupal 9. This is going to be the first time that 2 major versions of Drupal are fully compatible.
8. From Symfony 3 to Symfony 4.4
“What's new in Drupal 9?”
Symfony 4.4.
Since its third version will no longer be supported in November 2021, Symfony 4.4 gets integrated with Drupal 9.
All while making sure that Drupal 9 is forward-compatible with Symfony 5, as well...
9. Olivero Becomes Drupal's New Default Theme
New Drupal version, new front-end theme.
Olivero will come to replace Bartik, the current default theme in Drupal.
Wrap-Up: 5 Drupal 9 Requirements Your Drupal Site Should Meet
Now you know which are the predictable, the new and the... shiny new features in Drupal 9. What next?
How do you ensure that your Drupal website's Drupal 9-ready?
Here are 5 key steps to take for a buttery-smooth upgrade:
Make sure your environment is Drupal 9-compatible: PHP 7.3, MySQL 5.7.8, Drush 10
Update to the latest minor versions of Drupal 8 as soon as they get released: you'll be able to upgrade your website to Drupal 9 only from Drupal 8.8. and Drupal 8.9
Keep your modules up to date: do all your contributed modules run on their latest versions?
Weed out any deprecated API from the custom projects that your website's using
Update core to Drupal 9
Word of caution: if your website (still) runs on Drupal 7, upgrade to Drupal 8.
To sum up, the shortest path to a smooth upgrade to Drupal 9 is sticking to the best practices:
remove all deprecated code (go for an automated tool like drupal-check or Rector to identify deprecations on your website)
update your Drupal core and contributed projects to their latest versions
Or, you can leave all the preparations to us.
Just drop us a line and we'll evaluate your website's level of... readiness:
Is there any deprecated code still “lingering in there?
Does it run on Drupal 7?
Are there any outdated versions of PHP or MySQL that it is still using?
Then, we can come up with a plan to get it Drupal 9-ready.
Image by Marsel Elia from Pixabay
Adriana Cacoveanu / May 20'2020
The walls start to close in on you... You're overwhelmed. You just can't get as much done as when you were in the office. Then, you start to feel guilty and anxious... all the time. What can you do to stay productive when you work remotely from home?
To give you an honest answer, I've run a small “investigation” inside the OPTASY team. I've asked some of my colleagues about the best advice they'd give to anyone who's now adapting to remote work.
Most of us work from home, yet for these “interviews” I've selected those team members who've been doing it successfully for quite a few years now.
So, here they are: 6 tried and tested tips for setting yourself up to perform when working from home.
1. Resist the Temptation to Work from Bed/Couch
Our colleague Dinu Rodnichi, one of the web developers here at OPTASY, stressed out the importance of the “ass in chair time” for higher productivity.
So, if you're wondering “How can I be productive working from home?” this is one of the right answers:
Sitting at your desk (as you normally would in the office) tricks your mind into thinking that you're "at work".
“For me, working from my desktop PC instead of my laptop is critical. It forces me to sit at my desk instead of laying in bed or lounging on the sofa. I've noticed that I always get things done faster by just sticking to this small habit.”
Note! It would be unwise of me to advise you to buy yourself a desktop PC if you've been working from your laptop for some time now (at the office here included). But working at a desk, that's so doable (and budget-friendly).
2. Designate A “Work Zone” in Your Home
It could be your kitchen table when it's not used for... home cooking experiments.
Or your dining table, if squeezing in a new desk or turning an entire room into a home office sounds a bit too sci-fi to you.
The idea that our delivery manager, Radu Camerzan, insisted on was:
“Once you've turned a corner, half of a table or a room into your work space, use it for work and work only. At least during work hours. Don't get your mind all too confused by using the same designated work space to prep your dinner, sort out laundry or... watch Netflix, while still “at work”.
Another reasonably realistic solution to implement when you work remotely from home, don't you think?
3. Set a Work Schedule (And Stick to It)
The golden rule for staying productive (and keeping your work/life balance) is to force a work schedule on yourself.
And here is Radu's second answer to your legitimate question “Why working remotely doesn't work?”:
“Set your work hours and get things done during that time interval. Setting a time limit for your daily tasks challenges you to be more efficient. To avoid the trap of working more, but doing less. It makes it easier for you to maintain the boundary between worktime and family or “You” time.”
4. Use a Good Pair of Headphones When You Work Remotely from Home
“What do I need to work remotely from home?” You definitely don't want to be stingy with your headphones (another one of Radu's best advice for working from home novices):
they'll help you soundproof your work zone from domestic noise that might risk getting your out of the "zone"
they'll upgrade your video calls (and there're going to be plenty of those these days)
they'll do your favorite music justice (if you fall into the “Can't work without my music” category)
5. Hone and Adjust Your Communication Skills
This is one of the "working from home" tips coming from Sandu Camerzan, our delivery manager (yes, we have 2 of them at OPTASY).
If you have none... you'll need to start developing some.
Whereas if you think your communication skills are excellent, you still need to keep honing and adjusting them to the new context:
new communication channels (e.g. talking face to face, at the office, vs talking over the phone or engaging in video calls)
planned communication (the new carefully scheduled scrum meetings and video calls replace the old “coffee breaks” and chats in the office about the projects you were working on)
new environment (e.g. having phone calls while driving to the nearest the store, for more supplies, or as you fix yourself a quick lunch)
In short: you'll want to double your flexibility stocks in order to cope with these new types of communication challenges.
Make it a goal to develop a new communication style.
A more:
flexible: show a little empathy; those from the other side of the line/screen face the same communication challenges
clear and concise
sincere
… way of communicating with your team and clients.
6. Every Morning, Write Down Your 1-3 MIT (Most Important Tasks)
My advice to you, from my own work from home experience (for I, too, work remotely from home... for +3 years now) is:
In other words, be realistic: life happens and... even so more when you work from home.
Unplanned homework needs to be checked, spills cleaned up, pets entertained. Or your better half has an emergency Skype video call to take.
And maybe you two are sharing the same “work zone” these days...
So, my best advice to you (which is not “mine”, actually, but learned from Leo Babauta, the one behind the “zen habits" method) is:
Every morning (the earlier the better) write down your 1-3 most important tasks of the day. Those that you set yourself to get done that day, no matter what.
Multi-tasking is so overrated, so mind you stick to those 3, 2 or just one “task of the day” and don't get your mind focused on anything else before you've carried it out.
Better have even just one high priority task done by noon or by the end of your work day, than to juggle with multiple ones and... finish none.
The END!
These are the OPTASY team's 6 advice for you on how to stay productive when you work remotely from home.
What's your recently discovered hack for keeping yourself up to perform at home?
Let us know in the comments below.
For we're constantly revising and adding new powerful habits to our personal routines, that could help us get even more productive while working in our slippers.
Image by imperioame from Pixabay
Adriana Cacoveanu / May 12'2020
Material icons, flat icons, thin icons, ready-made or fully custom, on-brand icons... No matter what type of web icons you opt for, the same rule applies: the need to be visible to all users. So, you ask yourself: "How to make icons accessible to... everyone?".
For, in vain you go with an eye-catching web icon design if its color contrast is so low that some users just don't see it.
Or if it's interactive, but only when... mouse clicked.
See my point?
Therefore, in today's post I'll tackle aspects like:
what accessible icons are
what goes into making icons accessible: most effective approaches and best practices
what are the different types of web icons and the specific techniques for making them accessible
Let's dive in:
1. What Are Accessible Icons More Precisely?
What makes an icon accessible to screen reader users?
What requirements should it meet to be fully inclusive?
Here are the 6 most important things to consider when you're designing accessible icons:
1.1. Make Them Noticeable
For, it's pretty logical:
If an icon's not instantly perceivable to all visitors, it becomes inaccessible.
And by "instantly perceivable", I mean that users shouldn't be constrained to perform some sort of action in order to make the icon... visible.
1.2. If It's Purely Decorative, It Shouldn't Be Read Out
One of the best practices for designing accessible icons (decorative icons) is to skip the part where the ALT text gets read out to screen reader users.
That's because, in the case of a decorative icon, informing the user about its existence on the page (e.g. "There is a key icon!") is just... superfluous.
Which leads us to the next requirement that all "wannabe accessible" web icons should meet:
1.3. Always Add a Text Label
The magnifying glass icon is universally recognized as a "search" tool.
But that's the only universally recognizable icon...
Therefore, it's best to play safe if you want your icons to be accessible to the widest range of visitors.
Whether you have a hamburger menu icon or a house-shaped one, accompany it with a text label to prevent any ambiguity.
1.4. Keep in Mind the Color Contrast
This is one of the recommendations on top of any "How to make accessible icons" list that you might stumble upon:
Make sure there's enough foreground-background color constrat in your icons, so that visitors with different levels of visual imparirment can easily notice them.
1.5. Make Sure They're Properly Sized
And by "properly sized" I mean somewhere around 44x44 pixels.
Pay particular attention to the size in the case of icon links:
Any smaller than 44x44 pixels and they become inaccessible on smaller devices: some users won't be able to click on them.
1.6. Make Sure They're Mouse, Touchscreen, AND Keyboard Accessible
Have you decided to "sprinkle" some interactive icons across your website?
Then make sure that users can easily click on them whether they use their mouses, they tap on their touchscreens or they depend on their keyboards for that.
2. How to Make Icons Accessible: 10 Approaches & Best Practices
Now that we've gone through "what" makes an icon accessible, let's get to the "how-to" part:
How can you make your web icons more accessible for screen readers users?
Here's a list of simple approaches and valuable tips to consider:
2.1. Consider Pixel Measurements and Square Dimensions
Most icons have square dimensions.
And if you're curious which are some of the most frequently used sizes for web icons, here are some popular examples:
128x128
16x16
512x512
64x64
256x256
2.2. The Easiest Way to Make Your Linked Icons Accessible Is to...
... add an ALT-text that lets the user know what the link does. What its destination is.
For instance, you can add "Email us" as the ALT-text accompanying your "@" email icon.
2.3. When In Doubt, Choose an SVG or a PNG File Format
Even if some prefer the SVG icons systems, while others choose to go with PNGs (making icons accessible is easier with that file format), all web designers agree on this:
Icon fonts should be the very last option to consider.
2.4. Make Sure Your Document and Your Icon Are The Same Size
2.5. See that There's Enough Icon-Background Color Contrast
Will you be adding your web icon to a background?
If it's a yes, then check and adjust the color contrast.
2.6. Check Your Icon's Size Before Exporting It
The 6th tip on our "How to make icons accessible" is pretty... predictable:
All web icons should be properly sized prior to export, making sure they're not too large.
2.7. Hide the Text Accompanying the Icon, but Keep It Visible to Screen Readers
Let's say that you've inserted an explanatory enough copy text within your link icon, but you don't want it to be visible to all users.
You want it to be visible to screen readers only.
For this, you can use a visible-hidden class selector.
Word of caution! Going with this solution does call for 2 compromises:
the click/touch area is smaller
screen reader users might not understand what that icon does (the VoiceOver will then read something like: "internal link, home").
2.8. Accompany Your Semantic Icons with Visible Text to Avoid Ambiguity
"What's a semantic icon?" you ask?
A standalone icon that has meaning.
Now, if you want to make sure you'll prevent all situations where users might just overlook it, just add a visible "Menu" text next to it. This way, its meaning will be 100% clear to anyone.
2.9. The Simplest Way to Make Icon Fonts Accessible Is...
... to add aria-hidden="true" to the element.
Note: again, whenever possible, avoid icon fonts and opt for inline SVGs instead.
2.10. Skip Adding ALT-Text to Text-Based Icons
Let's say that you have an "Email Us" linked icon.
Now, it would be quite superfluous to have an ALT text added to, saying the same thing to the screen reader user, wouldn't it?
In this case, the icon is purely decorative, since the copy text around it already conveys the meaning on its own.
The END!
Now you have at least 10 different answers to your "How to make icons accessible to the widest range of users" question.
But maybe you need help choosing the best approach and implementing these best practices in order to make your brand icons more accessible.
We're here to help!
Just drop us a line and let's find the most suitable solution for making your web icons available to everyone visiting your website.
Image by Виктория Бородинова from Pixabay
Adriana Cacoveanu / May 06'2020