Sep 28 2018
Sep 28

Just imagine... automatic updates in Drupal core.

Such a feature would put an end to all those never-ending debates and ongoing discussions taking place in the Drupal community about the expectations and concerns with implementing such an auto-update system.

Moreover, it would be a much-awaited upgrade for all those users who've been looking for (not to say “longing for) ways to automate Drupal core and modules for... years now. Who've been legitimately asking themselves:

“Why doesn't Drupal offer an auto-update feature like WordPress?”

And how did we get this far? From idea to a steady-growing initiative?
 

  1. first, it was the need to automate Drupal module and security updates
  2. then, the issues queues filled with opinions grounded in skepticism, valid concerns and high hopes started to “pile up” on Drupal.org,
  3. then, there was Dries' keynote presentation at Drupalcon Vienna in 2017, raising awareness around the need to re-structure Drupal core in order to support a secure auto-update system
  4. … which grew into the current Auto Update Initiative
  5. that echoed, recently, at Drupal Europa 2018, during the “Hackers Automate but the Drupal Community still Downloads Modules from Drupal.org” session
     

Many concerns and issues have been pointed out. Many questions have been added to the long list.

Yet, one thing's for sure:

There still is a pressing, ever-growing need for an auto-update feature in Drupal...

So, let me try to answer my best to some of your questions regarding this much-awaited addition to Drupal core:
 

  • What's in it for you precisely? How will an auto-update pre-built feature benefit you? 
  • Does the user persona profile suit you, too? Is it exclusively low-end websites that such a feature would benefit? Or are enterprise-level, company websites targeted, as well?
  • What are the main concerns about this implementation?
     

1. The Automatic Updates Initiative: Goal & Main Challenges 

Let's shift focus instead and pass in review the inconveniences of manually installing updates in Drupal:
 

  • it's time-consuming
  • it's can get risky if you don't know what you're doing
  • it can be an intimidatingly complex process if you have no dedicated Drupal support & maintenance team to rely on
  • it can get quite expensive, especially for a small site or blog owner
     

See where I'm heading at?

This initiative's main objective is to spare Drupal users of all these... inconveniences when it comes to updating and maintaining their websites. Inconveniences that can easily grow into reasons why some might get too discouraged to adopt Drupal in the first place.

The goal is to develop an auto-update mechanism for Drupal core conceptually similar to those already implemented on other platforms (e.g.WordPress).

And now, let's dig up and expose the key challenges in meeting this goal:
 

  • enabling update automation in Drupal core demands a complete re-engineering of the codebase; it calls for a reconstructing of its architecture and code layout in order to support a perfectly secure auto-update system 
  • such an implementation will have a major impact on the development cycle itself, causing unwanted disruption
  • such a built-in auto-update feature could get exploited for distributing and injecting malware into a whole mass of Drupal websites
     

2. Automatic Updates in Drupal: Basic Implementation Requirements 

What would be the ideal context for implementing such a perfectly secure auto-update system? 

Well, its implementation would call for:
 

  • multiple (up to date) environments
  • released updates to be detected automatically and instantly
  • an update pipeline for quality assurance
  • existing automate tests with full coverage
  • a development team to review any changes applied during the update process 
     

3. How Would These Auto-Updates Benefit You, the Drupal User?

Well, let's see, maybe answering these key questions would help you identify the benefits that you'd reap (if any):
 

  • is your Drupal website currently maintained by a professional team?
  • has it been a... breeze for you so far to cope with Drupal 8's release cycle (one new patch each month and a new minor release every 6 months sure claim for a lot of your time)?
  • have you ever got tangled up in Composer's complexities and a whole load of third-party libraries when trying to update your Drupal 8 website?
  • did you run the Drupalgeddon update fast enough?
  • have you been secretly “fancying” about a functionality that would just update Drupal core and modules, by default, right on the live server?
     

To sum up: having automatic updates in Drupal core would keep your website secured and properly maintained without you having to invest time or money for this.
 

4. Drupal Updating Itself: Main Concerns

And concerns increase exponentially as the need for an update automation in Drupal rises (along with the expectations).

Now, let's outline some of the most frequently expressed ones:
 

  • there is no control over the update process, no quality assurance pipeline; basically, there's no time schedule system enabling you to test any given update, in a development environment, before pushing it live
  • there's no clearly defined policy on what updates (security updates only, all updates, highly critical updates etc.) should be pushed
  • with Drupal updating itself, rolling back changes wouldn't be possible anymore (or discouragingly difficult) with no GIT for version control
  • again: automatic updates in Drupal could turn into a vulnerability for hackers to exploit for a mass malware attack 
  • there's no clear policy regarding NodeJS, PHP and all the JS libraries in Drupal 8, all carrying their own vulnerabilities, too
  • it's too risky with all those core and module conflicts and bugs that could break through
  • such a feature should be disabled by default; thus, it would be every site owner's decision whether to turn it on or not
  • could this auto-update system cater to all the possible update workflows and specific behaviors out there? Could it meet all the different security requirements?
     

So, you get the point: no control over the update pipeline and no policy for handling updates are the aspects that concern developers the most.
 

6. Does It Cater for Both Small & Enterprise-Level Websites' Needs? 

There is this shared consensus that implementing automatic updates in Drupal core would:
 

  1. not meet large company websites' security requirements; that it would not fit their specific update workflows
  2. benefit exclusively small, low-end websites that don't benefit from professional maintenance services
     

Even the team behind the automatic updates initiative have prioritized low-end websites in their roadmap.

But, is that really the case?

Should this initiative target small websites, with simple needs and writable systems, that rarely update and to overlook enterprise-level websites by default?

Or should this much-wanted functionality be adjusted so that it meets the latter's needs, as well? 

In this case, the first step would be building an update pipeline that would ensure quality.

What do you think?
 

7. How About Now?"What Are My Options for Automating Updates in Drupal?"

In other words: what are the currently available solutions if you want to automate the Drupal module and security updates? 
 

7.1. You Can Use Custom Scripts to Automate Updates

… one that's executed by Jerkins or another CI platform. 

Note: do bear in mind that properly maintaining a heavy load of scrips and keeping up with all the new libraries, tools, and DevOp changes won't be precisely a “child's play”. Also, with no workflow and no integrated tools, ensuring quality's going to be a challenge to consider.
 

7.2. You Can Opt for a Drupal Hosting Provider's Built-In Solution

“Teaming up” with a Drupal hosting provider that offers you automated updates services, too, is another option at hand.

In this respect, solutions for auto-updating, such as those provided by Pantheon or Acquia, could fit your specific requirements. 

Note: again, you'll need to consider that these built-in solutions do not integrate with your specific DevOps workflows and tools.
 

And my monologue on automatic updates in Drupal ends here, but I do hope that it will grow into a discussion/debate in the comments here below:

Would you turn it on, if such a feature already existed in Drupal core?

  1. Definitely yes
  2. No way
  3. It depends on whether...
Sep 21 2018
Sep 21

The media management experience had been one of the well-known sources of frustration for Drupal content editors for a long time. For, let's face it: Drupal's out-of-the-box media support was just... basic. But not anymore: there are new exciting features for media handling in Drupal 8.6.0 that will dramatically change the way you manage your media assets on your Drupal website!

Now, let's take a sneak peek at these most-anticipated media handling features that Drupal 8.6.0 comes equipped with:
 

  • adding media from a remote source
  • adding various types of media
  • embedding Youtube and Vimeo videos in the content (via URL)
  • easily accessing and reusing the existing media
  • uploading new media types right out of the box
     

And this is almost... overwhelming:

From almost no built-in media support in Drupal, for so many years, to a whole set of modern, powerful media management options now in Drupal 8.6.0.

But let's not ramble about this topic anymore and dive right in! Into the pile of new features meant to enhance the whole media management experience in Drupal:
 

But First: An Update on The Progress of the Media in Drupal 8 Initiative

The main goal of this media initiative was to:

Add a rich media support to Drupal 8.

One that would empower the content editors to easily reuse existing media assets, add new media entities and to overall gain more control (and meta information) over their media.

And there are 3 core milestones that we can trace while tracking the progress of this initiative for Drupal 8:
 

  1. adding the experimental Media module to Drupal 8.4 in late 2017
  2. leveling up this module from experimental to stable phase in Drupal 8.5.0
  3. turning it into the standard way of storing media in Drupal 
     

Moreover, starting with Drupal 8.6.0 a new key module for handling media has been added to core — Media Library — along with a few more exciting options:
 

  • quick access to the existing media assets
  • oEmbed support
  • a new media type: remote video content
     

Quite a “leap” forward, to a great media management experience in Drupal, I would say...
 

2. Welcome a New Media Type in Drupal 8: Remote Video

Let us list the 4 media types that you could add to your site's content up to Drupal 8.6.0's release:
 

  1. file
  2. image
  3. video
  4. audio
     

OK, now it's time you welcomed a new media type to the group: remote video!

Basically, as a content editor you're now able to add videos from remote sources, as well — Vimeo and Youtube — via their URLs.

Handling Media in Drupal 8.6.0- New Media Type: Remote Video

In short: you're no longer constrained to settle for the default media types in Drupal 8. No sir, now you get to create new custom ones mentioning their media sources.

Summing up: embedding new media to your website content is nothing but a two-step process: Content-Add Media.

Handling Media in Drupal 8.6.0- Add New Media Type


3. Reusing Media Is Now Possible: Media Library

One of the much-awaited features for media handling in Drupal 8.6.0 had been reusable media.

Well, here it is now: Media Library! It's where you can save and store all your media assets to be further reused whenever needed.

Note: do keep in mind that this an experimental module and that you'll also need to enable the Media module first things first.

“And how does it work more precisely?”
 

  1. while in your content edit screen
  2. just browse through all the media assets stored in your Media Library
  3. select the one you need
  4. and simply “inject” it into your page
     

Note: it's the “Media library” widget, added to the Media field, that enables you to scan through all your media entities straight from the content edit screen.

Handling Media in Drupal 8.6.0- Media Library Widget


4. The New “Media” Field: A Quick Way to Embed Media in Your Content

Handling media in Drupal 8.6.0 is as simple as... adding a new field — “Media” —  to the content type in question (be it news, blog post, article and so on).

Handling Media in Drupal 8.6.0- Add a New Media Field

Once the new field is added on, just go through the 5 media types available in Drupal 8.6.0 and select the one you need to embed.

Next, you can simply integrate it into your content, while in your edit screen, positioning it to your liking.
 

5. New Media Handling in Drupal 8.6.0: Youtube & Vimeo Embeds

A new media management tool that significantly improves the whole content editing experience in Drupal.

You're able to embed remote videos from Youtube and Vimeo via URL, thanks to the now added oEmbed media support.

“How precisely?” Basically, you simply:
 

  1. add that new “Media” field to your content type, as previously stated
  2. select the “Remote Video” option from the “Media Type” drop-down menu
  3. enter your video's URL in the “Video URL” field, while in your “Add Remote Video” screen
  4. and click “Save”
     

And voila: you'll have your remote video integrated into your content!

The END!

As Steve Burge from OSTraining would say:

“Finally we're getting somewhere with media in Drupal!”  

What do you think about the new features for media handling in Drupal 8.6.0? What other options and tools are there on your wishlist?

To be able to embed remote videos right from the node create page, maybe? Or to have other video platforms, as well, supported in Drupal?

Aug 30 2018
Aug 30


We all love Drupal's granular permission and access control system! And yet: its life-saving hierarchy of user roles and permission levels is strictly for creation/editing content. Since Drupal wrongly assumes that all site visitors should be able to visualize all published content, right? But what if this default assumption doesn't suit your specific use case? What if you need to restrict access to content in Drupal 8?

… to limit users' access to certain content on your website? So that not all visitors should be able to see all published nodes.

In this case, Drupal's typical access control system for creating and editing content is not precisely the functionality that you need.

But there's hope!

And it comes in the form of 6 Drupal 8 access control modules that enable you to give content access of different levels, ranging from “average” to “more refined”.
 

But First: An Overview of Drupal's Typical Access Control System 

Now, we can't just jump straight to the “more sophisticated” content access solutions in Drupal 8, not until we've understood how its basic access control system works, right?

As you can see, in the screenshot here below, the logic behind it is pretty straightforward:

Restrict Access to Content in Drupal 8- Typical Access Control in Drupal

  • while in your admin panel, you need to access the People menu > Permissions
  • and there, you just assign different user types (authenticated, admin or anonymous) with specific sets of permissions (to administer blocks, to post/edit comments, to modify menus on your Drupal site etc.)

As you can see, Drupal's typical access control system is not configured so as to enable you to restrict visitors' access to specific content on your website.

Or to limit user access to a more granular level other than the standard “logged in/not logged in user”.
 

If you're not looking for anything “too fancy”, just a straightforward functionality for controlling access to view/edit/delete content entities, then this module's THE one.

And here are 2 of its most common use cases:
 

  • you define some access-restricted premium content areas on your Drupal site, for “privileged” user roles only
  • you grant publish/edit permissions to certain groups on your website, having specific predefined user roles
     

Definitely a go-to module when you need to restrict access to content — to specific content types — in Drupal 8.

It enables you to:
 

  • set up specific access control roles
  • define custom granular restrictions based on different user permissions (you could, for instance, limit access to certain content on your website for non-authenticated users only...)
  • set up content types with restricted access 
     

Note: do bear in mind that, once you've enabled Content Access, you'll need to rebuild your entire “collection” of access content permissions. The module is going to alter the way they work, that's why.

Restrict Access to Content in Drupal 8- Rebuild Permissions when Using Content Access module

Tip: if you need to control access to content nodes on your Drupal 8 site, this module's built to help you “refine” your restriction; for that you'll just need to define some more detailed permissions in People menu >  Permissions tab.
 

A lightweight solution to restrict access to content in Drupal 8. One that enables you to set up access-restricted content sections on your website.

Now, what makes it stand out from the other 5 modules in my list here is:

The refined, taxonomy term-based restrictions that it allows you to create for specific nodes on your Drupal site.

You can limit access to these nodes to:
 

  • specific user roles
  • certain individual user accounts
     

Restrict Access to Content in Drupal 8- Permission by Term module

How do you set everything up?
 

  1. first, you enable the module
  2. then, on the term edit page, you define a specific role access for each taxonomy term 


And there's more to look forward to! 

Unlike Organic Groups and Group, the Permissions by Term module comes with very little overhead, in the form of light contributed code.

In other words: for the taxonomy terms-based access control that it enables you to set up, it adds a new field to your current content types. That's all!
 

When it comes to Drupal role-based access control (to content types or nodes) this module's simple, straightforward approach is exactly what you need.

Not as “sophisticated” as Content Acess, yet conveniently easy to configure and to maintain.

And also, the perfect choice if it's just a basic kind of content type access restriction that you need to set up.

Summing up its functionality now, what you should know is that Node View Permissions enables you to define 2 types of... permissions:
 

  • “View any content”
  • “View own content”
     

… for every content type listed on your Drupal site's Permissions page. 
 

5. Group         

It enables you, as the site admin, to structure content into... groups.

Different group types, with their own hierarchies of group roles:
 

  • anonymous
  • member
  • outsider (a logged in user, but not a group member)
  • other group roles that, as an administrator, you'll need to create
     

Needless to add that with Group you'll restrict access to content in Drupal 8 based precisely on these group roles that you'll set up.

Furthermore, it allows you to define:
 

  • the most suitable permissions (view/edit/delete) for specific content types
  • the most appropriate group roles
     

… per group type. 

And the best is yet to come:

All group types, group roles, group/content relationships are set up as entities. Meaning that they're fully fieldable, exportable, extendable!
 

It's a restricted access to nodes, based on taxonomy terms, users and roles, that you get to define using this module:

A user role-based access control...

Note: mind you don't forget that, in order to restrict access to viewing/editing nodes on your Drupal website, you'll first need to reconfigure the existing user permissions.


The END! 

A bit curious now: which one of these solutions, ranging from straightforwardly simple to most refined, would you for to restrict access to content in Drupal 8?

Aug 27 2018
Aug 27

You've put so much effort into crafting and polishing the content on your Drupal website and it just won't... rank? Why is it that search engines' web crawlers won't index its “juicy” content? Why they won't give your site a big push right to first-position rankings? As it clearly deserves... Could it be because you're making these 10 Drupal SEO mistakes? 

Knowingly or just recklessly...

And with the first 5 of them already exposed in the first part of this blog post, I'm keeping my promise and here I am now, with 5 more SEO mistakes that you don't want to make on your Drupal website, ranging from:
 

  • embarrassing gaffes
  • to faux pas
  • to catastrophes...
     

1. Underrating Meta Tags: One of (Too) Common, Yet Costly Drupal SEO Mistakes 

And let me just say it: forgetting (or choosing not to) to check those 3 on-page ranking factors:
 

  1. description
  2. page title
  3. tags
     

... is one rookie SEO mistake. 

And one costly neglect, too...

Why? Because by simply checking your meta tags, making sure that the content entered there:
 

  • contains all the relevant keywords
  • is user-friendly and engaging
     

you hit 2 birds with just one stone:
 

  1. search engines' crawlers will just know whether specific web pages on your site are relevant for specific search queries or not; whether the keywords that you will have added to your meta elements are precisely those that online visitors use
  2. users will get a “teaser” of what the page is about, helping them decide whether it matches their searches and expectations or not
     

Note: Drupal's got your back with a dedicated Metatag module that you should install even before you “release your website out into the wild.
 

2. Ignoring the Slow Page Loading Speed 

If it takes more than 2 seconds to load... then you'll lose them. Visitors on your Drupal site will lose all interest in accessing that given page.

And could you blame them? 

Instead, you'd better:
 

  • blame yourself for accepting this status quo and refusing (or just postponing or not putting enough effort into it) to optimize your site for high speed
  • rush to address this major UX issue risking to grow into a critical SEO issue
     

How? By:
 

  • compressing all JS and CSS files using a dedicated tool of your choice (and thank God there are plenty of those to choose from!)
  • compressing all overly large pages
  • reducing images, graphics, and videos to reasonable sizes
  • disabling all those Drupal modules that you haven't used in ages (or maybe never...)
  • turning on catching (and luckily there are Drupal cache modules — like Memcache, for instance — that can help you with that)
  • upgrading your server or even moving to a new hosting company
  • optimizing your site's current theme

See? Improving your Drupal site's load time is no rocket science and it doesn't require overly complex measures, either. They're no more than... “common sense” techniques.

Assess the resources that implementing them would require and... just do it:
 

  • the user experience on your Drupal website will improve significantly
  • search engines will “detect” this increase in user satisfaction on your Drupal site
  • … which will translates into a higher ranking 
     

3. Overlooking to Redirect From Its HTTP to Its Secure HTTPs Version

Migrating your Drupal site to HTTPS is a must these days. Just face it and deal with it or... be ready to face the consequences!

Yet, if you overlook to redirect your site to its new HTTPs version, thus sending its visitors out to... nowhere — to error pages — then... it's all but wasted effort and resources.

One of those SEO Drupal mistakes with long-term consequences on your website's ranking.
 

4. Broken Internal Images

Leaving broken internal images and missing ALT attributes behind is a clear sign of SEO sloppiness...

And now, here's what we would call a “broken image”:
 

  • an image that has an invalid file path
  • an image with a misspelled URL
     

The result(s)?
 

  1. first, a broken image has an impact on the overall user experience; your site visitor gets discouraged and quite the page in question
  2. next, search engines rate your site's content as “of poor quality”
  3. and finally, all these lead to an inevitable drop in Google search rankings
     

5. Underestimating (or Just Ignoring) the Importance of an XML Sitemap for SEO

Not generating an XML sitemap of your Drupal site is more than just one of those Drupal SEO mistakes that you should avoid: it's a missed opportunity! A huge one!

Here's why:
 

  • an XML sitemap would include all the URLs on your website
  • … as well as information about your site's infrastructure of web pages (via heading tags), for search engine crawlers to use
  • … “alerts” about which pages they should be indexing first
  • an XML sitemap provides an early index of your website
  • all the pages on your website get submitted to the search engine database even before they get indexed in their own database
     

Note: the sitemap.xml file not only that communicates with and informs search engines about the current content ecosystem on your Drupal site, but will “keep them posted” on any updates of your site's content, as well.

So, what an XML sitemap provides is a prioritized, conveniently detailed and easily crawlable map of your Drupal website meant to ease web crawlers' indexing job.

And the easier it gets for them to crawl through your site's content, the faster your site's indexing process will be.

In short: if the robots.txt file alerts search engines about those pages that they shouldn't crawl into, the sitemap.xml file lets them know what pages they should index first!

Tip: discouraged by the thought of manually building your site's sitemap? Well, why should you, when there are Drupal modules built especially for this?
 

From taxonomy terms, menu links, nodes, useful entities, to custom links, these modules will automatically generate all the entities that you'd need to include in a detailed sitemap of your Drupal site.

The END! 

Just face it now: you'll inevitably continue to make gaffes influencing your site's SEO, no matter how many precautions you might take...

Yet, these10 Drupal SEO mistakes here ranked from least to most damaging, are the ones that you should strive to avoid at all costs...

Aug 24 2018
Aug 24

You have made, are currently making and will continue to make various Drupal SEO mistakes. From those easy to overlook gaffes to (truly) dumb neglects, to critical mistakes severely impacting your site's ranking... 

Just face it and... fix it! 

And what better way of becoming aware of their impact on your site than by... getting them exposed, right? By bringing them into the spotlight...

Therefore, here are the 10 SEO mistakes you really don't want to make on your website: the “culprits” for your site's poor ranking.

Take note of them, assess their occurrence/risks for your Drupal site's SEO and strive to avoid them:
 

1. Overlooking or Misusing Header Tags

Do it for the crawlers or do it for your site visitors.

For whichever reason you decide to structure the content on your web pages using H1, H2, H3 tags, Google will take note of your efforts...

And it all comes down to setting up an SEO-valuable hierarchy on each page on your Drupal site. One that:
 

  • crawlers will painlessly scan through, which translates your website getting indexed more quickly
  • users will find conveniently “readable”, which bubbles up to the overall user experience
     

Note: one of the worst SEO gaffes that you could make —  one that would confuse the crawlers and intrigue the site users — would be to use multiple H1 tags on the very same page. 

It's one of those silly, yet harmful rookie Drupal SEO mistakes that you don't want to make!
 

2. Duplicate Content: It's Literally Killing Your SEO

Now, speaking of running the risk to confuse the crawlers in your Drupal site, duplicate content makes the "ultimate source of confusion” for search engines.

And how does this show on your site's SEO? 

Basically, since the crawler can't identify the right page to show for a specific query, it either:
 

  1. "refuses" to rank any of them
  2. or applies specific algorithms to recognize the "suitable" page for that search query
     

Needless to add that the second decision is discouragingly time-consuming, while the first is simply... disastrous for your site's ranking.

"But how did I end up with duplicate content on my website in the first place?" you might ask yourself.

Here are 3 of the most common causes:
 

  • HTTP vs HTTPS 
  • URL variants
  • WWW and non-www pages
     

Now, since an identified and acknowledged mistake is already a half-solved one, here's how you can get it fixed:
 

  • just set up a 301 redirect from that web page's primary URL to the new one
  • set up a rel=canonical attribute on the old URL, one that would let search engines know that they should handle the new URL as a duplicate of the original one
     

Note: It goes without saying that all metric records and all the links that search engines will have monitored on these two duplicate pages will then be automatically attributed to the original URL.
 

3. Optimizing for the Wrong Keywords

And this sure is one of the most frequent Drupal SEO mistakes, that goes back to:

Not investing enough resources (of time mostly) in a proper keyword research strategy.

And no, trying to rank for the prime keywords isn't a foolproof action plan!

The result(s)?
 

  • you end up targeting all the wrong keywords
  • you optimize your site's content for all the wrong terms, that your target audience isn't actually searching for
     

Wasted efforts for putting together non-targeted (or not properly targeted) content...

Instead, invest time in identifying and then ranking for the right search terms.

For yes, it will take longer to carry out a proper keyword process and for your site to start ranking for those keywords. But it won't be wasted time...
 

4. Having Pages with Duplicate Title Tags on Your Drupal Site

Here's another way of confusing crawlers even more:

Faced with two separate web pages having the same <title> tags, search engines won't know which one of them stands for a specific search query.

And their confusion only risks to lead to your Drupal site's getting banned...

Moreover, it's not just search engines that will get discouraged by the duplicate titles, but site visitors, too. They won't know which is the “right” page to access.

“OK, but how can I get it fixed?”
 

  • you install and turn the Metatag module on
  • you craft and give each page on your Drupal site a unique title 
     

5. Ignoring Robots.txt: One of the Common Drupal SEO Mistakes

Now, before answering your otherwise valid question:

“Why do I even need Robots.txt file on my Drupal website?”

… we'd better see what this protocol brings, right?

Take it as a standard that websites use to communicate with crawlers and web robots “in charge” with indexing their content. It's this file that points out what web pages should be crawled and indexed and which ones should be skipped.

Now, if it's a blog that you own, ignoring this protocol isn't one of the biggest Drupal SEO mistakes that you could do. But if it's a larger Drupal site, with a heavy infrastructure of web pages, that you're trying to optimize, then having Robots.txt file makes all the difference...

Tip: do consider installing the Robots.txt module for streamlining the efforts of making your site “crawling-friendly”.

END of Part 1! Stay tuned for I'll be back with 5 more Drupal SEO mistakes — ranking from seemingly harmless to critical — that you definitely don't want to make on your website.

Aug 24 2018
Aug 24

With the Drupalgeddon2 "trauma" still “haunting” us all — both Drupal developers and Drupal end-users — we've convinced ourselves that prevention is, indeed, (way) better than recovery. And, after we've put together, here on this blog, a basic security checklist for Drupal websites and revealed to you the 10 post-hack “emergency” steps to take, we've decided to dig a bit deeper. To answer a legitimate question: “What are some good ways to write secure Drupal code?”

For, in vain you:
 

  • build a “shield” of the best Drupal security modules and plugins around your website
  • enforce a rigid workplace security policy 
     

… if you leave its code vulnerable to various types of cyber attacks, right?

  • But how do I know how unsecured code looks like, to begin with?
  • What are the site configuration gotchas that I should pay attention to?
  • What are the most common vulnerabilities that I risk exposing my Drupal site to?
  • And how can I test it for security issues that might be lurking in its code?

But most of all: What top secure coding practices should I and my Drupal development team follow?

Now, let's get you some answers:
 

1. SQL Injection Vulnerabilities: How You Can Fix & Prevent Them 

SQL injections sure make one of the most “banal”, nonetheless dreadful types of attacks. Once such vulnerabilities are exploited, the attacker gets access to sensitive data on your Drupal site.
 

1.1. Prevent SQL Injection Attacks Using The Database Abstraction Layer

In other words: the proper use of a database layer makes the best shield against any SQL injection exploit attempts.

Now, let's talk... code.

For instance, linking together data right into the SQL queries does not stand for a secure coding practice:

db_query('SELECT foo FROM {table} t WHERE t.name = '. $_GET['user']);

In this case here, this is how you write secure Drupal code:

db_query("SELECT foo FROM {table} t WHERE t.name = :name", [':name' => $_GET['user']]);

Notice the usage of the proper argument substitution with db_query. The database abstraction layer uses a whole range of named placeholders and works on top of the PHP PDO.

Now, as for a scenario requesting a variable number of arguments, you can use either db_select() or an array of arguments:

$users = ['joe', 'poe', $_GET['user']];
db_query("SELECT t.s FROM {table} t WHERE t.field IN (:users)",  [':users' => $users]);
$users = ['joe', 'poe', $_GET['user']];
$result = db_select('table', 't')
  ->fields('t', ['s'])
  ->condition('t.field', $users, 'IN')
  ->execute();

1.2. Have You Detected an SQL Injection Vulnerability? Here's How You Can Fix It

There are some key Drupal security best practices to follow for addressing SQL injection issues:
 

  • always stick to the well-known Drupal database API
  • always filter the parameters that you get (be twice as vigilant and cautious about those who can type anything on your Drupal site)
  • always use placeholders: db_query with :placeholder
  • always check the queries in the code: db_like()
     

Tip: remember to follow these coding practices for addressing and preventing SQL injections on your contrib modules, as well.
 

2. How to Protect Your Drupal Site Against Cross-Site Scripting (XSS) Attacks

We could easily say that XSS attacks “rival” SQL injection attacks in “popularity”:

Drupal's highly vulnerable to cross-site scripting.

All it takes is some wrong settings — input, comment, full HTML — as you configure your website, to make it vulnerable to this type of attacks:

They make a convenient gateway into your website for remote attackers to use to inject HTML or arbitrary web.
 

2.1. Check Functions to Rely on for Sanitizing the User Input (in Drupal 7)

Securing your Drupal 7 site against cross-site scripting attacks always starts with:

Identifying the very “source” of that submitted data/text.

Now, if the “culprit” is a user-submitted piece of content, depending on its type you have several check functions at hand to use for sanitizing it:
 

  • check_url
  • check_plain (for plain text)
  • filter_xss (when dealing with pure HTML)
  • filter_xss_admin (if it's an admin user that entered the “trouble-making” text)
  • check_markup
     

Note: always remember never to enter the user input as-is into HTML!

Tip: a good way to write secure Drupal code is to use t() with % or @ placeholders for putting together translatable, safe strings.
 

2.3. Cross-Site Scripting In Drupal 8: Twig & 3 Useful Sanitization Methods

In Drupal 8, handling cross-site scripting attacks gets significantly easier.

Here's why:
 

  • you have TWIG, with its autoescaping and “sanitize all” HTML mechanism!!!
  • no SQL queries
  • no access to Drupal APIs
     

Now, besides Twig, you have 3 more sanitizing methods at hand for fixing cross-site scripting issues in Drupal 8:
 

  1. HTML: :escape(), for plain text
  2. Xss: :filterAdmin(), for admin-submitted content
  3. Xss: :filter(), where HTML can be used
     

2.4. Testing Your Code Against XSS

In order to check whether certain user inputs are vulnerable, all you need to do is:
 

  • take the “suspicious” user input as a field, as an input HTML
  • enter them both (or just one of them) in your test
     

Note: feel free to user Behat or another framework of choice to automate the whole process.

2 clear signs that you've detected an XSS vulnerability are:
 

  1. you get this pop up alert: <script>altert ('xss') </script>
  2. or this error message close to the IMG tag: img src="https://www.optasy.com/blog/what-are-some-good-ways-write-secure-drupal-..." onerror="alert ('title')"
     

3. Use Twig Templates: They Sanitize All Output...  Automatically 

Did you know that a lot of the Drupal security issues on your website occur precisely because you've skipped sanitizing the user-submitted content before displaying it?

And someone's neglect quickly turns into another one's opportunity...

By skipping to clean up that text beforehand, you lend the attacker a “helping hand” with exploiting your own Drupal site.

Now, getting back to why using Twig templates is one of the best ways to write secure Drupal code:
 

  • they sanitize the user input and output (all HTML, basically) by default; you can write your custom code without worrying about it risking to break up your website
  • you won't run the risk of having safe markup escaped


In short: securing your Drupal 8 website is also about having all HTML outputted from Twig templates.
 

4. How to Write Secure Drupal Code for Finding & Fixing Access Bypass Issues

One of Drupal's strongest “selling points” is precisely its granular permission system. Its whole infrastructure of user roles with different levels of permissions assigned to them.

Furthermore, there are all kinds of access controls that you can “juggle with”:
 

  • Node access system
  • field access
  • Views access control
  • Entity access
     

In short: you're free to empower users to access different sections/carry out different operations on your Drupal site.
 

4.1. How You Can Check for Access Bypass Issues

How do you know whether there are access bypass flaws on your website, that could be easily exploited?

It's easy:
 

  • you simply visit some nid/node and other URL on your site 
  • and just run your Behat automated tests
     

4.2. And How You Can Fix the Identified Access Bypass Issues

Do keep in mind that there are quite a few access callbacks to consider:
 

  • entity_access
  • user_access for  permissions
  • Squery – addTag ('node_access')
  • Menu definitions (make sure you set those correctly)
     
  • node_access

All you need to do is write automated tests to address any detected problems related to access bypass.
 

5. 3 Ways Deal to With Cross-Site Request Forgery (CSRF) in Drupal 

What does it take to write secure Drupal code? 

Writing it... strategically, so that it should prevent any possible cross-site request forgery attack...

Now, here are 3 ways to safeguard it from such exploits:
 

  1. sending and properly validating the token
  2. using Form API
  3. using the built-in csrf_token in Drupal 8
     

In conclusion: a trio of good practices keeps the CSRF attacks away...
 

6. 7 Best Contrib Security Modules to Back Up Your Coding With

Now, after we've gone through some of the best ways to write secure Drupal code, let's see which are the most reliable contrib security modules to strengthen your site's shield with:

  1. Hacked!      
  2. Permission report  
  3. Encrypt      
  4. Composer Security Checker        
  5. Security Review          
  6. Paranoia      
  7. Text Formats Report
     

The END! This is how your solid Drupal security “battle plan” could look like. In includes:
 

  • some of the most frequent types of attacks and security issues to pay attention to
  • most effective preventive measures
  • vulnerability detecting methods
  • post-attack emergency actions and sanitization mechanisms
     

What ways to write secure Drupal code would you have added or removed from this list?

Aug 21 2018
Aug 21

Let me guess: you're a Drupal developer (temporarily) turned into a... Drupal project manager! Or maybe a PM new to Drupal, facing the challenge of your first Drupal project management assignment?

Have I guessed it?

Now the questions roaming in your head right now must be:
 

  • What Drupal project-specific challenges should I expect?
  • How should I address them?
  • How should I approach the Drupal developers, site builders and themers involved?
  • What questions should I ask them at each phase of the project?
  • And which are the stages of a Drupal project management process more precisely?
  • How do I collect accurate and explicit requirements for my Drupal project?
     

“Spoiler alert”: managing a Drupal project the right way isn't so much about using the right project management modules and “heavy-lifting” tools. It's about:
 

  • understanding the specific challenges that Drupal projects pose
  • understanding the specific phases of the process
  • empowering the people in your team to capitalize on their Drupal expertise within the given time frames and according to your client's objectives
     

Now, here's an insight into the process of managing a Drupal project. One shaped as a list of predictable challenges and their most suitable solutions:
 

1. Proper Planning: Get The Whole Team Involved

In other words: defining objectives and setting up a final time frame with the client without getting your team, too, involved in the process is like:

Throwing spaghetti at a wall and hoping that it would just... stick somehow.

They're the Drupal experts, you know...

Therefore, getting the Drupal developers, themers and site builders engaged at this stage of the project is no more than... common sense.

They're the (only) ones able to:
 

  • give you an accurate time estimate for developing and implementing each functionality/feature
  • tell if certain of the requested features can't be delivered
  • identify interdependencies and conditions
  • provide you vital information about Drupal-specific architecture and the project-specific development process
  • … information on what components to take, whether new contrib modules need to be developed to support certain functionalities etc.
     

Get your Drupal team involved in the planning and preparation process and strike a balance between their valuable input, the client's objectives, and time frames.
 

2. Tempted to... Micromanage? Empower Your Team Instead

Yet, resisting temptation won't be easy. Especially if you're a former Drupal developer now turned into a Drupal project manager.

You'd just die to get your hands dirty with code, wouldn't you? To supervise, closely, how every single line of code is being written.

Refrain yourself from that...

Instead, do keep your focus on the bigger picture instead! And, moreover, empower each member of your team to... shine. To excel at what he/she's doing. 

That instead over obsessing over details, getting everyone on their nerves and making them doubt their own skills:

By focusing on each one of the small steering wheels you'd just lose sight of the larger mechanism that's a Drupal project.
 

3. To Tell or Not to Tell: Do Encourage Your Team Members to... Tell

Hiding the dirt under the carpet, from the stakeholders' eyes/ears, having members of your team remain silent over certain bottlenecks in the project, will only act as 2 “Trojan horses”.

And lead your project to... failure.

Instead:
 

  • dare be honest with the client and inform him/her if you run the risk of a delay 
  • encourage your team to be open with you and with their teammates when they hit sudden challenges, unexpected issues
     

By:
 

  • hiding
  • ignoring
  • “genuinely” underrating
     

... issues detected in the development process — instead of getting them “exposed” and dealt with —  you're only sabotaging the Drupal project.

And now speaking of encouraging good communication within your team, how about creating a dedicated open forum for them to use?

This could be the “place” where they'd share any issues that they will have detected in the project. Or the challenges they're facing and can't address by themselves.
 

4. Juggling with Resources, Timeline, and Unforeseen Events

I'm not going to lie to you about this one: keeping the balance between staying flexible and being capable to assess risks is not going to be easy...

Unplanned issues will strike, new requirements will come to “jeopardize” this balance, unexpected changes will need to be accommodated under the same time frame...

Should you keep yourself rigid and inflexible to all changes, sticking to the initial plan?

Or should you “assimilate” all the incoming requirements and additions to scope with the risk of a project delay?

And that of overburdening your team with unscheduled tasks.

Can't help you with a universal answer here, one that applies to all Drupal project management scenarios. It's you, together with your Drupal team, who should be able to estimate:
 

  • the changes' level of complexity
  • the project delay (if it's the case)
  • the chances for these additional tweaks to turn into contractual changes
     

5. Drupal Project Management Is 90% Good Time Management

And it all comes down to:

Breaking your Drupal project down into small, manageable tasks. 

Tasks that can be easily turned into goals and objectives:
 

  • daily objectives
  • weekly objectives
  • and so on...
     

Efficient Drupal project management, even if we're talking about truly complex ones, is all about making it... manageable.

About ensuring that the lists of tasks are logically structured and (most of all) time framed!

Needless to add that this strategy acts as a motivation-booster for your team: 

Just think about it: with every ticked off task, each team member can visualize the project's progress in... real-time. A progress that he/she, too, will have contributed to.

The END! These are the Drupal project-specific challenges that any project manager dealing with this CMS has to deal with, accompanied by their life(reputation)-saving solutions.
 

Aug 17 2018
Aug 17

It's a robust, flexible and admin feature-packed CMS, there's no point in denying it. And yet: Drupal (still) lacks a modern UI that would make building rich web content —  such as landing pages — a breeze. But there is hope: the Gutenberg editor has been ported over, promising a better editing experience in Drupal 8.

The team behind this daring project? Frontkom, a Norwegian digital services agency that:
 

  • refused to just sit and wait (for a year or two) for the in-progress initiative of modernizing Drupal's admin UI to grow into a core solution
  • decided to capitalize on their experience in working with the Gutenberg page builder 
  • … and on this content editor's open source nature, too
  • … to bring it over to Drupal 8
     

Now, if you're determined to improve the editorial UX on your Drupal site, to “spoil” your editors with a modern, intuitive and flexible admin UI, keep on reading...
 

1. The Drupal Gutenberg Project: Aiming for a Modern Admin UI in Drupal 8

And by “modern” I do mean the opposite of the Panels & Paragraphs & Layout combo solutions currently available for editing text in Drupal.

Solutions which only manage to make the entire workflow... discouragingly complex.

Especially if it's rich web content that editors need to create via the Drupal admin UI.

And this is precisely the context where the Drupal Gutenberg project was born: Drupal desperately needed/needs a modern, JavaScript-based admin UI.

With WordPress 5 users already enjoying this fancy content editor and the Frontkom team's having gained experience in using it, the idea of porting it to Drupal started to form:

"Why wouldn't we make it possible for Drupal users, too, to benefit from this content editor?" 

And here are some of the original Gutenberg project's features that lead them into thinking that, once ported, the editor would significantly improve the editing experience in Drupal 8:
 

  • it's (highly) decoupled
  • it's open source
  • it's React.js-based 
  • it provides a simplified, smooth and cool functionality-packed admin UI
  • it's Medium and Squarespace's inspired
  • it turns the creation of complex landing pages into a breeze
     

Page editing in Drupal 8 wasn't going to be the same again!

Their initiative turned into a Drupal 8 module —  Gutenberg Editor —  currently still an experimental one. 

Curious enough?

The first step to satisfy your curiosity is to take a look at their live demo: an interactive glimpse into the Gutenberg text editor implemented in Drupal 8.
 

2. The New Gutenberg for Drupal: Top Features Improving the Editing Experience in Drupal 8
 

2.1. All the Page Elements Are... Content Blocks

That's right, the team behind this project capitalized on the “everything is a block” Drupal 8 concept when adapting the Gutenberg UI to Drupal.

The result?

Both the Drupal core blocks and 20+ Gutenberg blocks are available in the resulting admin UI.

Basically, a Drupal 8 editor can insert into the web page that he/she's creating any of the core Drupal blocks and of the Gutenberg blocks of choice.

Speaking of which, let me point out just a few:
 

  • Heading
  • Image gallery
  • Auto embedded social posts
  • Buttons
  • Custom Drupal blocks
  • Layout blocks
     

Needless to add that you're free to enrich this list with your own custom blocks, too.
 

2.2. Easy Switch from Visual to Code Editor

That's right, the Gutenberg UI enables you/your editors to quickly switch to code editor —  opening up a neat markup —  and to apply any needed tweaks on the output.
 

2.3. Positioning Content Is Straightforwardly Intuitive

Editors get to select precisely where they want to position different types of content on a page.

And the very same results that they generate while in the Gutenberg admin UI get instantly reflected on the live web page, as well.

And there's more! More great admin features improving editing experience in Drupal. For instance:

Full control over font sizes and colors; tweaking them becomes a breeze with the new editor.
 

2.4. There's a Blocks Search Box

And not only that:
 

  1. using this search box you can track down precisely those content blocks that you need to add to your page
  2. but you can access them inline, as well, using “/”.
     

2.5. Full Control of the Layout

Another great thing about the content blocks available in the Gutenberg UI is that: they can have child block, too!

This way, it'll get unexpectedly easy for your editors to split their used blocks into columns on a grid.
 

2.6. Auto Embedded Social Posts/Videos

And all it takes is pasting their URL.
 

The Story of a Real Challenge: Making Gutenberg CMS-Agnostic

Open source, but not fully CMS-agnostic... 

The team behind the Drupal Gutenberg project had to come up with a suitable solution for this challenge. And they did come up with a multi-step solution to make the fancy text editor work in Drupal 8, as well:
 

  • first, they created a fork and removed the WordPress specific features
  • they used the Gutenberg editor as a dependency at first
  • next, they set up a standalone NPM package
  • then they built the Gutenberg Editor module
     

In short: a fork of the initial Gutenberg project is still maintained while being used as a dependency of the new Drupal 8 module. Therefore, each time Gutenberg gets an updated, the corresponding Drupal module, too, gets a new release.

Now, digging deeper into the project's architectural design, we discover 2 elements that the team had to re-write for Drupal:
 

  1. the URL defining the editor routes (edit page route, new page route, preview page route)
  2. the api-request, now configured to “talk to” Drupal (instead of the WordPress API)
     

How does the new module work?
 

  • as a text editor, which can be easily enabled for each content type
  • all it takes is a long text field for it to work: it replaces the node edit UI for that specific content type
     

Note: the Frontkom team also “promises” us to re-use as many Drupal-specific styling for the editor's UI elements in order to add a familiar Drupal feeling to it.
 

What Next? What's The Project Roadmap

Ok, so what we know for sure now, regarding this ambitious initiative turned into a Drupal module is that:
 

  1. the Drupal Gutenberg module is downloadable, yet still experimental (for developer use only)
  2. the team's still working on the project, implementing new features and functionalities aimed at making it feel more... Drupal native
  3. the final version will be presented to the eager/intrigued/curious/skeptical Drupal users and developers in the coming months
     

The END! Can't hide that I'm more than curious what you think about this contrib solution for improving the editing experience in Drupal 8:
 

  1. Are you looking forward to using it, hoping that this editor would make up for the inconveniences of working with Drupal's current admin UI?
  2. Are you skeptical about the perspective of being tied up to a WordPress page builder?
Aug 13 2018
Aug 13

Just imagine: putting together the powerful UI creation tools of a static site generator — more of a modern front-end framework rather —  built for high speed, like Gatsby.js, with Drupal 8's content modeling and access system! Putting their powers together into a blazing-fast website! But how to get Gatsby to work with Drupal?

How do you build a plugin that fetches data from API-first Drupal? In short: a static, conveniently simple, yet robust Gatsby site powered by a powerful, decoupled Drupal back-end?

You've got the questions, we've got the answers...

And we've grouped all our answers to your questions regarding “API-first and decoupled Drupal in connection with Gatsby” in a straightforward 4-step tutorial. One on building a high-speed Gatsby website backed by a versatile headless Drupal CMS.

Shall we dig in?
 

1. But What Is Gatsby.js More Precisely?

The standard, rather rigid definition would be:

“It is a GraphQL-fueled, React-based static site generator.”

Now if the words “static site generator” just make you... cringe, here's a more nuanced definition for you:

“Gatsby's more of a modern front-end framework —  one pulling together the best parts of GraphQL, React, webpack, react-router — built with the developer experience in mind.”

In short: it's a static site that this “more than just a static site generator” helps you build, leveraging its out-of-the-box front-end tools. A website geared to reach fast page loads while pulling data from a decoupled Drupal CMS.

And there are the 2 basic steps for getting started with Gatsby; you simply write your site's code structure and let Gatsby handle the rest:
 

  1. turn it into a directory with a single HTML file
  2. … along with all your static assets


2. 3 Reasons Why You'd Want to Use Gatsby

… instead of Jekyll, your webpack config or create-react-app.
 

a. Because of the richness of the Gatsby ecosystem

With rich documentation at hand and backed by an already large community of starters, you'll get your Gatsby site up and running in no time.
 

b. Because it leverages GraphQL' power to build its data layer.

And this is one of those heavy-weighting reasons for using Gatsby over other competing alternatives:

Gatbsy's built to fetch data from... pretty much anywhere — your CMS of choice, Markdown, third-party APIs, Markdown — using “source” plugins. When creating its data layer, it relies on GraphQL, which builds an internal server of all this pulled data.

In short: when questioning yourself “how to get Gatsby to work with Drupal”, do keep in mind that in your future Gatsby & decoupled Drupal setup data gets queried from the same place, in the same way, via GraphQL.
 

c. Because it's built for high speed.

And this is one of Gatsby's hardest-to-resist-to advantage:

It's just... fast.

And that gets reflected in your final Gatsby & decoupled Drupal site while bubbling up to the user experience, as well.

Summing up, these are the 3 strongest reasons why you would be tempted to use Gatsby with Drupal CMS. 

I'm not going to engage in dynamic sites vs static sites debate now. The internet's overcrowded with such comparisons.

I'll just end this “pledge” on using Gatsby with just a non-debatable statement:

Since a static site generator pre-generates the pages of your website, the performance vs maintenance costs scales gets unbalanced. And guess which one's going up and which one down!
 

3. And Why Would Pair Gatsby with Drupal?

If there are strong reasons why you should be getting started with Gatsby, why is there any need to consider decoupled Drupal CMS for its back-end?

Because static site generators don't “care” much for the authoring experience. Content editors have to get themselves tangled up in Makdown for creating content.

True story!

And this is where powerful CMSs, such as Drupal, step in, “luring” you with their:

  • WYSIWYG editors
  • content types 
  • content modeling capabilities
  • access workflow capabilities

… to make your content team's lives easier!

And now your “How to get Gatsby to work with Drupal” dilemma turns into a new legitimate one:

How to make your Gatsby website cope with a decoupled Drupal setup without adding the “dread” of a database and web server to the equation?


2 elements that “pave the path” for performance and security issues.

Well, this is precisely what this “decoupling Drupal with Gatsby scenario means to avoid:

  • you'll get to host your Drupal CMS in-house
  • … and thus take full advantage of the robustness and versatility of a decoupled Drupal CMS back-end
  • your Gatsby website will fetch data from its Drupal back-end and generate content “the static way” (which translates into “incredibility fast page loads”)
     

4. How to Get Gatsby to Work with Drupal More Precisely

Or simply put: how to pull data/content from Drupal into your Gatsby website?

Here's a straightforward tutorial in 4 steps on how to integrate Drupal with Gatsby:
 

4.1. First, Build Your Drupal Server 

Assuming that you have a Drupal 8 website installed, the very first step to take is to:
 

a. Create a new content type 

For this exercise, it's a blog — including all its blog posts — that we'll try to transfer from Drupal to Gatsby. So, we'll name our content type: “Blog”.

It will include 3 basic fields:

  • title
  • body
  • image

For this, just navigate to Home>Administration>Structure>Content Types.
 

b. Turn Drupal into an API Server 

For this, there are 2 key modules that you'll need to install:
 

  1. jsonapi_extras: for gaining more control over the API (to disable resources, to change the default endpoint, to enhance field output etc.)
  2.  jsonapi, which will turn your Drupal website into an API server (one having a default endpoint)
     

c. Grant Anonymous User Permission to Access the JSON API resource list

If you overlook this step, you'll end up with an “Error 406” message, which will just sabotage your whole “decoupling Drupal with Gatsby” mission.
 

d. Check How Your Drupal API Server Works 

You can do this by navigating to http://[your-site]/jsonapi logged in as an Anonymous user.

If the page that you'll get displays all the information regarding your API server, then you'll know you're on the right track.
 

4.2. Then, Create a New Gatsby Site

But before you jump to building your new static website, check whether you have npm and node installed on your PC. 

How? By entering “npm  -v” and “node  -v” into your terminal.

Next, you'll need to install Gatsby's CLI:
 

npm install --global gatsby-cli 

Then, just build and get your Gatsby site up and running.

Note: by default, it will be accessible at localhost:8000.

How to Get Gatsby to Work with Drupal: building a new Gatsby site

4.3. Decouple Drupal with Gatsby: Pulling Data from the API Server
 

a. Set up the (/blog) page

Solving your “How to get Gatsby to work with Drupal”  type of dilemma starts with... the creation of a new page on your Gatsby website.

And is as simple as... setting up a new JS file.

Note: all your Gatsby pages will get stored under /src/pages.

Now here are the basic steps to take:
 

  1. create the blog.js in /src/pages
  2. then add this code: import React from "react" const BlogPage = () => ( <div> <h1>Latest from our bog</h1> </div> ) export default BlogPage 
     

Voila! You've just created a new page at /blog.
 

b. Pull Content from the Drupal 8 site using GraphQL

The “gatsby-source-drupal” plugin, to be more specific.

It's this source plugin that will be “in charge” with all the data (images here included) pulling from decoupled Drupal back-end to your Gatsby site.

Note: do keep in mind that in this case, the JSONAPI module plays a crucial role.

And here's how you install your “power” plugin:
 

// in your blog.gatsby folder npm install --save gatsby-source-drupal 

Next, just configure your newly installed plugin:
 

// In gatsby-config.js plugins: [ ... { resolve: 'gatsby-source-drupal', options: { baseUrl: 'https://goo.gl/Cc5Jd3 apiBase: 'jsonapi', // endpoint of Drupal server }, } ], 


Tada! Now your site should be functioning properly.

If... not quite, here are the causes of the 2 most common error messages that you could get:
 

  • “405 error”, check whether the jsonapi_extras module is enabled
  • “ 406 error”, have a closer look at the permission on your Drupal site
     

c. Configure GraphQL to Pull Specific Pieces of Content from Drupal

In other words: to query all the “blog” nodes from Drupal and request specific data from the API server.

Another strong reason for using Drupal CMS with Gatsby is that the latter provides an in-browser tool for testing GraphQL queries names, for writing and validating them. You can access it at localhost:[port]/___graphql, whereas in our particular case here at: localhost:8000/___graphql.

Now, as you're solving this “How to get Gatsby to work with Drupal” type of puzzle, just try to query all the blog nodes.

Next, navigate back to your blog.js file and run this query:
 

export const query = graphql` query allNodeBlog { allNodeBlog { edges { node { id title body { value format processed summary } } } } } ` 


Then, update your const BlogPage so that it should display the body, content and title:

const BlogPage = ({data}) => ( <div> <h1>Latest from our blog</h1> { data.allNodeBlog.edges.map(({ node }) => ( <div> <h3>{ node.title }</h3> <div dangerouslySetInnerHTML={{ __html: node.body.value }} /> </div> ))} </div> ) 


Next, save your file and... “jump for joy” at the sight of the result:

All your blog posts, nicely displayed, pulled from Drupal and published on your Gatsby site!
 

4.3. Finally, Just Go Ahead and Publish Your New Gatsby Site

And here you are now, ready to carry out the last task of your “How to get Gatsby to work with Drupal” kind of “mission”. 

This final task is no more than a command that will get your Gatsby website running:

gatsby build 

Next, just run through your /public folder to see the “fruits of your work”.

At this point, all there's left for you to do is to copy/push content in /public to server and... deploy your new website using Gatsby with Drupal CMS.

The END! This is how you do it: how you use Gatsby.js in a decoupled Drupal setup so you can benefit both from:

  1. a modern static site generator's robustness and high performance, built with developer experience in mind 
  2. a powerful CMS's content managing capabilities, built with the editorial experience in mind 
Jul 20 2018
Jul 20

So, you've installed your version of Drupal and you're now ready to actually start building your website. What essential tools should you keep close at hand, as a site builder? Which are those both flexible and powerful must-have modules to start building your Drupal site from scratch?

The ones guaranteeing you a website that:
 

  1. it integrates easily with all the most popular third-party services and apps
  2. is interactive and visually-appealing, irrespective of the user's device
  3. is a safe place for your users to hang on, interact with, shop on, network on...
  4. is conveniently easy for content managers and admins to handle
     

Luckily, there are plenty of modules, themes and plugins to overload your toolbox with:

Long gone are the code-centric webmaster's “glory days”! Nowadays, as a Drupal site builder, you have a whole array of tools at your disposal to just start building and getting a Drupal site up and running in no time.

Sometimes without the need to write a single line of code!

But, let's not beat around the bush any longer and have a close look at these 10 essential modules that you'll need for your “Drupal 8 site building” project:
 

Definitely a must-have module:

Just consider that Drupal accepts ANY user password, be it a... one-latter password!

So, in order to set up your own stricter and safer password policy, you need to install this module here.

Then, you can easily define:
 

  • the minimal (and maximal) no. of characters that any user password on your Drupal site should include
  • the no. of special characters that it has to include
  • specific restrictions Like: "one can't use his/her email address as his/her password"
     

Why should this module, too, be in your essential toolkit of modules to start building your Drupal site with?

Because it implements the functionality to get notified — you, the admin or content manager —  as soon as a user posts a comment on the website.

Note: you can get “alerts” about both the logged in and the anonymous visitors' comments.
 

3. Breakpoints, One of the Must-Have Modules to Start Building Your Drupal Site 

It goes without saying that one of the Drupal site building best practices is providing it with a responsive web design.

And this is precisely what this module here facilitates:

Setting the proper media queries, once you've defined your own breakpoints.
 

A module whose functionality bubbles up to the content manager's experience.

Whenever he/she will have to make a selection involving both categories and subcategories, this hierarchical type of selection will prove to be more than useful:

Practically, once you/they select the “main” option, a new drop-down menu/widget including the subcategories to select from pops up, as well. Like in the image here below:

Essential Modules to Start Building Your Drupal Site With: Simple Hierarchical Select

And complying with this EU notification is mandatory. 

So, this is why EU Cookie Compliance is another one of the essential modules to start building your Drupal site with:

It displays the given notification — providing visitors with the option to agree or/and to read more information about your cookie policy —  in the footer of your website.
 

6. Shield              

Any Drupal site building guide would advise you to install a module that shields your website from anonymous users and search engines when running your test environments.

And this is what Shield is built for:

To screen your site from the rest of the world —  except for you and the logged in users — when you deploy it in a test environment.

A more than convenient method, as compared to manually setting up a .htpasswd and then integrating it with .htaccess.
 

If you're not just another Drupal site builder, but a user experience-centric one, you must consider also those modules to build your Drupal site with that boost the level of user interactivity.

Like Beauty Tips here.

It displays balloon-help style tooltips whenever a user hovers over a certain text or page element on your website.

Pretty much like Bootstrap tooltip does.
 

Another one of the Drupal site building best practices is to turn it into a safe place for your users to be. 

In short: to protect their privacy.

And if you're building a website that's available on both HTTP and HTTPS, the Secure Login module comes in handy as it makes sure that:
 

  1. the user login form
  2. all the other fill-in forms that you'll configure for extra security
     

… get submitted via HTTPS.

It locks them down, enforcing secure authenticated session cookies, so that user passwords and other critical user data don't get exposed all over the internet.
 

It's another one of those essential modules to start building your Drupal site with if you're determined to provide the best user experience there.

What does it do?

It enables particular visitors on your site — those granted permission to edit and to add new menu items — to choose whether they open menu items in new windows or in the current ones.
 

A module that makes up for the “Remember me” feature that's missing from the user login screen in Drupal:

It comes to implement this missing option, one independent from the PHP session settings.

So, we're not talking about the conventional, too long “PHP session time” here, but about a more secure and user-friendly “Remember me” feature added to the login form.

Furthermore, the module enables you to define some extra security policies, too:
 

  • the no. of persistent sessions that a Drupal user can enjoy at the same time
  • specific pages where users still have to log in again
  • after how long the logged-in users will need to re-enter their credentials once again
     

And 2 “Extra” Modules to Consider When Building Your Drupal Site

By “extra” I mean that they're not really essential modules to start building your Drupal site with. Yet, they're the first 2 ones to consider right after you've put together your “survival” toolkit as a site builder:
 

1. Site Settings & Labels    

Take this common scenario:

You need to display a social network URL on multiples pages on your Drupal site. 

What do you do?
 

  1. you hard coding this single setting in the source
  2. you start building a custom Drupal module for handling this variable
  3. you install the Site Settings & Labels module and thus display a checkbox to render page elements through a template conditional
     

The “c” variant's undoubtedly the winner here. 

A win-win for you, in fact:
 

  1. you save the time you'd otherwise have spent coding
  2. you improve the user experience on your Drupal site
     

2. Slick/Slick Views/Slick Media          

It's actually a suite of modules to start building your Drupal site with. One “injecting” the needed functionality so that you can easily set up:
 

  • carousels
  • slideshows
     

… on your freshly built website.

Note!

I won't lie to you: setting up the library dependencies is not exactly a child's play. Yet, once you've succeeded it, configuring the modules in this suite, right in your Drupal admin, is piece of cake.

The END! These are the 10 must-have modules to start building your Drupal site from scratch with. Would you have added some more? 

Or maybe you wouldn't have included some of the modules listed here, as you don't consider them “essential”? A penny for your thoughts!

Jul 18 2018
Jul 18

Let's say that it's a WhatsApp-like, a decoupled, Drupal 8-backed, real-time chat platform that you're building. One using Node.js. In this case, implementing field autocomplete functionality becomes a must, doesn't it? But how do you add autocomplete to text fields in Drupal 8?

Needless to add that such otherwise "basic" functionality — implemented on fields such as node reference and user/tags — would instantly:
 

  1. improve the user experience 
  2. increase the level of user interactivity and engagement
     

Users would group around different "channels" and be able to easily add new members. The auto-complete text fields will make the whole “new member coopting” process conveniently easy:

Users would only need to start typing and an array of name suggestions (of the already existing team members) would spring up.

But let's see, specifically, what are the steps to take to implement autocomplete functionality in Drupal 8:
 

1. The Drupal Autocomplete Form Element: Adding Properties to the Text Field

The first basic step to take is to define your form element. The one that will enable your app's users, on the front-end, to select from the suggested team members' names. For this:
 

  1. navigate to “Form” (you'll find it under “Entity”)
  2. scroll the menu down to ”NewChannelForm.php”
     

Note: using “#autocomplete_route_name element” when defining your form element will let Drupal know that it should ignore your form element on the front-end.

And now, let's go ahead and assign specific properties to your form's text field! For this:
 

  1. define “#autocomplete_route_name”, so that the autocomplete JavaScript library uses the route name of callback URL
  2. define “#autocomplete_route_parameters”, so that an array of arguments gets passed to autocomplete handler
     
$form['name'] = array(
    '#type' => 'textfield',
    '#autocomplete_route_name' => 'my_module.autocomplete',
    '#autocomplete_route_parameters' => array('field_name' => 'name', 'count' => 5),
);


And this is how you add #autocomplete callback to your fill-in form's text field in Drupal 8!

Note: in certain cases — where you have additional data and or different response in JSON —  the core-provided routes might just not be enough. Then, you'll need to write an autocomplete callback using the “my_module. autocomplete“ route and the proper arguments (“name” for the field name and “5” as count, let's say).

And here's specifically how you write a custom route:
 

2. Add Autocomplete to Text Fields in Drupal 8: Define a Custom Route

How? By simply adding the reference to the route — where data will get retrieved from — to your “my_module.routing.yml file”:
 

my_module.autocomplete: path: '/my-module-autocomplete/{field_name}/{count}' defaults: _controller: '\Drupal\my_module\Controller\AutocompleteController::handleAutocomplete' _format: json requirements: _access: 'TRUE' 


Note: remember to use the same names in the curly braces (those that you inserted when you defined your “autocomplete_route_parameters”) when you pass parameters to the controller!
 

3. Add Controller with Custom Query Parameters

In the custom route that you will have defined, you'll have a custom controller AutocompleteController, with the handleAutocomplete method.
 
Well, it's precisely this method that makes sure that the proper data gets collected and properly formatted once served.

But let's delve deeper into details and see how precisely we can generate the specific JSON response for our text field element.

For this, we'll need to:
 

  • set up a AutoCompleteController class file under “my_module>src>Controller > AutocompleteController.php"
     
  • then, extend the ControllerBase class and set up our handle method (the one “responsible” for displaying the proper results)
     
  • it's the Request object and those arguments that you will have already defined in your routing.yml.file (“name” for the field name and “5” for the count, remember?) that will pass for your handler's parameters
     
  • the Request object will be the one returning the typed string from URL, whereas the “field_name” and the “count” route parameters will be the ones providing the results array.
     

Note: once you get to this step here, as you add autocomplete to text fields in Drupal 8, remember that you should be having data in “value” and“label” key-value, as well:

Next, you'll set up a new JsonResponse object and pass $results, thus generating a return JsonResponse.
 

Summing Up

That's pretty much all the “hocus pocus” that you need to do to add autocomplete to text fields in Drupal 8. Now the proper data results should be generated.

Just reload your app's form page and run a quick test:

Try to create a brand new channel in your app and to add some of the already existing team members.

Does the text field have autocomplete functionality added to?

Jul 10 2018
Jul 10

Let's say that you need to spin up a new Drupal environment in... minutes. To quickly test a new patch to Drupal core, maybe, or to switch between 2 or more clients on the same day and thus to run multiple copies on several websites... In this case, how about taking the quick and easy way and set up a local Drupal site with Lando?

"What is Lando?" you might legitimately ask yourself.

A DevOps tool and Docker container-based technology enabling you to spin up all the services and tools that you need to develop a new Drupal project in no time.

"Why would I choose Lando as a method to set up a local Drupal site?"

Let me list here some of the strongest reasons:
 

  • it makes setting up a local Drupal site unexpectedly easy (and I'm talking about "minutes" here)
  • it makes getting started with Docker container technology a whole lot easier
  • it enables you to share your Drupal site's configuration within your team right on your Git repository (taking the form of a YAML file)
  • it puts several development environments (LEMP, MEAN, LAMP) at your disposal
     

Are these reasons strong enough for you?

If so, here's a quick step-by-step guide on how precisely to set up a Drupal site with Lando:
 

Step 1: First, Make Sure You Meet the System Requirements

If, as a web developer, you're not efficient with using the command line... well... then there are high chances that you find this tutorial here a bit discouraging.

And if being more than just familiar with the command line is not a strict requirement, then the following system requirements () are:
 

  • macOS 10.10+
  • Linux (with kernel version 4.x or higher)
  • Windows 10 Pro+ (or equivalent) with Hyper-V running
     

These are the 3 operating systems that Lando's currently compatible with. Now, let's move on...
 

Step 2: Download and Install Lando and Docker 

Go to Lando releases on Github and download the latest version for your OS. Just run the installer and let it "do the job" for you:
 

  • install Docker for Windows, Docker for Mac, Docker CE
  • install Lando: for Mac run brew cask install Lando and for other OS download the .rpm, .dmg, .exe or .deb
     

Step 3: Create a New Drupal Project

Luckily for you, there are several ways to get a Drupal codebase. Pick the one that you're most comfortable with as you set up a local Drupal site with Lando:
 

  1. install Drupal 8 the standard way (the first step there being "Get the Code"); next, grab the latest version of Drupal 8 navigating to "Download & Extend"
  2. or use Composer to create your new Drupal project: drupal-composer/drupal-project:8.x-dev my_drupal_project --stability dev –no-interaction
  3. or just navigate somewhere on your PC and use GIT to clone it: git clone --branch 8.6.x https://goo.gl/Q3MoVu lando-d8
     

Step 4: Set Up a Local Drupal Site with Lando: Extract Drupal

To extract Drupal just:

  1. open up your terminal window
  2. enter the commands here below:
cd Sites
tar xzf /tmp/drupal-8.5.1.tar.gz
mv drupal-8.5.1 drupal-lando
cd drupal-lando

And thus set up the Sites/drupal-lando/ directory inside your home directory


Step 5: Set Up Lando   

Now's time to initialize Lando and enable it to create a basic configuration file for you.

And, again, you have more than just one option at hand:
 

  1. while still in your terminal window, run this command and specify the Drupal 8 recipe and your web root as web, next name it "drupal-lando": lando init --recipe drupal8 --webroot=. --name="drupal-lando"
  2. or just launch the interactive session: run "lando init" interactively
     

Next, it's the following YAML file/ ".lando.yml", that it will create:

name: drupal-lando
recipe: drupal8
config:
  webroot: .

Note: feel free to ignore the "lando init" step and to jump straight to copying and pasting this file here.
 

Step 6: Start Your Environment & Wait for Your Docker Containers to Get Set Up

And here you are now, at that step from the whole process where you set up a local Drupal site with Lando where you start your Docker engine.

For this, just run the following command in your terminal window:

lando start 

If everything goes according to plan, this is where Lando starts Docker and sets up 2 containers.

Next, feel free to run:

lando composter install

It's going to use PHP/Composer inside the newly created Docker container for building Drupal's Composer dependencies.
 

Step 7: Browse to Your Site's URL and Walk Through the Drupal Installation Process

Time to install your new clean Drupal 8 site now.

Just visit your local site in the web browser and walk through the Drupal wizard install process (since your new site starts with an empty database, you will be automatically directed to the Install page)

Set Up a Local Drupal Site with Lando- Drupal Installation

Once you reach the step where you need to configure your database, enter these options here:
 

  • Database host: database
  • Database name, username, password: drupal 8
     

Next, unfold the "Advanced Options" drop-down menu and:
 

  1. replace "localhost", currently showing up in the "Host" field, with "database"
  2. hit the "Save and continue" button and let the Drupal installation process carry out
     

You'll set up a local Drupal site with Lando in... minutes! A brand new website that you can then easily:
 

  • test
  • debug
  • manage with Composer
     

Optionally, you can add a new service of your liking (e.g. MailHog, for catching outbound mails) and custom tune your setup right from your .lando.yml.file.

Set Up a Local Drupal Site with Lando- Welcome to Drupal Lando

The END! And this is how you do it... Told you it was just a matter of a few easy steps! 

Jul 04 2018
Jul 04

I'm a woman of my word, as you can see: here I am now, as promised in my previous post on the most effective ways to secure a Drupal website, ready to run a “magnifying glass” over the best Drupal security modules. To pinpoint their main characteristics and most powerful features and thus to reveal why they've made it to this list.

And why you should put them at the top of your own Drupal security checklist.

So, shall we dig in?
 

It's only but predictable that since the login page/form is the entry to your Drupal site, it is also the most vulnerable page there, as well.

Therefore, secure it!

In this respect, what this module enables site admins to do is :

  • define a certain number of login attempts; too many invalid authentication attempts will automatically block that account
  • block/limit access for specific IPs
     

Moreover, you get notified by email or via Nagios notifications when someone is just username/password guessing or using other kinds of brute force techniques to log into your Drupal site.

In short: the Login Security module, through its variety of options that it “spoils” you with, empowers you to set up a custom login policy on your site. To define your own restrictions and exceptions.

As already mentioned here, on this blog, when we've tackled the topic of Drupal security:

Keeping your Drupal core updated is that easily underrated, yet most powerful security measure that you could implement!

Now what this module here does is assisting you in keeping your Drupal codebase up to date: safely patched and having all the crucial upgrades.

And I don't need to remind you the security risk(s) that all those site owners ignoring the latest patches to Drupal core expose their websites to, right? 
 

Captcha is one of the best Drupal security modules since it's one of the most used ones.

And no wonder: could you imagine submission forms on your website with no Captcha? The age-old system is one of the handiest ways to keep spammers and spambots away.

So, having this module “plugged in”, providing you with the needed captcha support, becomes wisely convenient.
 

The module enables you, as your Drupal site's admin, to define specific rules for “wannabe users” to follow when they set up their account passwords.

From constraints related to:
 

  • special symbols that those passwords should include, to ramp up both the given account's and your own site's security
  • to uppercase letters
  • to numbers...
     

… once you plug in this Drupal security module in, it's you who gets to set up the policy for creating account passwords.
 

5. Security Review, One of the Best Drupal Security Modules

The Security Review module is that “Swiss knife” that you need for hardening your site's shield.

Meaning that it's an all-in-one tool. One that comes with its own Drupal security checklist that it regularly goes through and sets against your website, detecting any missing or improperly implemented security measures.

Moreover, it automates a whole series of tests for tracking down any signs of exploits and brute-force attacks:
 

  • arbitrary PHP execution
  • XSS exploits
  • SQL injection
  • suspicious PHP or JavaScript activity in content nodes
     

Once it identifies the vulnerabilities, it “alerts” you and gives you the best recommendations for mitigating those security risks. All you need to do is follow the suggestions.
 

Another module that “empowers” you to take full control over the security strategy on your Drupal site. To set up specific options for minimizing the chances of exploitable “cracks” showing up in its security shield:

For instance, it could recommend you to set up HTTP headers on your Drupal site.
 

Here's another one of those best Drupal security modules that's also one of the widely used ones.

Why is it a must-have on your own Drupal site? Because it enables you to set a limit to the number of simultaneous sessions per user, per role.

This way, you trim down the chances of suspicious activity being carried out on your site and eventually leading to brute-force attacks.
 

Another module that's a must on your Drupal site:

It basically enables you, the site admin, to define a policy that would log out users after a specified time period of inactivity. 
 

LinkedIn, Google, Twitter, Instagram, Facebook are just some of the big names that have adopted this user authentication method for security reasons. So, why shouldn't you, too?

Especially when you have a dedicated module at hand, Two Factor Authentication, to:
 

  • provide you with various methods to select from: pre-generated codes, time-based one-time PINS or passwords, codes sent via SMS etc.
  • give you full freedom in defining that two-factor authentication strategy that suits your site best
     

The principle is as simple for the user, as it is effective for your website, from a security standpoint:

The user gets a security code that he/she'll then need to use for logging into your Drupal site.
 

A command-line tool, with IDE support, that gives your codebase a deep scan and detects any drift from the coding standards and best practices.

Why has it made it to this exclusive list of 15 best Drupal security modules? Cause vulnerabilities might be lurking right in your Drupal code, not necessarily in your users' weak passwords or unpatched core modules.

Having a tool at hand that would identify and notify you of all those weak links in your code, where the best practices aren't being followed, is just... convenience at its best.
 

Another key module to add to your Drupal security checklist. 

For you do agree that email addresses are some of hackers' easiest ways to infiltrate into your website, don't you? 

Now what this module here does is obfuscate email addresses so that spambots can't collect them.

Note: a key strength of SpamSpan is that it uses JavaScript for this process, which enhances accessibility.
 

12. ACL      

“A set of APIs” This is how we could define this module here, which doesn't come with its own UI.

Its key role? To enable other Drupal modules on your website to set up a list of users that would get selective access to specific nodes on your site.
 

Why is Paranoia one of the best Drupal security modules?

Because it will end your “paranoia” — as its name suggests — that an ill-intentioned user might evaluate arbitrary code on your site.

The module practically identifies all those vulnerable areas where a potential attacker could exploit your site's code and blocks them.
 

Limiting or blocking access to key content types on your site is no more than a common-sense security measure to take, don't you agree?

Therefore, this module here's designed to assist you throughout this process:
 

  • as you define detailed permissions on your site: to view/edit/ delete specific content types
  • … by user role and by author 
     

Word of caution: do keep in mind that, since Content Access uses Drupal's node API, you shouldn't enable other modules using the same endpoints on your website!
 

A module that ramps up not just your site's security, but also its accessibility.

Just think about it:

Nowadays anyone has at least one Google account. Therefore, “anyone” can easily log into your website using his/her own Google account credentials.

Once, of course, you will have installed and turned this Drupal module on.

END of list! These are the 15 best Drupal security modules worth installing on your site. 

Scan them through, weigh their key features, set them against your site's specific security needs and make your selection!

Jul 02 2018
Jul 02

Save the date(s): 10-12 August! And join us for a 3-day conference on building with Drupal, driving this open-source technology forward and strengthening & growing the community behind it: Drupal North Regional Summit 2018

You'll find us in our booth at the Toronto Reference Library's exhibit hall, to be more specific, since this year OPTASY's a proud gold sponsor of the fourth edition of this event: 

The biggest annual summit in Canada focused on promoting Drupal. 
 

Why Would You Attend Drupal North Regional Summit 2018?

That's right: why would you pack your bags and get en route for Toronto's Reference Library when summer is at its peak and everyone's looking for a place in the sun?

For a bunch of strong reasons, actually:
 

  • first of all, if you're already living in Canada, why would you want to miss the biggest annual event in North America promoting Drupal?
  • no less than 300+ individuals and organizations will be attending it
  • if you're a Drupal developer, this is a once-in-a-year opportunity to grow and to... outgrow yourself; the event's schedule is “overcrowded” with sessions covering a variety of Drupal-related topics, with “can't miss” keynote sessions and networking opportunities
  • … grow your profile by sharing your knowledge and expertise all while enriching it as you learn from other Drupalists attending the event
  • as a Drupal-powered organization, Drupal North Regional Summit 2018 is a great chance to recruit new talent (and this is the event's key “mandate”: to showcase Canadian Drupal talent), to make connections with other Drupal-fueled businesses...
     

Whether you're:
 

  1. in the government, nonprofit, education, business field
  2. a freelancing Drupal enthusiast looking to keep his/her knowledge up to date

… don't miss the largest summit in Canada promoting Drupal!
 

It'll be a win-win-win type of situation:
 

  • you (the Drupal developer) get to keep your knowledge up to date
  • you (the organization) get to dig through a pool of Drupal talent and also to network with other key decision-makers from some of the most notorious companies in Canada running their businesses on Drupal
  • and it's a winning situation for Drupal itself: all the individuals and companies attending the summit will help to extend its reach to more people and more businesses 
     

OPTASY Proudly Supports Drupal and the Drupal North Regional Summit 2018

Why? What's in it for us? Why are we so proud to be one of the gold sponsors of this Drupal summit in Canada?

Because we like to practice what we preach:

To give back to the (Drupal) community, what the community gave to us for free. And along these +15 years years since we've been developing in Drupal there's been plenty of work done by all those developers contributing to Drupal and moving this open-source technology forward that we leveraged in our own projects. It's only but common sense to give something back now and to contribute ourselves, too.

And sponsoring Drupal events is one way that we can do that.

But there are other reasons, too, why we decided to support the Drupal North Regional Summit 2018 as a gold sponsor. All of them deriving from the above-presented reasoning:
 

  • the 3-day conference makes the perfect “lab” where brilliant solutions to well-known issues in Drupal get identified and shared with the community, new Drupal modules get put into the spotlight, new ways of innovating this technology get presented
  • in other words: investing in this Drupal summit we invest in us, as a team and as a company, and implicitly in our own clients, as well
  • ... all the knowledge and “steamy-fresh information” that we get from this conference will then be put to use when working on our clients' future projects
  • it's also a great place to network with existing and potentially new Drupal-using companies
  • and an opportunity for us to “expose” the key advantages that set OPTASY apart as a Drupal agency: +15 years hands-on experience, proven Drupal expertise, pure passion for what we do, a strong work ethic and stellar communication skills confirmed by our clients
     

So, are you curious about Drupal's main strengths as a technology of the future? Interested to discover what precisely helps it stand out?

Are you looking for a Drupal partner with both the proven experience and the proper “weakness” for innovation to turn your ideas into digital reality? Stop by our booth then, in August, and let's talk Drupal, growth opportunities and everything in between!

Jun 28 2018
Jun 28

You have patched your Drupal website, haven't you? If so, then that critical 3-month-old security flaw, Drupalgeddon2, can't get exploited on your site. Even so, with the menace of a cryptocurrency mining attack still lurking around the unpatched websites, you legitimately ask yourself: what are some quick and easy ways to secure Drupal?

“Which are the most basic steps to take and the simplest best practices to adopt to harden my Drupal site's security myself?”

Now, using keywords such as “security measures”, “quick”, “easy” and “handy”, I've come up with a list of 7 basic steps that any Drupal site owner can (and should) take for locking down his/her website.

Here they are, in no particular order:
 

1. Keep Your Drupal Core and Modules Updated 

Not only is this one of the simplest ways to secure Drupal, but one of the most effective ones, as well.

Even so more now, with the Drupalgeddon2 Drupal security threat still fresh in our memory, ignoring the regularly released security updates for both Drupal core and its modules is just plain recklessness or... self-sabotage.

Keep your Drupal version updated: apply security patches as soon as they get released, avoiding to leave your site exposed and exploitable. As simple as that!

And where do you add that this is one of those Drupal security best practices that's the easiest to integrate into your routine. Since to run the latest updates you only need to:
 

  • sign in to your Admin panel
  • go to “Manage” 
  • scroll down to “Reports” → “Available Reports”
  • click on “Check manually”
  • if there are any critical security updates that you're advised to run, just click “Update”
     

This is all it takes for you to:

  1. seal any security loopholes in your Drupal core
  2. prevent any identified vulnerability from growing into a conveniently easy to access backdoor for hackers to get in
     

2. Install Drupal Security Modules 

Strengthening the shield around your Drupal site with some powerful Drupal security modules is another both handy and effective measure that you, yourself, can easily implement.

Luckily, you're definitely not out of options when it comes to good security modules in Drupal.

And I'm only going to run a short module inventory here, since I'm already preparing a blog post focused precisely on this topic. Therefore, I promise to delve deep into details about each one of the here-listed modules in my next post:
 

Downloading, installing security modules on your Drupal site is both:
 

  • quick and simple to do
  • highly effective 
     

And they serve a wide range of purposes, from:
 

  • enforcing strong password policies
  • to monitoring DNS changes
  • to locking down your site from security threats
  • to blocking malicious networks
  • to turning on a firewall on your site
     

As for their selection, it depends greatly on your list of priorities when it comes to improving your site's security. Take some time to weigh and to compare their features.
 

3. Remove Unused Modules: One of the Easiest Ways to Secure Drupal 

Being the “easiest” security measure to implement doesn't make it also “the most popular” among Drupal site owners.

Owners who more often than not:
 

  • underrate the importance of running a regular module usage audit on their sites
  • ignore the Drupal security threat that an outdated piece of code (or an unused module) could turn itself into, once exploited by an attacker
     

So, don't be one of those site owners! Are there modules on your site that you no longer use? 

That have grown outdated and that are just... lingering there, using your site's resources and risking to grow into an exploitable backdoor for hackers?

Identify them and remove them! It won't take more than just a few priceless minutes of your time.
 

4. Enforce a Strong Password Policy

Since it's not just the admin (you do have a smart username and password for logging into your admin dashboard, don't you?) that will log into your Drupal site, but users, too, implementing some strong user-side security measures is a must.

In this respect, creating a strong password policy — one that would enforce the creation of complex, “hard-nut-to-crack” type of login credentials — is one the best and the easiest ways to secure Drupal on the user's side.

Come up with a policy that defines specific requirements for setting up passwords of high enough entropy (letters, uppercase/lowercase, symbols, different characters combos).

And don't hesitate to rely on dedicated Drupal modules for enforcing those requirements defined in your policy:
 

5. Block Access to All Your Sensitive Files

I bet you don't want important folders, core files — upgrade.php., install.php, authorize.php, cron.php —  to be easily accessible to just... anyone, right?

So, how about limiting or blocking access to them?

And you can easily do that by configuring your .htaccess file —  it's the one containing details of crucial importance regarding your website access and credentials to specific parts and core files on your site:

Just specify the IP addresses allowed to access those core folders, files and subdomains.

Here's one “enlightening” example:

<FilesMatch "(authorize|cron|install|upgrade)\.php">
Order deny, allow
deny from all
Allow from 127.0.0.1
</FilesMatch>


Note!

Now speaking of limiting access, don't limit your restrictions to your core folders and files. Remember to restrict/block access to your web server, to your server login details, as well.

How? By adding a basic layer of authentication limiting server access and file access usage.

Also, do remember to cautiously manage access to certain port numbers that your site/app might be using.
 

6. Back Up, Back Up, then... Back Up Some More 

You can't anticipate brute-force attacks, but you sure can “land back on your feet” if the worst scenario ever happens.

And you can only do that if you have a clean and recent backup at hand to just rollback and restore your website.

In other words: back up regularly! 

And remember to always back up your files and MySQL database before any update that you run on your Drupal code and modules. It is one of those common sense Drupal security best practices that should be included in any basic security checklist!

Where do you add that you even have a dedicated Drupal module —  Backup and Migrate — to assist you with this process.

Some of the back up “burdens” that this module will take off your shoulders are:
 

  • backing up/restoring code and multiple MySQL databases
  • integrating Drush 
  • backing up files directory
  • setting up several backup schedules
  • AES encryption for backups


7. Review All User Roles and Grant the Minimum Permissions Necessary

How many user roles are there assigned on your Drupal site?

If you don't quite know the answer, then it's obvious:

You must give your entire user role system an audit!

And to stick to this habit, one of the simplest ways to secure Drupal, after all.

Review all the user roles and, most of all, review each one's set of permissions and make sure you trim them down to the minimum necessary for each role. 

This way, you'll also limit access to critical files for those users that shouldn't have the permission to download or visualize them.

And speaking of permission, do keep in mind to review all your file permissions, as well!

See which user roles are granted permission to access key directories or to read, write or modify certain files on your website and block/restrict access where necessary.

The END! Of course, this isn't even close to a complete list of ways to secure Drupal. If it had been an exhaustive one, it would have continued with more Drupal security best practices, such as:
 

  • getting the SSL Certificate
  • securing HTTP headers
  • using secure connections only
     

Etc. etc. I've only focused on some of the easiest and quickest measures that anyone, with little, close to no technical know-how at all, can implement. And I feel like stressing out the term “practice” here:

Securing your Drupal site is a constant process; a series of persistent efforts and not a one time thing. Remain vigillant and cautious and don't rely on just a one-time, multifaceted security hardening “marathon”.
 

Jun 25 2018
Jun 25

Oops! The worst has happened: your Drupal site has been hacked! Maybe it was precisely one of those critical vulnerabilities, that the Drupal security team has been drawing attention to these last months, that the attacker(s) exploited? 

Now what? What to do?

Should you be:
 

  1. rushing to restore your website to a healthy, good-working state (that, of course, if you do have a clean and recent backup available)?
  2. starting to rebuild it?
  3. investigating how your Drupal site got contaminated in the first place: where's the “open door” that the attackers used to get in?
  4. focusing on closing any backdoors that could make new attacks possible?
     

Now “tormenting” yourself with too many questions simultaneously will only distract you from what should be your main objective: cleaning up your website (and preventing further hacks I should add).

So, let's go about it methodically, step by step:
 

Step 1: Write Down Issues, Steps to Take, Preventive Measures to Apply

Keep your cool and go for a methodical approach to crisis management:

Just open up a document and start... documenting:
 

  • the issues and any suspicious activity that you identify on your site
  • all the steps that your strategy for removing malware and restoring your site should include
  • the preventive security measures you commit to taking for preventing such a scenario from happening again the future
     

Step 2: Make a Forensic Copy of Your Drupal Site 

Before you start running your “investigations” on the attack, on how your Drupal site has been hacked, and way before you get to rebuild anything:

Make a forensic copy of all your files, you database and your operating system environment!

Note: go with an external storage medium for these copies and store them offsite.

As you're scanning through your files, detecting viruses and malware and having them cleaned up, feel free to make new and new “working backups”. And to store them in a different directory (from your regular backup files, I mean).

“But why bother? When will these backups turn out particularly useful?”
 

  1. when you call out to a third party to assist you with the troubleshooting process; these “working” backups will then provide a clear picture of the site before you started “malware detecting” on your own
  2. when you try to fix the issues you detect, but instead you make them worse; then, you can easily roll back those changes 
     

Step 3: Scan Your Servers and PC for Malware, Malicious Code Injections, Viruses

Before you rush to change all the passwords on your site, pause for a moment to think through your next “move”:

What if the attack has been “programmed” so that the attacker should get notified once you change your password(s)? And what if it's precisely your PC or one of your servers that's got infected? Then storing a clean backup of your site precisely there would only make it even more vulnerable.

So, how do you prevent that? You give both your PC and your servers a deep scan before making any change.

And, thank God, you sure aren't nickel and dimed in anti-malware tools and anti-virus software: AVG, BitDefender, Malwarebytes, ESET, AV-Comparatives etc.
 

Step 4: Detect & Remove the Backdoors

One of the crucial steps to take, once you realize that your Drupal site has been hacked, is to “close” all the backdoors.

These could easily turn into hackers' access ticket into your site even after you've removed malware and restored it to its healthy state. But, for closing them you first need to... find them right?

So, where to look?

Here are a few key places on your site that you should focus your “searches” on:
 

  • access logs: while scanning them, be vigilant and look for PHP scrips and POST requests added to directories that have writable access
     
  • eCommerce set up: check all the payment methods, shipping addresses, credit card addresses, linked accounts, looking for any suspicious, newly added data
     
  • passwords: FTP passwords, admin passwords, control panel passwords
     
  • email rules and filters: check that the answers to the security questions are “legitimate”, that messages are being forwarded to correct email addresses etc.
     

Step 5: Consider Taking Your Site Offline

And your decision depends greatly on the nature of your site:

If it's a hacked eCommerce Drupal site that we're talking about here, then don't wait even one more minute: take your site down (along with the internal network and servers) and install a placeholder!

This way, you'll prevent:
 

  • malware from being further distributed
  • spam from being sent to your online store's customers
     

Note: do keep in mind that taking your site offline will instantly let the attackers know that you've detected the malware that they've “infiltrated” and that you are about to “take action”.

If you decide not to take your Drupal site offline at the web server level, ensure that you've got your clean forensic copy at hand before deleting all the sessions.

Note: have you detected suspicious changes of the passwords? If so, use this query here for updating them (Drupal 7):
 

update users set pass = concat('ZZZ', sha(concat(pass, md5(rand()))))

As for the users, they can easily use the reset password tool for updating their passwords.

Word of caution: mind you don't take "Drupal on maintenance mode” for “offline Drupal". They're 2 completely different things! Once your Drupal site has been hacked, the malware could be of such nature that it allows the attacker to infiltrate as long as the site's online.
 

Step 6: Notify Your Hosting Provider That Your Drupal Site Has Been Hacked 

They should be informed about the breach and about your site being taken offline (if it's the case) immediately.

The sooner the better, this way they can:
 

  • start scanning their own systems for incursions
  • get ready to assist you with your site recovery and securing process
     

Step 7: Handle Client Data with Extra Precaution 

And these are the specific scenarios where you'll need to take extra precautions when handling client information:
 

  1. your Drupal site stores client information on the web host
  2. … it leverages the data POST method for sending form data via e-mail
  3. … it doesn't integrate with a 3rd party payment gateway, but manages the payment processes itself
     

If one of these 3 scenarios suits your case, then here are some of these extra precautions that you need to make to ensure the private user data doesn't get exposed:
 

  • update your SSL certificate
  • re-check all logfiles (have any of the hosted client information been copied, updated or downloaded?)
  • implement AVS (address verification system) 
  • add CVV (card verification value)
  • encrypt connections to back-end services used for sending confidential user data 
     

Step 8: Investigate the Attack: Identify the Source(s) of Infection

No matter how much pressure you might find yourself under to get your site back online ASAP, don't let take control over your site's restoring process!

Not until you've detected the main source of contamination on your site. The key vulnerability that attackers exploited, the key reason why your Drupal site has been hacked in the first place.

That being said, make sure that:
 

  1. you first audit, on a staging server, that “clean” backup of your site that you're planning to get online; this way, you track down and remove infected files, unauthorized settings, malicious code 
  2. you compare pre- and post-hack files, looking for any suspicious changes
     

Now if you have a clean (and recent) backup at hand for running this comparison, the problem's almost solved. Just use the right tools to compare your files and track down discrepancies.

But if you don't have a backup at hand, then there's no other way but to:

Manually inspect your files and databases to identify any suspicious changes that have been made.

  • look for any suspicious iframe or JavaScript at the end of the files (if detected, save the code in an external file)
  • look for any sources of “Drupal site hacked redirect”; for links to external URLs
     

Now, as for the places that you should be running your investigations on, let me give you just a few clues:
 

  • .php files, .html files 
  • sessions table 
  • newly modified/created files
  • new/updated user accounts 
  • in writable directories and database 
     

Step 9: Do a Full Restore of Your Site 

So, you've noticed that your Drupal site has been hacked, you've assessed all the damage caused, removed malware and even detected the vulnerability that hackers exploited to get in, not it's only but logical to:

Try to repair your website, right?

Word of caution: never ever run your changes on your production site; instead, fix all detected issues on a staging site. Also, once you've cleaned it all up, remember to run the latest Drupal security updates, as well!

Now, getting back to repairing your site, you have 2 options at hand:
 

  1. you either restore a clean backup, if you know the date and time that your Drupal site has been hacked and you're also 100% sure that none of the system components, other than Drupal, got contaminated
  2. or you rebuild your Drupal site 
     

The latter method is, undoubtedly more cumbersome, yet a lot more cautious. Go for it if:
 

  • you do not know the precise date and time when your site's got contaminated
  • you do not have a clean (and recent) backup available to restore
  • you've evaluated the damages as being already too widespread  
     

Step 10: Give Your Restored Site a Full Check Before Going Live 

Do remember to give your newly recovered site a final audit before getting it back up:
 

  • remove all malicious code detected
  • suspicious files
  • unauthorized settings
     

And, most of all:

Close all the backdoors!
 

Final Word 

A pretty long, complex and discouragingly tedious recovery process, don't you think? 

So, why wouldn't you avoid all these steps that you need to go through once your Drupal site has been hacked?

Why not avoid the risk of finding yourself forced to take your website offsite for... God knows how long, risking to impact your site's reputation and to drive away users/online customers?

Don't you find it wiser to:
 

  • be prepared instead?
  • opt for ongoing Drupal maintenance and support services?
  • make a habit of regularly backing up your website?
  • keep your system and software up to date (and to install all the recommended patches)?
  • stop underrating the security advisories that the Drupal team makes?
     
Jun 11 2018
Jun 11

There's no way around it, not anymore: with Google's index now mobile-first, adopting a mobile-first approach when building a new Drupal site (or redesigning a legacy one) is… a must! It no longer depends on a specific project's needs or on the used technology. The need to develop a mobile-first content strategy has gone from particular to universal.

And facing the challenge of:
 

  1. (re)creating
  2. optimizing
  3. structuring
     

… content on your Drupal website means conforming to those specific patterns that mobile users have developed for reading content on their smartphones.

In short: developing a fully responsive Drupal site comes down to centering your mobile content strategy around the idea that:

It's for the smallest screen sizes that you should plan your content for, first things first … then scale it up from there.

Now, let's see precisely what it takes to develop a mobile-first content strategy. What focus points and must-have components to include:
 

1. Take the Smallest Screen Size as the Starting Point

In other words: think mobile-first!

And by “mobile” I do mean “smartphones” — the smaller the screen size, the better. 

This way, you'll be adjusting your content so that it makes the most of the smallest interface. Starting “small” is the best way to stick to the “keep it simple” approach:

Thinking through every content-related decision in the light of the viewport size challenge will constrain you to keep the truly essential content elements only.

Hence, this “spartan” way of eliminating the unnecessary will reflect on your site's desktop design, as well: 

It will turn out cleaner and lighter.
 

2. Use Visual Content Wisely: Weigh Your Choices of Images 

The golden rule when it comes to the imagery that you'll use on your responsive website is:

If an image doesn't enhance and complement your content, then you're better off without it!

And I know what you must be thinking:

“But people remember what they see far more easily than what they read.”

True, you need to keep in mind that visuals do come at a cost, though:

Those stunning, visually-arresting images on your website risk to divert your users' attention from the message itself.

And still, probably the most heavy-weighing reason why you should use images wisely when you develop a mobile-first content strategy is: weigh.

Visuals risk to take up valuable screen space and thus:
 

  • outshine your calls to action themselves
  • impact your site's overall performance (leading to frustration)
     

Now that doesn't mean that you should strip your content off ALL the visuals! Absolutely not!

Just to be cautious and weigh your every choice, think through your every decision involving the usage of an image. 

Once you've selected the truly essential ones, keep in mind:
 

  1. not to no resize them (or optimize them in any other way) before uploading them to your CMS: let Drupal do the heavy-lifting here 
  2. to leverage the Responsive Image module's (Drupal 8) capabilities for resizing them to fit the given screen sizes
     

3. Content Before Design

This is the right sequence to follow when you're designing (or re-designing) your Drupal site with mobile users in mind:

First, you create and strategically organize your content and upload it to your Drupal 8 CMS. It's only then that you focus on styling and developing a responsive and visually-striking web design.

If it's legacy content that you're dealing with, trying to convert it to mobile, the very first step to take when you develop a mobile-first content strategy is:

Removing all the design elements from your written content.
 

4. Create a Hierarchy of Your Calls to Action

Making the most of a small interface means also setting your priorities in terms of calls to action:

Pair each one with a corresponding objective, evaluate them all wisely, then select THE call to action that's most critical for you and place it — and it alone — above the fold.
 

5. Organize and Optimize Your Content for Mobile Devices

I'll briefly list all the key requirements that mobile-friendly content should meet — aspects to pay attention to when writing content for mobile devices — for I'm sure they're nothing new to you:

  • the phrases should be kept short and concise, thus eliminating the burden of “never-ending-scrolling”
  • the content should be sharp, targeted and skimmable, so users can easily “digest” it and modular, so that users can swiftly browse through it
  • “modular” meaning made either of multiple clear paragraphs — each one standing for one thought — or chunks of 3 paragraphs at most 
     

6. Optimize Media, too, When You Develop a Mobile-First Content Strategy

And there are a couple of essential steps that you mustn't overlook when it comes to mobile-optimizing your media:
 

  • always go for thumbnails instead of video players that your users would have to load and thus strain on your site's valuable resources
  • don't ever use autoplay on your audio and video content 
  • optimize your sound, image and video files both for large and small devices
     

7. Trim Down Your Navigation Menu

In other words: when you develop a mobile-first content strategy, consider simplifying your navigation to its truly essential links.

No user would gladly scan through a “beefy” navigation menu taking his device's entire screen:
 

  • flatten your navigation: stay away from the technique of piling up submenus, layers and navigation points
  • feel free to place the links that you'll remove on other places on your website (or even to turn them into calls to action)
     

8. Convert Your Legacy Content to Mobile-Friendly Content 

If it's a legacy Drupal website that you need to restructure and to adapt to your mobile users' specific patterns for browsing through and consuming content on their smartphones, then it's time you:
 

  • dug into your static HTML
  • … and cleaned it up
     

And by “cleaning it up” I do mean:
 

  • removing inline media
  • removing the fixed-width tables
  • eliminating floats with content 
  • breaking it down into skimmable chunks of content
     

… that can be easily structured into content fields.

The END! These are the 8 main aspects to focus on when you develop a mobile-first content strategy. 

Now time to test the “saying” that:

“Creativity strives under constraints.”

… and to make the most of those small interfaces.

May 29 2018
May 29


Content is a way too valuable asset not to handle it with utmost care — from its creation to its revision, all the way to its... distribution. And with utmost efficiency, as well! But how do you choose the business software to “orchestrate” your entire content workflow? Since, on one hand, you have the top enterprise content management systems in 2018 and, on the other hand, you have... Drupal?

And the dilemma that you're facing right now could be summed up like this:

Choosing between a complex ECM system with a load of powerful tools that comes at a cost and a feature-rich one — already famed for its robustness and customization options — with no price tag on...

Now to ease your decision-making process, let's compare these enterprise information management solutions, the top rated ones, to Drupal, by weighing their feature loads and costs.
 

1. But What Is an Enterprise Content Management System More Precisely?

First, let's try to define what we mean by “content” in relation to a content management software:

Content is all the written pieces of information entering and “moving about” your organization. It comes in the form of:

  • internal process documents
  • content for your company website (or blog)
  • sales-focused content
  • targeted, custom content available to paying cutomers only
  • ... and the list goes on.

As you can see, I've intentionally left out graphical and audio-visual content. And this because it's only text-based digital content that a CMS would handle.

Now, coming back to our initial question:

An enterprise content management system is a software geared at managing all the processes in your content's lyfecycle: creation, revision, publication, distribution to multiple channels, promotion etc.

Packed with different sets of tools designed to automate all your content-based processes, an ECM system is a... “Swiss knife” type of business software.

The one you'd use to streamline your content workflow(s).
 

2. M-Files, One of the Top Enterprise Content Management Systems in 2018

Introducing the enterprise-leveled information management solution of the year: M-files!

The promise that it makes? 

To break the “siloed information” pattern and enable users to access specific content from any buiness system, any device.

… to easily access it, but also to organize it, to manage it, to identify particular information/documents, to set up custom workflows and even to manage document reviews. 
 

Top features
 

  • version control 
  • automated workflows
  • pre-built search engine: you get to track documents by type, name, keywords; it provides within-text search features as well 
  • notifications: users get alerted whenever they'll need to review or approve changes made to documents
  • approval processing 
  • permission management and offline access 
  • integration capabilities: it easily integrates with Microsoft Dynamics, NetSuite, SAP, Salesforce 
  • document collaboration tools: co-authoring features and check-in/check-out tools 
     

Price


Mi-files is one of those enterprise content management vendors that leverage the quote-based method for pricing their services.

Basically, there are no standard prices, as there are no standard packages that they offer, only tailored content management solutions.
 

Cons

The great majority of negative user feedbacks revolve around the M-Files mobile app's limited functionality.
 

Another one of the top enterprise content management systems in 2018 is OnBase:

An all-in-one software coming “equipped” with:

  • business process management tools
  • integrated document management tools
  • records management tools

And before I “expose” to you its most heavy-weighing features, I feel that I should put the spotlight on its versatility feature first:

You get to easily configure your OnBase ECM system to fit any environment of choice.
 

Top Features 
 

  • approval process control
  • indexing
  • version control
  • built-in search engine
  • document management
     

Cons

Do expect a steep learning curve! So, be prepared to invest a significant amount of time in growing comfortable with using it.

In learning to “juggle” with all its apps and functionalities.
 

Price

You'll need to contact the OnBase team for a custom pricing plan.
 

Box is a cloud content management platform built to assist you with:
 

  • online sharing your files
  • storing your files
  • integrating content across your entire “infrastructure” of digital tools via open APIs
  • collaborating within your team
     

Top Features 
 

  • granular access permission
  • easy integration with other platforms 
  • advanced security capabilities: device trust, watermarking, data governance
  • easy integration with other platforms
  • collaboration tools: a document management system that enhances collaboration among end-users on various file types and devices; tools which also enable them to choose the right storage place, to set up metadata-driven content workflows etc.
     

Cons

Even top enterprise content management systems manage to collect their own “pile” of “bad reviews”. What users reproach OnBase here, for instance, is its user-based pricing model. 

In other words, if you have +100 people in your company, expect to get charged separately for each email domain... and thus to overstretch your budget over time.
 

Price

Box pricing plans start from €4.50 per user/month (we're talking about a starter business plan here) and can go up to $500 per month or more if it's a “build with BOX platform” plan that you'll select.
 

And now that we've put the top-rated ECM systems in 2018 into the spotlight, let's see what Drupal here has to offer. How it can counterbalance all these heavy loads of tools, features, and functionalities.
 

Drupal's Key Features 
 

  • advanced integration capabilities: Drupal “spoils” its end-users with conveniently accessible API, backed by a rich collection of modules built precisely for 3rd party integrations
  • no maintenance effort required: since it runs in Acquia Enterprise cloud, Drupal gets automatically updated; maintenance is already included in the Enterprise support costs plan
  • feature richness: and we're talking here about features, plug-ins (thousands of them) and content management tools that you get right out of the box
  • modular architecture: which goes hand in hand with the unlimited freedom of customization that you'll get to leverage
  • high performance: Drupal's already famed for its robustness and capabilities to withstand high influxes of traffic
  • unmatched scalability
  • a full toolbox (contributed modules here included) put at editors' disposal: Drupal's also won its reputation as a CMS that's been constantly improved to enrich the experience; all the in-built content-handling tools speak best of its “empower the content creator/end-user” philosophy
     

Price
 

  • license costs: unlike the top enterprise content management systems previously outlined, Drupal's open source; there are no license costs, only support costs associated with the Acquia Enterprise Platform 
  • vendor lock-in: all modules and plug-ins that you might select and mix and match to custom-tune your CMS are free
  • development costs: Drupal resources are available to anyone who wants to build and then to custom tune and scale up its CMS
     

In conclusion...

… Drupal comes feature-packed and, moreover, it “spoils” you with unlimited freedom of customization. And all this without putting a price tag on.

On the other hand, some of the top enterprise content management systems do tempt you with their feature richness, but at a cost. One that can go up precisely if you feel like customizing your ECM solution or scaling it up sometime in the future. 

In short: you do get your share of customization freedom... but not for free.

So, it's not really an “apples vs oranges” type of dilemma that you're facing, but rather an:

Apples vs Apples with a price tag on

May 18 2018
May 18

Just imagine: a user asks Amazon Alexa to read out loud to him/her the headline of your latest blog post! Or maybe to look for a specific section on your Drupal site! Or, even better: quit imagining this and start implementing it instead! Right on your website. And here's how you integrate Alexa with your Drupal 8 website via the Alexa integration APIs.

A 7-step tutorial:
 

  • on how to get Alexa to “talk to” your site users/online customers
  • on turning your site's content into the needed “raw material” for setting up your custom Alexa skills
  • on how you can leverage Drupal 8's outstanding third-party integration capabilities to “fuel” your implementation plan with
     

So, here's how it's done: 
 

But Why Precisely Amazon Alexa over Other Voice Assistants?

Because Amazon Alexa stands out with its top notch integration capabilities.

Its integration APIs make it possible for this particular voice service to be “plugged into” various devices and web services.

As simple as that! Alexa's more than just a voice assistant making voice (obviously!) interaction possible:

It's a voice service that empowers you to integrate it even with your Drupal 8 website quickly and smoothly, via its own built-in APIs!
 

Introducing Alexa: The Drupal Module for Amazon Alexa Integration

With Alexa “doing its own part” and the voice service bringing its Alexa integration APIs into the equation, it was only fair that the Drupal community should play their own part, as well.

The result of their sustained efforts? The Alexa Drupal module:
 

  • which provides an endpoint for your Drupal 8 website, where it would receive the vocal user requests “stored” in the Alexa Skills
  • "user requests” which get converted into text strings before getting sent over to the Alexa module on your Drupal site
     

Note: do keep in mind that the Alexa module is still under development, but with a more than promising, long-term future ahead of it.

For now, it offers basic integration with Amazon's Alexa. And this is precisely why you'll need to build a custom module, as well, to integrate Alexa with your Drupal 8 website.

But more details on this, in the tutorial here below:
 

Integrate Alexa With Your Drupal 8 Website: A 7-Step Guide 
 

Step 1: Make Sure Your Site Uses HTTPs

In other words: make sure your Drupal 8 website's “easily detectable” by Amazon's servers!

The very first step to take will be to switch your site over to an HTTPs domain (a step you can skip if your site's already on HTTPs)
 

Step 2: Install the Alexa Module

Go “grab” the Alexa Drupal module and get it installed and enabled on your website. 
 

Step 3: Set Up Your Alexa Skill 

With your dedicated Drupal module ON, it's time to focus on all the needed setting up to be done on the Amazon Developer site. And the very first step to take is to create your own new Alexa Skill in the Skills Kit there.

How to Integrate Alexa with Your Drupal 8 Website: Set Up Your Alexa Skill

Step 4: Copy & Paste Your Application ID

And this is no more than a quick 2-step process:
 

  1. first, you copy the Application ID provided in your “Skill information” section, on the Amazon developer site
  2. then you submit it to your website's configuration at /admin/config/services/alexa
     

Step 5: Configure Your New Alexa Skill

A key 3-part step to take when you integrate Alexa with your Drupal 8 website, where you:
 

  1. give a name to the Alexa skill (in the Alexa app) to be triggered
  2. set up an Invocation Name for your users to utter for “activating” your newly created Alexa skill
  3. set up the custom vocal commands or “intents” that Alexa will need to respond to
     

For this, you'll need to go to the Amazon Development website again and access the “Skill Information” section.

Note: maximize the odds that it's precisely those intents that your users will utter by adding more phrasings of the very same question/vocal command. 

Another note: this flexibility proves that you get to harness the power of... variables when setting up your custom intents. “Variables” that you'll use with the custom module that you're going to build at the following step of the process:
 

Step 6: Create a Custom Module for Triggering The Right Responses to Your Intents

What should happen when your custom intents get invoked and sent through to your Drupal 8 website? 

You'll need to create a custom Drupal 8 module that would handle responses.

For this, insert the following info in the demo_alexa.info.yml file:

name: Alexa Latest Articles Demo
type: module
description: Demonstrates an integration to Amazon Echo.
core: 8.x
package: Alexa
dependencies:
 - alexa

Note: Do keep in mind to add the Alexa Drupal module as a dependency!

Now, time to build the custom module itself: 
 

  1. create a file at src/EventSubscriber/
  2. name it RequestSubscriber.php 
     

As for the code that will “populate” your module, first of all it's the namespace and use statements that you'll need to create:

namespace Drupal\demo_alexa\EventSubscriber;

use Drupal\alexa\AlexaEvent;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Drupal\paragraphs\Entity\Paragraph;


Then, you'll need to set up your main class, as well as a function to trigger the event:

/**
* An event subscriber for Alexa request events.
*/
class RequestSubscriber implements EventSubscriberInterface {

 /**
  * Gets the event.
  */
 public static function getSubscribedEvents() {
   $events['alexaevent.request'][] = ['onRequest', 0];
   return $events;
 }

Next, set up the function “responsible” for giving responses to each one of your custom intents. 

With the code for your responses at hand, the very last file that you'll need to focus on is the demo_alexa.services.yml:

services:
 alexa_demo.request_subscriber:
   class: Drupal\demo_alexa\EventSubscriber\RequestSubscriber
   tags:
     - { name: event_subscriber }

Note: Remember to enable your demo Alexa module, then to navigate to the Amazon Developer site once again!
 

Step 7: Test Out Your New Alexa Skill 

Another essential step to take when you integrate Alexa with your Drupal 8 website is testing your newly created Alexa skill. 

And there's even a Test tab on https://developer.amazon.com for that!

How to Integrate Alexa with Your Drupal 8 Website: Test Out Your New Alexa Skill

Click on this specific tab, ensure that your new Alexa skill is enabled and thus ready to be tested and... see whether you'll get the right responses!

The END! This is the “how it's made” for getting Amazon Alexa to “talk to” your Drupal 8 website via:
 

  1. the Alexa integration APIS
  2. the Alexa module
  3. a custom-built Drupal 8 module
     
May 09 2018
May 09

Here's how the ideal decoupling Drupal scenario looks like:

Stripping Drupal to its essential role, that of a robust and flexible content repository, no Drupal expertise needed. Then using it to back your front-end with; one that you'd be free to build by leveraging any modern (JavaScript) technology of your choice.

… a Drupal back-end content store that would still preserve all its content editing and managing functionalities, needless to add.

Luckily, this is no longer “daydreaming”. Not since Reservoir, the headless Drupal distribution, has been available. 

Here are some of its “promises” or well-known challenges, if you prefer, that this distribution's geared at solving:
 

  1. to make Drupal far more accessible (cutting the intimidating Drupal setting up and configuration out of the equation) to developers of all stripes
     
  2. to empower developers with all the best practices for building their Drupal-backed front-ends quick and easy
     
  3. to provide an opinionated starting point enabling any developer to build a Drupal content repository backing his non-Drupal application with... no Drupal knowledge needed, actually
     

Your Current Situation: Why Would You (Even) Consider “Headless” Drupal?

Here you are now, dealing with the pressure of:
 

  • having to deliver content agnostically across any given channel and device: single-page JS apps, mobile apps, digital signage, AR and VR-driven content, IoT apps etc...
     
  • … all while storing it (content) in one single place 
     
  • providing your editorial team with a... way to edit, manage and overall administrate content conveniently easy, via an editor-friendly UI
     
  • … independently of the development team, of course
     
  • finding a way to enable your developers to easily send content across this entire “ecosystem” of channels, devices and platforms
     

In other words: you're grappling with the challenge of making Drupal ideally accessible to your (non-Drupal) developers; so they can easily build their Drupal-based content store enabling them to deliver content to any given device.

… to serve it to any given app/site.

And this definitely calls for a decoupling Drupal approach.
 

Decoupling Drupal: The Most Discouraging Challenges You Must Be Facing 

Let's assume that you're already considering headless Drupal as a solution for your current challenge, that of delivering content to multiple channels, devices, platforms.

Whether you're planning to decouple Drupal for:
 

  1. building a Drupal-backed front-end, leveraging one of your modern JavaScript frameworks of choice
  2. or using it as a content store for your non-Drupal app
     

Then, it's these specific challenges that you must be facing right now:
 

  1. your non-Drupal developers are having trouble maneuvering Drupal content; they're not familiar with all the dials and knobs needed for making the most of Drupal's REST API 
  2. Drupal's serialization format is... alien to them 
  3. there's no starting point or well-defined best practices for non-Drupalists, that would ease their way to turning Drupal into a content repository
  4. … one that they could back their front-ends with
     

True story!

And still, there is hope...
 

5 Reasons For Being “Skeptical” About Distributions

You must be legitimately cautious right now when it comes to using an API-first distribution for Drupal. And that's due to some bad experiences with... distributions.

Now let me try and guess some of your “fears” regarding Reservoir:
 

  1. that it might turn out to be overly complex 
  2. that you risk getting “stuck with” architectural debt
  3. that its maintainers might someday lose interest in it
  4. that it's built primarily for other use cases, for scenarios different from your own decoupled Drupal implementation project
  5. that you risk “inheriting” bugs in features that you haven't even used 
     

And the list of reasons why you're not yet jumping on this decoupling Drupal trend could go on...
 

Introducing Reservoir: The Headless Drupal 8 Distribution! How Is It Different?

Before putting it into the spotlight and giving it a “full scan”, let me try to read your mind and identify the questions that you must be asking yourself right now:
 

  1. “How precisely do I use Reservoir as a content store backing my front-end website or app?”
     
  2. “Which are the bare essential Drupal modules and core functionality that this distribution comes packed with?”
     
  3. “How can I leverage these ready-to-use components for decoupling Drupal?”
     

And now that we've put your valid queries into words, let me try and define Reservoir for you:
 

  • 1st definition: a distribution for decoupling Drupal
     
  • 2nd definition: an ideally flexible and minimalist tool empowering developers of all backgrounds to build content repositories for their apps to “consume”
     
  • 3rd definition: the headless Drupal 8 distribution “specialized” in manipulating content and interacting with it via HTTP APIs
     
  • 4th definition: a Drupal-based content store with all the web service APIs backed into, so that any developer can jump straight to building his front-end app
     
  • 5th definition: simply a... content repository; one that just happens to be Drupal-based, as the Reservoir project's maintainers admitted.
     

Now the 4 key goals behind this distribution for decoupling Drupal —  besides that of providing a simple way of building a content repository enabling you to use any technology for your front-end —  are:
 

  1. on-boarding developers or all stripes, making Drupal ideally accessible to... anyone
  2. providing a much-needed opinionated starting point for any type of decoupled Drupal implementation; no Drupal knowledge required 
  3. keeping itself away from the scope creep that end-user facing products risk falling into
  4. serving a specific decoupled use case
     

Decoupling Drupal Made Easy & Accessible: Key Reservoir Features 

“But how does Reservoir make building Drupal-based content repositories so much easier than other... distributions?” 

“How precisely does it make Drupal accessible to non-Drupal developers, as well?”

You're more than entitled to ask yourself that...

Therefore, let me outline here the out-of-the-box Reservoir features geared at speeding up any decoupled Drupal implementation. Regardless of the developer's background:
 

  • an opinionated selection of API-first/ web services modules — Reservoir offers each developer a much-needed starting point/”push” so that he can ramp up and have his content stores built in no time: Simple OAuth modules here included
     
  • quick and easy access to the content back-end via JSON API 
     
  • auto-generated documentation (API documentation), that gets automatically updated, as well, as you're browsing it, as your content model changes
     
  • OpenAPI format export, that supports hundreds of tools integrating with the OpenAPI specification 
     
  • easy-boarding/tailored UI —  expect a “welcoming tour” once you've installed Reservoir, one focused on getting you familiar with modeling and managing content, web service APIs, mapping out new content models etc.
     
  • a permission system and content editing UI empowering your editorial team to easily manage content 
     
  • SDKs, libraries and references —  included in the Waterwheel ecosystem —  so that your development team can skip the time-consuming API learning phase and jump straight to “attaching” Drupal back-end content to their front-end apps
     

Note: Reservoir, the distribution for decoupling Drupal, deliberately shakes off some of Drupal's functionality that's irrelevant for content repositories (modules such as Breakpoint, Views, Content, the user-facing front-end etc.)

For we couldn't even talk about speeding up your decoupled Drupal project when there's an unnecessarily heavy weight of Drupal modules and features “dragging down” the whole implementation process, right?
 

Wrapping Up: What Reservoir Aims At Is...

... enabling your developers to jumpstart building self-hosted content repositories capable to serve any given front-ends.

Front-ends that they get to build independently, tapping into the technologies they prefer, on a project-by-project basis.

Pretty convenient, don't you agree? 

Apr 24 2018
Apr 24

Whether you're "constrained" to migrate content to Drupal 8 or you're just eager to jump on the Drupal 8 bandwagon and harness its much-talked-about advanced features, the most important “warning/advice” to keep in mind is:

Don't migrate mindlessly!

Meaning that before you even get to the point of:
 

  • triggering the Migrate module's capabilities and adjusting them to your migration project's needs and requirements
  • selecting and combining all the needed contrib modules
  • writing down your YAML files for carrying out your content migration process
     

You'll need to think through every little aspect involved in/impacted by this process:
 

  • your goals
  • your growth plan
  • your current site visitors' complaints and suggestions
     

That being said, here's more of a “backbone” or summary of the migration workflow, one that highlights the:
 

  1. main phases to go through
  2. the right approach to the whole process
  3. Drupal-specific concepts and tools to use
     

Do NOT expect a very detailed, highly technical tutorial, though!

As for the Drupal concepts that you'll need to be already (more than) familiarized with once you launch your migration process, maybe you want to have a look at this guide here, on Understanding Drupal

And now, let's delve in:
 

1. The Migration Workflow: 4 Key Phases to Consider 

Here's the entire process in 4 steps (so you know what to expect):
 

  1. first, you'll need to migrate your data into the destination nodes, files and paragraphs on the newly built Drupal 8 site
  2. then you'll migrate data into date, image, taxonomy, address fields and file
  3. next, you'll move your precious data from JSON and CVS files
  4. and finally, you'll complete your migrations from the UI and the terminal
     

2. Are You Upgrading from Drupal 6 or 7 or Migrating From a Different System?

And here's what to expect depending on your answer to the above question:
 

  1. if you migrate content to Drupal 8 from an older version of Drupal (6 or 7), then you're quite “spoiled”: a lot of hard work has been done, by the Drupal community, for turning this migration process into the official path to Drupal 8; you could say that the solid framework has already been set up, so all there's left for you to do is to... take advantage of it!
  2. if it's from a whole different system that you're migrating your site (let's say WordPress or maybe Joomla), then... expect it to be a bit more challenging. Not impossible, yet more complex
     

3. Plan Everything in Detail: Think Everything Through!

Now with the risk of sounding awfully annoying and repetitive, I feel like stressing this out:

Don't migrate... mindlessly!

Plan everything in the smallest detail. Re-evaluate the content on your current site and its “load” of features. 

Take the time to define your clear goals and to put together your growth plan (if there's any).

Then, do lend ear to what your current site visitors have to say, filter through all their complaints and suggestions and tailor your final decisions accordingly.

It's only then that you can go ahead and set up your content architecture.
 

4. Start With the Structure: Build Your Drupal 8 Site First

“But I haven't picked a theme yet!” you might be thinking.

No need to! Not at this stage of the migration process.

You can still build your Drupal 8, from the ground up, even without a theme ready to be used. You can add it later on, once you have the final version of your content!

But the site itself, its solid structure, this is a “must do”. It's the very foundation of all your next operations included in your migration workflow!
 

5. Deep Clean & Declutter! Take Time to Audit Your Content

Don't underrate this very step! For moving over all that clutter, that heavy load of unused, outdated features and all those chaotic, crummy pages will only impact your Drupal 8 site's performance from the start.

So, now it's the right time to do some... deep cleaning!

Audit your content, your features, plugins and other functionalities included in your site's infrastructure and... trim it down by:
 

  1. relevance (are you using it?)
  2. quality: keyword-stuffed, unstructured pages (a heavy pile of them) will surely not give your new Drupal 8 site any significant jumpstart in rankings!
     

6. About the Migration Module Included in Drupal 8 Core

Using this dedicated module in Drupal core to migrate content to Drupal 8 comes down to implementing the:

Extract- Transform-Load process

Or simply: ETL.

In Drupal — as related to the Drupal migrate module — these 3 operations come under different names:
 

  • the source plugin stands for “extract”
  • the process plugin stands for “transform”
  • the destination plugin stands for “load”
     

7. Time to... Migrate Content to Drupal 8 Now!

Now it's time to put some order into that “pile” of content of yours! To neatly structure Google Sheets, XML files, CVS files etc.

And here's the whole “structuring process” summed up to the 3 above-mentioned plugins: source, process and destination.
 

Source: 

  • XML file
  • SQL database
  • Google Sheet
  • CVS file
  • JSON file
     

Process:

  • iterator
  • default_value
  • migration_lookup
  • concat
  • get 


Destination:

  • images
  • users
  • paragraphs
  • nodes
  • files

And here's a specific example of how to “glue” data for a neater and ideally structured content architecture:
 

Before the migration:

  • A: First Name- Kevin
  • B: Last Name: Thomson
  • C: Department- Commerce
     

After Migration: 

  • A: Name- Kevin Thomson
  • B: Department- Commerce
     

8. 4 Contrib Modules to Incorporate Into Your Migration Workflow

As already mentioned, the migrate content to Drupal 8 process also involves using a combination of contrib modules. 

Speaking of which, allow me to get them listed here:
 

  1. Migrate Tools          
  2. Migrate Source CVS    
  3. Migrate Spreadsheet 
  4. Migrate Plus 
                 

The END! This is the tutorial on how to migrate content to Drupal 8 trimmed down to its bare essentials.

To its core phases, key steps to take, main Drupal concepts to “joggle with”, right approach/mindset to adopt and best tools/modules to leverage for a smooth process!

Any questions?

Apr 06 2018
Apr 06

With popularity comes trouble... In this case here meaning: security vulnerabilities and risky over-exposure to cyber threats. And this can only mean that securing your website, that's running on the currently third most popular CMS in the world, calls for a set of Drupal security best practices for you to adopt.

And to stick to!

There's no other way around it: a set of strategically chosen security measures, backed by a prevention-focused mindset, pave the shortest path to top security.   

Stay assured: I've selected not just THE most effective best practices for you to consider adopting, but the easiest to implement ones, as well.

Quick note: before I go on and knee deep into this Drupal security checklist, I feel like highlighting that:
 

  • Drupal still has a low vulnerability percentage rate compared to its market share
  • the majority of Drupal's vulnerabilities (46%) are generated by cross-site scripting (XSS)
     

And now, here are the tips, techniques and resources for you to tap into and harden your Drupal site's security shield with.
 

1. The Proper Configuration Is Required to Secure Your Drupal Database 

Consider enforcing some security measures at your Drupal database level, as well.

It won't take you more than a few minutes and the security dangers that you'll be safeguarding it from are massive.

Here are some basic, yet effective measures you could implement:
 

  • go for a different table prefix; this will only make it trickier for an intruder to track it down, thus preventing possible SQL injection attacks
  • change its name to a less obvious, harder to guess one
     

Note: for changing your table prefix you can either navigate to phpMyAdmin, if you already have your Drupal site installed, or do it right on the setup screen (if it's just now that you're installing your website).
 

2. Always Run The Latest Version of Drupal on Your Website

And this is the least you could do, with a significant negative impact on your Drupal site if you undermine its importance. If you neglect your updating routine.

Do keep in mind that:
 

  1. it's older versions of Drupal that hackers usually target (since they're more vulnerable)
  2. the regularly released updates are precisely those bug fixes and new security hardening features that are crucial for patching your site's vulnerabilities.
     

Why should you leave it recklessly exposed? Running on an outdated Drupal version, packed with untrusted Drupal modules and themes?

Especially since keeping it up to date means nothing more than integrating 2 basic Drupal security best practices into your site securing “routine”:
 

  1. always download your themes and modules from the Drupal repository (or well-known companies)
  2. regularly check if there are any new updates for you to install: “Reports” → “Available Updates”→“Check manually” 
     

Drupal Security Best Practices: run the latest version of Drupal
 

3. Make a Habit of Backing Up Your Website

And here's another one of those underrated and too often neglected Drupal security best practices!

Why should you wait for a ransomware attack and realize its true importance... “the hard way”?

Instead, make a habit of regularly backing up your website since, as already mentioned:

There's no such thing as perfection when it comes to securing a Drupal site, there's only a hierarchy of different “security levels” that you can activate on your site

And backing up your site, constantly, sure stands for one of the most effective measures you could apply for hardening your Drupal website.

Now, here's how you do it:
 

  1. make use of Pantheon's “one-click backup” functionality
  2. test your updates locally using MAMP or XAMPP or another “kindred” software
  3. harness the Backup and Migrate module's power, currently available only for Drupal 7
  4. export your MySQL database and back up your files “the old way”... manually
     

There, now you can stay assured that, if/when trouble strikes, you always have your backup(s) to retrieve your data from and get back “on your feet” in no time!
 

4. Block Those Bots That You're Unwillingly Sharing Your Bandwidth With

No need to get all “altruist” when it comes to your bandwidth!

And to share it with all kinds of scrappers, bad bots, crawlers.

Instead, consider blocking their access to your bandwidth right from your server.

Here's how:

Add the following code to your .htacces file and block multiple user-agent files at once:

RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^.*(agent1|Wget|Catall Spider).*$ [NC]
RewriteRule .* - [F,L]

Or use the BrowserMatchNoCase directive as follows:

BrowserMatchNoCase “agent1” bots
BrowserMatchNoCase "Wget" bots
BrowserMatchNoCase "Catall Spider" bots

Order Allow,Deny
Allow from ALL
Deny from env=bots

Use the KeyCDN feature for preventing those malicious bots from stealing your bandwidth!



5. Use Strong Passwords Only: One of the Easiest to Implement Drupal Security Best Practices

More often than not “easy” doesn't mean “less efficient”. 

And in this particular case here, simply opting for a strong username (smarter than the standard “admin”) and password can make the difference between a vulnerable and a hard-to-hack Drupal site.

For this, just:

Manually change your credentials right from your admin dashboard:  “People” → “Edit”→ “Username” while relying on a strong password-generating program ( KeePassX or KeePass) 
 

6. Use an SSL Certificate: Secure All Sensitive Data and Login Credentials

Would you knowingly risk your users' sensitive data? Their card information let's say, if it's an e-commerce Drupal site that you own?

And how about your login credentials?

For this is what you'd be doing if — though you do recognize the importance of using an SSL certificate —  you'd still put this measure at the back of your list of Drupal security best practices.

In other words, running your site on HTTPs (preferably on HTTP/2, considering all the performance benefits that it comes packaged with) you'll be:
 

  • encrypting all sensitive data that's being passed on, back and forth, between the server and the client
  • encrypting login credentials, instead of just letting them get sent, in crystal-clear text, over the internet.
     

7. Use Drupal Security Modules to Harden Your Site's Shield

For they sure make your most reliable allies when it comes to tracking down loopholes in your site's code or preventing brutal cyber attacks.

From:
 

  • scanning vulnerabilities
  • to monitoring DNS changes
  • blocking malicious networks
  • identifying the files where changes have been applied
     

… and so on, these Drupal modules will be “in charge” of every single aspect of your site's security strategy.

And supercharging your site with some of the most powerful Drupal security modules is, again, the easiest, yet most effective measure you could possibly enforce.

Now speaking of these powerful modules, here's a short selection of the “must-have” ones:
 

  • Password Policy: enables you to enforce certain rules when it comes to setting up new passwords (you even get to define the frequency of password changes)
  • Coder : runs in-depth checks, setting your code against Drupal's best practices and coding standards
  • Automated Logout: as an admin, you get to define the time limit for a user's session; he/she will get automatically logged out when time expires
  • SpamSpan Filter: enables you to obfuscate email addresses, thus preventing spambots from “stealing” them
  • Login Security: deny access by ID address and limit the number of login attempts
  • Content Access: grant permission to certain content types by user roles and authors
  • Hacked!: provides an easy way for you to check whether any new changes have been applied to Drupal core/themes
  • Security Review Module: it will check your website for those easy-to-make mistakes that could easily turn into security vulnerabilities; here's a preview of this module “at work”
     

Drupal Security Best Practices: the Drupal Security Review Module
 

8. Implement HTTP Security Headers

Another one of those too-easy-to-implement, yet highly effective Drupal security best practices to add to your Drupal security checklist:

Implementing (and updating) HTTP security headers

“Why bother?”

Cause:
 

  1. first of all, their implementation requires nothing more than a configuration change at the web server level
  2. their key role is letting the browsers know just how to handle your site's content
  3. … thus reducing the risk of security vulnerabilities and brute force attacks
     

9. Properly Secure File Permissions

Ensure that your file permissions for:
 

  • opening
  • reading
  • modifying them
     

… aren't too dangerously loose.

Since such negligence could easily turn into an invitation for “evil-minded” intruders! 

And it's on Drupal.org's dedicated page that you can find more valuable info on this apparently insignificant, yet extremely effective security measure 
 

10. Restrict Access To Critical Files 

Told you this was going to be a list of exclusively easy-to-implement Drupal security best practices.

Blocking access to sensitive files on your website (the upgrade.php file, the install.php file, the authorize.php file etc.) won't take you more than a few minutes.

But the danger you'd avoid — having a malicious intruder risking to access core files on your Drupal site — is way too significant to overlook.
 

END of list! These are probably the easiest steps to take for securing your Drupal site.

How does your own list of Drupal security tips, techniques and resources to tap into look like?

Apr 05 2018
Apr 05

Who are your visitors? Where do they come from? And what do they do precisely during their visits on your Drupal site? How long are their visits? What content on your site do they linger on and what content do they “stubbornly” ignore? Needless to say that for getting your answers to all these questions you need to set up Google Analytics on your website.

Since:

“This data--aka analytics--is the lifeblood of the digital marketer.” (Jeffrey Mcguire, Acquia, Inc. Evangelist)

The good news is that integrating it is nothing but a quick and simple 3-step process. And the great news is that:

Drupal's got you covered with its dedicated Google Analytics module, geared at simplifying the otherwise tedious and time-consuming process.

So, shall we dive into the installation guide?
 

1. But First: Why Web Analytics? And Why Precisely Google Analytics?

In an UX-dominated digital reality, that takes personalization to a whole new level, user behavior data turns into... superpower.

And by “user behavior data”, I do mean web analytics.

Therefore, injecting a web analytics service into your Drupal site is like... injecting true power into its “veins”.

But why precisely Google Analytics?

Why set up Google Analytics on your Drupal site instead of another web analytics tracking tool? Is its popularity a strong enough reason for you to jump on the trend?

To answer your question, I do think that its own key features make the best answers:
 

  • audience demographic reporting: discover where your site visitors come from, their native languages, the devices and operating systems they use for accessing your website...
  • goal tracking: monitor conversion rates, downloads, sales and pretty much all stats showing how close (or far) you are to reaching the goals that you've set for your website
  • acquisition reporting: identify your site's traffic sources; where do your visitors come from exactly?
  • on-site reporting: gain a deep insight into the way visitors engage with specific pieces of content on your website, so you know how to adjust the experience your deliver them on your site/app to their specific needs 
  • event-tracking: tap into this feature for measuring all activities carried out on your Drupal site
     

And the list of features could go on and on. Providing you with a high-level dashboard and enabling you to go as deep as you need to with your “data digging”.

For Google Analytics is only as powerful as you “allow” it to be. It empowers you to dig up both surface and “in-depth data”.

Moreover (or better said: “thanks to...”), being such a feature-rich tracking tool, Google Analytics's highly versatile, too. From email marketing to social media marketing, to any type of marketing campaign that you plan to launch, it's built to fit in just perfectly.

To power all forms of marketing strategies.

And where do you add that it's been a while now since we've been having Google Analytics for mobile apps and the Google Analytics 360 suite, too! 2 more powerful GA tools to add to your web analytics “tracking arsenal”.
 

2. The Drupal Google Analytics Module and How It Will Make Your Life (So Much) Easier

Let me try a lucky guess: 

Your Drupal site has... X pages (have I guessed it?)

The “standard” way to add Google Analytics to your Drupal site would involve:

Copying the tracking ID that Google Analytics provides you with and pasting it on each and every page on your website.

A hair-pulling monotonous and time-consuming process, don't you think?

And it starts to look even more cumbersome if you think that you have the alternative to set up Google Analytics on your Drupal site using the dedicated module.

But how does it streamline... everything more exactly? 

You'll just need to paste that Google Analytics javascript snippet for tracking data right to this module's Configuration page and... that's it!

The module will take it from there! It will distribute it itself to all the pages on your website.

Less effort, less time wasted for carrying out in a tedious and repetitive activity. And more time left for customizing all those statistics features to perfectly suit your goals and your site's needs.

How to Set Up Google Analytics on Your Drupal Site: The Google Analytics Drupal Module

Luckily enough, the Drupal Google Analytics module puts an admin-friendly UI at your disposal precisely for that:
 

  • use it to track down key data 
  • use it for tailoring your web analytics-tracking activity to your needs: by user role, by pages etc.
     

3. Set Up Google Analytics on Your Drupal Site In Just 3 Simple Steps 

As promised, here's a “dead-simple 3-step guide on how to add Google Analytics to your Drupal site (“leveraging the power of the dedicated Drupal module here included”)
 

Step 1

The very first thing you'll need to do is sign up for a Google Analytics account if you don't have one already. And then to add your Drupal site (obviously!).

And here are the quick steps to take:
 

  1. go to www.google.com/analytics
  2. hit “sign in” (you'll find it in the top right corner) and select “Google Analytics” from the unfolding drop-down menu
  3. click “Sign Up” and just follow the given steps for setting up your new account
  4. next, follow the instructions for setting up web tracking
     

Now you should be able to see your Drupal site displayed under your account, on your admin page in Google Analytics.

And it's now that you should be able to retrieve your site's “Tracking ID”, as well. You'll find it in the “Property Setting” section.
 

Step 2

The next major step to take as you set up Google Analytics on your Drupal site is to actually go back to your site and... install THE module itself.

Since I've already praised its “superpowers” and how they “conspire” to make your life easier, I'm not going to point them out once again.

Instead, I'll go straight to the steps to take once you've enabled the module on your website:
 

  1. access its configuration page (you'll find the “Configuration” tab on top of the page, “flanked by” the “Modules” and the “Reports” tabs)
  2. there, right under the “General Setting” section, just enter your “Web Property ID”
  3. … which is precisely the Google Analytics tracking code that you've just retrieved at Step 1
     

And this is precisely the “magic trick” that's going to add the Google Analytics tracking system site-wide. A monotonous, multiple-step process turned into a one-step operation.

This thanks to the Drupal Google Analytics module!
 

Step 3

Here you are now, ready to save your settings and to officially harness the power of Google Analytics on your website!

Normally you should be just fine with the default settings that the service provides you with, right out-of-the-box.

Yet, if you need to “refine” your searches, your entire tracking activity, feel free to do that. To explore all the options stored in the “Tracking Scope” tabs for you.

Speaking of which, let me give you just a few examples of how deep you could narrow down your “investigations” and customize the modules:
 

  • roles: a setting which lets you define which user roles to track (and which roles the system should ignore)
  • domains: indicate whether it's a single or multiple domains that you need monitoring
  • privacy: it enables you to make visitors' IP addresses anonymous
  • pages: indicate precisely which pages on your website you need to track
  • messages: track and monitor the messages displayed to your site visitors
  • search and advertising: keep track of your internal site searches and AdSense advertisements; do keep in mind, though, that some additional settings might be needed!

And... more! You actually get even more power for configuring your JavaScript setting and adding custom variables.

The END! This is how you set up Google Analytics on your Drupal site in 3 dead-simple steps, a streamlined process powered by the dedicated Drupal module.

Mar 16 2018
Mar 16

And I'm back, as promised, with 5 more key differences meant to help you solve your Apache Solr vs Elasticsearch dilemma.

To help you properly evaluate the 2 open source search engines and, therefore, to identify the perfect fit for your own use case and your project's particular needs.
 

6. Node Discovery

Another aspect that clearly differentiates the 2 search engines is the way(s) they handle node discovery.That is, whenever a new node joins the cluster or when there's something wrong with one of them, immediate measures, following certain criteria, need to be taken.

The 2 technologies handle this node-discovery challenge differently:
 

  1. Apache Solr uses Apache Zookeeper — already a “veteran”, with plenty of projects in its “portfolio” —  requiring external Zookeper instances (minimum 3 for a fault-tolerant SolrCloud cluster).
  2. Elasticsearch relies on Zen for this, requiring 3 dedicated master nodes to properly carry out its discovery “mission”

 
7. Apache Solr vs Elasticsearch: Machine Learning

Machine learning has a way too powerful influence on the technological landscape these days not to take it into consideration in our Apache Solr vs Elasticsearch comparison here.

So, how do these 2 open source search engines support and leverage machine learning algorithms?
 

  1. Apache Solr, for instance, comes with a built-in dedicated contrib module, on top of streaming aggregations framework; this makes it easy for you to use machine-learning ranking models right on top of Solr
  2. Elasticsearch comes with its own X-Pack commercial plugin, along with the plugin for Kibana (supporting machine learning algorithms) geared at detecting anomalies and outlines in the time series data 
     

8. Full-Text Search Features 

In any Apache Solr vs Elasticsearch comparison, the first one's richness in full-text search related features is just... striking!

Its codebase's simply “overcrowded” with text-focused features, such as:
 

  • the functionality to correct user spelling mistakes
  • a heavy load of request parsers
  • configurable, extensive highlight support
  • a rich collection of request parsers
     

Even so, Elasticsearch “strikes back” with its own dedicated suggesters API. And what this feature does precisely is hiding implementation details from user sight, so that we can add our suggestions far more easily.

And, we can't leave out its highlighting functionality (both search engines rely on Lucene for this), which is less configurable than in Apache Solr.
 

9. Indexing & Searching: Text Searching vs Filtering & Grouping

As already mentioned in this post, any Apache Solr vs Elasticsearch debate is a:

Text-search oriented approach vs Filtering and grouping analytical queries type of contrast.

Therefore, the 2 technologies are built, from the ground up, so that they approach different, specific use cases:
 

  1. Solr is geared at text search
  2. Elasticsearch is always a far better fit for those apps where analytical type of queries, complex search-time aggregations need to be handled
     

Moreover, each one comes with its own “toolbox” of tokenizers and analyzers for tackling text, for breaking it down into several terms/tokens to be indexed.

Speaking of which (indexing), I should also point out that the two search engine “giants” handle it differently:
 

  1. Apache Solr has the single-shard join index “rule”; one that gets replicated across all nodes (to search inter-document relationships)
  2. Elasticsearch seems to be playing its “efficiency card” better, since it enables you to retrieve such documents using top_children and has_children queries
     

10. Shard Placement: Static by Nature vs Dynamic By Definition

Shard replacement: the last test that our two contestants here need to pass, so you can have your final answer to your “Apache Solr vs Elasticsearch” dilemma.

In this respect, Apache Solr is static, at least far more static than Elasticsearch. It calls for manual work for migrating shards whenever a Solr node joins or leaves the cluster. 

Nothing impossible, simply less convenient and slightly more cumbersome for you:
 

  • you'll need to create a replica 
  • wait till it synchronizes the data
  • remove the “outdated” node
     

Luckily for you, Elasticsearch is not just “more”, but “highly” dynamic and, therefore, far more independent.

It's capable to move around shards and indices, while you're being granted total control over shard placement:

  • by using awareness tags, you get to control where those shards should/shouldn't be placed
  • by using an API call you can guide Elasticsearch into moving shards around on demand

The END! Now if you come to think about it, my 10-point comparative overview here could be summed up to 2 key ideas worth remembering:
 

  1. go for ApacheSolr if it's a standard text-search focused app that you're planning to build; if you already have hands-on experience working with it and you're particularly drawn to the open-source philosophy
  2. go for Elasticsearch if it's a modern, real-time search application that you have in mind; one perfectly “equipped” to handle analytical queries. If your scenario calls for a distributed/cloud environment (since Elastic is built with out-of-the-ordinary scalability in mind)
     
Mar 16 2018
Mar 16

Apache Solr vs Elasticsearch, the 2 leading open-source search engines... What are the main differences between these technologies?

Which one's faster? And which one's more scalable? How about ease-of-use?

Which one should you choose? Which search engine's the perfect fit for your own:
 

  1. use case
  2. specific needs
  3. particular expectations?
     

Obviously, there's no universally applicable answer. Yet, there are certain parameters to use when evaluating these 2 technologies. 

And this is precisely what we've come up with: a list of 10 key criteria to evaluate the two search engines by, revealing both their main strengths and most discouraging weakness.

So you can compare, weight pros and cons and... draw your own conclusions.
 

But First, A Few Words About The Two “Contestants”

I find it only natural to start any Apache Solr vs Elasticsearch comparison by briefly shading some light on their common origins:

Both open source search engine “giants” are built on the Apache Lucene platform. And this is precisely why you're being challenged with a significant number of similar functionalities.
 

Apache Solr

Already a mature and versatile technology, with a broad user community (including some heavy-weighting names: Netflix, Amazon CloudSearch, Instagram), Apache Solr is an open source search platform built on Lucene, a Java library.

And no wonder why these internet giants have chosen Solr. Its indexing and searching multiple sites capabilities are completed by a full set of other powerful features, too:
 

  • dynamic clustering
  • faceted search 
  • NoSQL features & rich document handling
  • full-text search 
  • real-time indexing
     

Elasticsearch 

It's a (younger) distributed open source (RESTful) search engine built on top of Apache Lucene library.

Practically, it emerged as a solution to Solr's limitations in meeting those scalability requirements specific to modern cloud environments. Moreover, it's a:
 

  • multitenant-capable
  • distributed
  • full-text


...  search engine, with schema-free JSON documents and HTTP web interfaces, that it “spoils” its users with.

And here's how Elasticsearch works:

It includes multiple indices that can be easily divided into shards which, furthermore, can (each) have their own “clusters” of replicas.

Each Elasticsearch node can have multiple (or just a single one) shards and the search engine is the one “in charge” with passing over operations to the right shards.

Now, if I am to highlight some of its power features:
 

  • analytical search 
  • multi-tenancy
  • grouping & aggregation 
  • distributed search 
     

1. User and Developer Communities: Truly Open-Source vs Technically Open-Source

A contrast that we could define as:

“Community over code” philosophy vs Open codebase that anyone can contribute to, but that only “certified” committers can actually apply changes to.

And by “certified” I do mean Elasticsearch employees only.

So, you get the picture:

If it's a fully open-source technology that you're looking for, Apache Solr is the one. Its robust community of contributors and committers, coming from different well-known companies and its large user base make the best proof.

It provides a healthy project pipeline, everyone can contribute, so there's no one single company claiming the monopoly over its codebase.

One that would decide which changes make it to the code base and which don't.

Elasticsearch, on the other hand, is a single commercial entity-backed technology. Its code is right there, open and available to everyone on Github, and anyone can submit pull requests.

And yet: it's only Elasticsearch employees who can actually commit new code to Elastic.
 

2. What Specific Use Cases Do They Address?

As you can just guess it yourself:

There's a better or worse fit, in any Apache Solr vs Elasticsearch debate, depending exclusively on your use case.

So, let's see first what use cases are more appropriate for Apache Solr:
 

  • applications relying greatly on text-search functionality
  • complex scenarios with entire ecosystems of apps (microservices) using multiple search indexes, processing a heavy load of search-request operations
     

And now some (modern) use cases that call for Elasticsearch:
 

  • applications relying (besides the standard text-search functionality) on complex search-time aggregations, too
  • open-source log management use cases with many organizations indexing their logs in Elasticsearch in order to make them more searchable
  • use cases depending on high(er) query rates
  • data stores “supercharged” with capabilities for handling analytical type of queries (besides text searching)

… and pretty much any new project that you need to jump right onto, since Elasticsearch is much easier to get started with. You get to set up a cluster in no time.
 

3. Apache Solr vs Elastic Search: Which One's Best in Terms of Performance?

And a performance benchmark must be on top of your list when doing an Apache Solr vs Elasticsearch comparison, right?

Well, the truth is that, performance-wise, the two search engines are comparable. And this is mostly because they're both built on Lucene.

In short: there are specific use cases where one “scores” a better performance than the other.

Now, if you're interested in search speed, in terms of performance, you should know that:
 

  1. Solr scores best when handling static data (thanks to its capability to use an uninverted reader for sorting and faceting and thanks to its catches, as well)
  2. Elasticsearch, being “dynamic by nature”, performs better when used in... dynamic environments, such as log analysis use cases
     

4. Installation and Configuration

Elasticsearch is a clear winner at this test:

It's considerably easier to install, suitable even for a newbie, and lighter, too.

And yet (for there is a “yet”), this ease of deployment and use can easily turn against it/you. Particularly when the Elasticsearch cluster is not managed well.

For instance, if you need to add comments to every single configuration inside the file, then the JSON-based configuration, otherwise a surprisingly simple one, can turn into a problem.

In short, what you should keep in mind here is that:
 

  1. Elastricsearch makes the best option if you're already using JSON
  2. if not, then Apach Solr would make a better choice, thanks to its well-documented solrconfig.xml and schema.xml 
     

5. Which One Scales Better?

And Elasticsearch wins this Apache Solr vs Elasticsearch test, too.

As already mentioned here, it has been developed precisely as an answer to some of Apache Solr well-known scalability shortcomings.

It's true, though, that Apache Solr comes with SolrCloud, yet its younger “rival”:
 

  • comes with better built-in scalability
  • it's designed, from the ground up, with cloud environments in mind
     

And so, Elasticsearch can be scaled to accommodate very large clusters considerably easier than Apach Solr. This is what makes it a far better fit for cloud and distributed environments.

And this is the END of PART 1. Stay tuned for I have 5 more key aspects “in store” for you, 5 more “criteria” to consider when running an Apache Solr vs Elasticsearch comparison!

Still a bit curious: judging by these 5 first key features only, which search engine do you think that suits your project best?

Mar 15 2018
Mar 15

Contending with the... paradox of choice? With a handful of tempting options in terms of ecommerce services providers that seem to be fitting your project's needs entirely?

And choosing gets frustratingly challenging since they all “tempt” you with:
 

  • a visually-arresting design “backed up” by an ideally simple navigation structure
  • a team fluent in SEO, ready to propel your site right on the “highest peaks” of Google rankings
  • an impressive experience in implementing e-commerce-specific features and functionality
  • 24/7 assistance: both pre- and post-launch issues and nasty bugs stand no chance to escape their team's vigilance
  • module, theme, and plugin customization skills to suit your ever-growing needs
     

… and the list goes on

So, how do you decide when all your choices seem to be equally... promising? 

What's the proper evaluation system to use on all these “candidates”? How do you narrow down your own checklist of “must-have experience and expertise“ to the essentials?

And what are the essential things to look for in a potential e-commerce services provider anyway? Keep on reading...
 

1. Use This Checklist to Rate Other eCommerce Websites from Their Portfolio

Engage in some research work first, starting with the candidate's own portfolio.

Look for other ecommerce websites listed there and start evaluating the following aspects/site components:
 

  1. the overall design: as a first-time visitor on those websites, do you find them visually-appealing enough?
  2. navigation: it should be as simple and, therefore, intuitive, as possible; easily navigable inventories here included
  3. imagery and particularly product images: are they high-quality?
  4. is there any type of interactive chat system integrated, that users can use for dropping their questions?
  5. is there a review system implemented; are customer testimonials displayed and visible enough?
  6. checkout: the simpler the better; in this respect, the single-step checkouts, with visible “Add to cart” buttons, leading you straight to the payment page, make the surest “bet”
  7. is there a status bar informing customers know just how many more steps there are left till they complete the checkout process?
     

All these are crucial aspects to check off your preliminary checklist, so mind you give them due consideration. Track down all the above-mentioned elements (adding a “minus” to your evaluation list if they miss), then take your time to analyze and to rate them one by one!

The completed projects of an ecommerce services company are filled with valuable “hints” in regard to how your own project might end up looking/performing!
 

2. Does The Platform Suit Your Budget and Back-Office Administration Experience?

And you might want to start your conversation precisely with this question:

“What ecommerce website development platform would you use for my project?”

From WordPress to Magento commerce, to PrestaShop, to OpenCart, to Drupal Commerce, the range of possible answers to this key question is wide enough to get you thinking.

... to get you pondering on whether their platform suits:
 

  • your planned budget for this ecommerce project
  • the time you're planning to invest 
  • your team's skills and hands-on experience in back-office management
     

Do you want your online store to be up and running in no time? Conveniently easy-to-use and overall... simple? 

Or is it a big ecommerce website, with a large inventory, incorporating a whole infrastructure of complex ecommerce functionalities, that you have in mind?

There's a specific platform to go with for every type of need and goal that you might have. Make sure your potential ecommerce services provider has already built itself a reputation working with that particular platform that best suits you and your project!
 

3. Put SEO Expertise High on Your List When Choosing Your eCommerce Services Provider

Need I add more?

The expertise and time invested in building a visually-arresting, ideally easy-to-use website gets reduced to... wasted efforts if they're powered by an effective SEO strategy.

Now it's the perfect time to tackle specific SEO goals that your potential partner would have to meet:
 

  • putting together SEO-friendly URLs
  • integrating meta tags relevant to each page
  • achieving mobile responsiveness
  • using certain page load time optimization techniques
     

And the list of SEO-oriented goals and aspects to evaluate at this phase continues with the analytics tools that this ecommerce services company has in its toolbox.

In short: look for proofs that this company's proficient in turning key customer-behavior data and valuable stats into... actionable insights for you to leverage.
 

4. Carefully Consider Their Time Estimate: Do They Leave Any “Room” for Extensive Tests?

In other words: “fast” could also mean:
 

“Let's skip or reduce the pre-launch testing to bare minimum!”

It's a trap, don't fall for it!

Make sure that the time estimate that they'll give you:
 

  • complies with your own release schedule
  • does cover the pre-launch testing period, too
     

A time needed for them to do their own testing, for your own team to run theirs and, of course, for this partner team to get all the identified bugs and issues fixed.
 

5. Do They Commit to Crafting High-Converting Copy, too?

If so, look for relevant “samples” of copy they've already crafted for past clients.

Is their copy:
 

  • persuasive enough?
  • clear, concise, yet informative?
  • simple, yet engaging?
     

Does it efficiently outline/tell those products', those brands' unique features/stories?

Then, you might just have a “winner”.

Still, there still are 2 more essential aspects to check off your list before you can give your final “verdict”. Keep on reading...
 

6. Can They Meet Your Current and Future Customization Needs?

Maybe a standard turnkey solution doesn't suit your ecommerce project's specific needs. Maybe those plugins need some tuning work to meet your specific requirements.     

Or maybe you want that free Drupal 8 ecommerce theme that you like best to be perfectly adjusted to your own needs.

Is this ecommerce services company IN for customization, too? Or do they stick to assembling pieces provided by an open-source platform when putting together your ecommerce website?

Be skeptical when you're being offered “one size fits all” solutions! When you detect proofs of zero experience or total lack of enthusiasm at the perspective of having to custom-tune those:
 

  • ecommerce theme
  • plugins
  • modules
     

… to your project's particularities and to your own future goals.
 

7. How About Post Launch Support? What if You “Detect” New Issues Then?

Is it a “full-option” type of ecommerce services package that they'll provide you?

Will they be there, ready to intervene, if, after your website' launch, you detect any bugs that escaped the pre-launching testing phase? Or if new issues breakthrough?

Now it's the perfect time to let them know about all your expectations regarding post-launch assistance.
 
The END! Time to evaluate some “candidates” now and, with this evaluation system at hand, to choose the ecommerce services provider that makes the perfect fit for your project's needs!

Mar 10 2018
Mar 10

Price, level of expertise and estimated time! These are the 3 main criteria that any organization planning to have a mobile app built use to evaluate potential mobile app development services providers, right?

And yet, the cost of development sure isn't just about the money. Take time factor and commitment, for instance! They, too, get reflected in your bill. A suspiciously short time estimate might be a signal for you that they'll be skipping a crucial step or two from your app's development process.

Also, a “large” team might be a numerous team of enthusiastic and hard-working... junior developers only. 

So, how do you properly evaluate your potential mobile app development partner? How do you know for sure whether their services and level of expertise are enough to help them deliver you a mobile app that meets your requirements entirely?

Gaining in-depth knowledge about their team members and collecting reviews from former clients are just some of the key steps to take during your “investigation”. 

And since no other “evaluation method” could beat an open face-to-face talk, here are 9 essential questions to ask your potential provider:
 

1. "What's Your Specific Workflow?"

In other words: how do they usually approach their mobile app projects?

What's their work strategy? What key phases does it include (or exclude)?

Everyone's “boasting” with their adoption of the agile development these days, right? Make sure you go beyond the standard talk about the agile approach and ask them to name the specific phases included in their process flow. 

A good workflow would need to include at least these 5 crucial steps:
 

  1. preliminary research on the type of app to be built, along with all its particularities and specific functionalities to be implemented (analyzing the target audience here included)
  2. a feasibility study
  3. the prototyping phase
  4. the UI optimization phase
  5. the MVP building phase
     

Do dare raise an eyebrow if your potential “partner in crime” strives to convince you to go straight to MVP.

It's an alarming sign that they're not the professionals that you might want to handle your brilliant app idea.
 

2. "What Technologies Does Your Team Have a Deep Expertise In?"

Another crucial question to dare asking your potential app development services provider whether:
 

  1. you've already started working on your app and you're now just outsourcing some aspects of your project; it's vital that this team should be proficient in that particular technology that you're currently using in your project
     
  2. you haven't yet started your project and you haven't yet chosen the mobile app development technology(s) that will be powering it either; it's crucial to know then how easily this team of mobile app developers can adapt to a new technology along the way
     

3. "How Many “X Technology” Developers Are On Your Team? Juniors or Seniors?"

Expertise, hard to quantify, but crucial for ensuring that the resulting app will live up to your standards!

Therefore, once you've dug through their never-ending list of technologies that they have a hands-on experience of, go deeper with your “investigations”. Identify just how many developers are familiar with your required technology.

Are they mostly junior or experienced developers?

And, most of all, do dare to ask for some sort of proof of their seniority levels. Some “blind” CVs or even samples of older code would be perfect.
 

4. "What Would Be Your Time Estimation on My Project?"

And time sure is money!

Do keep in mind that the average time invested in a mobile app development process is of 4-6 months.
Compare the time estimate that this potential mobile app development services provider gives you with this “average time” for developing an... average mobile app.

Next, ponder on their estimate a bit:
 

  • if they commit themselves to delivering you your app faster than their competition, then you might want to put their offer on top of your list
  • if their shorter development time is counterbalanced by a higher price, don't rush to take them off your list!
     

A higher price might as well be a proof of the seniority level in their team. As well as of an efficiency-boosting workflow that they may be leveraging within the company.
 

5. "Does Your Portfolio Include Any App Development Projects Similar to Mine?"

And by “similar” I definitely do not mean “identical”. Are they familiar with your industry?

Have they implemented the same functionalities in some of their previous app development projects? Such as integrating a particular payment gateway, for instance?

Have they been working mostly with start-ups or enterprises? 
 

6. "Any Former Clients' References for Your Mobile App Development Services?"

Why should your “research” be any different than that of a potential customer? Someone looking to make a purchase, who usually conducts a multi-leveled research: forums, customer reviews etc.

Therefore, one of the key criteria when evaluating your mobile app development services provider is their former clients' references.

Dare to ask for such recommendations and read client reviews on research company sites, such as Clutch.co, for instance. They do a wonderful job combining multiple evaluative metrics for identifying the leading companies in various industries (interviewing former clients being their no.1 research technique)

 Ask questions about some of their past projects: the challenges they faced, solutions that they've come up with, time invested in those projects etc.
 

7. "How Much Will My Project Cost? And What Does The Price Tag Cover?"

For putting a price tag on is equally important as knowing from the very beginning precisely what services your “bill” would include.

Speaking of which, here are some of the fixed aspects that you should make sure that will get included in that price estimate:
 

  • research & preliminary consultancy
  • UX prototypes, mockups
  • design
  • mobile app development
  • project management
  • all infrastructure costs
  • guarantee
  • licenses
     

Also, a key parameter to use when you're “weighting” their cost estimate is the seniority level of the developers that will be assigned to your project. 

Since their proven experience and expertise would automatically influence the price.

If the given price is suspiciously low, you might want to question those developers' overall level of expertise. Which, in the end, might lead to longer development times.

So “cheaper” might turn out to be... more expensive actually.
 

8. "What Files Will I Be Given Access to During the Project?"

Transparency is a strong indicator that this might just be the mobile app development company that you want to partner with.

Don't hesitate to ask about the files that you can access during the project. Wanting to know what's going on, at every stage of your future app's development process, is only legitimate.

And speaking of the files that you should be entitled to have easy access to, let me mention just a few:
 

  • time reports
  • weekly updated staging and production environment
  • source code
  • test environments/demos
  • the project management's dashboard itself (whether it's Jira, Taiga or maybe Trello that they're using)
     

The more involved you'll be in the process, the quicker you'll detect issues that you dislike or simply specifications that you'd like to create. And the more chances will be for the final product to meet your requirements entirely!
 

9. "How Do You Communicate With Your Clients Throughout The Projects?"

And probably this is precisely the question that you should be starting your “interview” with.

Knowing what:
 

  1. communication tools they'll be using (Slack, Rocket)
  2. what project management boards
  3. what time you can contact them at, their overall availability and response times
  4. the calls' frequency' how often you'll be getting in touch with the team working on your project


… is vital. Zero or poor communication and timeliness risks to turn all expertise, efficiency-enhancing workflow, conveniently low price and short development times into... nothing but “details”.

What if you want to make some recommendations? Or to inform the team about some late scope changes?

What if the team itself needs further clarifications from you?

Now it's the perfect time to express your expectations when it comes to this part of your future collaboration: communication.

And also, to have your doubts if the potential app development services provider doesn't seem too open to implementing your suggestions. To committing itself to frequent calls and so on.
 

The END! These are the 9 crucial questions to ask or the 9 things to look for in a new mobile app developers company that you consider collaborating with.

Would you have added a few more? If so, what other questions?

What is your own criteria when you're evaluating potential development teams in order to assess if they're the right fit for your app project? 

Mar 09 2018
Mar 09

Building or “redecorating”? Are you putting together your online store from scratch or refurbishing your current one? No matter which one of these 2 scenarios fits your plan, you must be running your own “investigations” right now: which are the very best free Drupal 7 eCommerce themes out there?

Having a “top X” selection at hand would definitely speed up your “research”, right? A top including:
 

  • feature-rich themes, “loaded” with all those functionalities crucial for any eCommerce business, such as freedom to style your own product pages, checkout forms, custom cart, “add to cart” button, custom login and logout   
  • Drupal 7 responsive themes
  • themes empowering you with plenty of customization freedom
     

Well here's the selection of 5 Drupal themes for e-commerce that you should start your "investigations" with.
 

Jumpstart your Commerce Kickstart theme development using this base theme as a... strong “push”.

Free Drupal 7 eCommerce Themes- Omega Kickstart

A responsive subtheme, a “kickoff” to your whole theme development process on Commerce Kickcstart, Omega Kickstart comes packed with all the crucial features:
 

  • it's free
  • it's built with Drupal Commerce in mind
  • its layout is fully adjustable to any screen size (desktop, tablet, smartphone)
  • it's conveniently more user-friendly than the pre-built Omega
     

Therefore, it makes the perfect impetus for kick-starting your theme development plans!
 

2. AT Commerce, One of the “Feature-Overloaded” Free Drupal 7 eCommerce Themes 

A “full-option” Drupal commerce theme we could say!

Free Drupal 7 eCommerce Themes- AT Commerce

AT Commerce “spoils” you with out-of-the-box support for the Drupal Commerce module and Ubercart and .... “overwhelms” you with a heavy load of great features.

Now to name just a few:
 

  • it's equipped with support for a lightweight and nonetheless responsive slideshow
  • pre-built support for a Color module (Garland or Bartik); this enables you to go beyond the 3 default color combinations and, using the color picker at hand, to “color up” your theme to your liking
  • heading styles that you're free to customize
  • built-in Superfish module support 
  • custom login block
  • support for 26 regions
  • a custom and configurable responsive grid layout for the front page and the taxonomy pages (that you're free to disable if you want to)
  • Google fonts 
  • mobile support 
  • multiple image field alignment options
     

And the list is a never-ending one. 

As you can see, AT Commerce is a theme that not only that provides you with a wide range of e-commerce-specific functionalities, but with almost unlimited customization freedom, too. You'll get to put together your site's “signature” web design in no time, with no need to “get your hands dirty” in code.

From creating your “trademark” color scheme, to “playing” with all the settings that would impact the overall design and layout, your styling power is significant.

A word of caution: do keep in mind that this is a sub-theme; before you get to leverage all the above-mentioned AT Commerce features (plus a few more) on your own website, you'll need to install the latest version of the AdaptiveTheme.

It's this theme that will provide the needed core functionality
 

Here's another one of those free Drupal 7 eCommerce themes geared at helping you get a fully functional and attractive online store up and running in no time!

Free Drupal 7 eCommerce Themes- Commerce Theme

Moreover, the theme behind this theme “tempts” you with a Commerce Installation Profile bringing you, right out-of-the-box, all the needed functionalities to start selling your products.

A profile coming with built-in Drupal Commerce support and perfectly organized files enabling you to easily customize any eCommerce component you need to.
 

As its name suggests:
 

if it's a clean and “inviting” storefront that you need to implement on your eCommerce site, this is the theme to consider!

One that “plays well” with Drupal Commerce and that you can easily style up, further, adjusting it to your customer's future preferences.

Free Drupal 7 eCommerce Themes- Storefront

In short: Storefront is that Drupal commerce theme that will implement a clean and appealing interface to your Commerce Kickstart installation.

And now if I am to highlight some of its key features:
 

  • responsive techniques via media queries
  • various settings to “play with” for customizing your site framing, home grids, your color schemes, layout...
  • an entire collection of template files essential for eCommerce sites: review pane, cart block, product-node
  • options for cleaning up checkout panes, various form elements (specific to add-to-cart links, product attributes) and check-out layouts
     

Note: since this theme's compatible, out of the box, with the first version of Commerce Kickstart, the team behind it commits itself to making Storefront “play well” with the second version, as well.
 

A versatile (“fitting” all site types) and feature-rich theme “praising” simplicity.

Free Drupal 7 eCommerce Themes- Metropolis

This is a concise, yet comprehensive definition of Metropolis, one of the most popular free Drupal 7 eCommerce themes.

A more detailed definition would need to include “details” such as:
 

  • the fact that it's a tableless theme, with a 1-2 column layouts
  • it provides you with a superfish drop down menu
  • comes “equipped” with 10 collapsible block regions
  • an image slideshow, that you get to customize to your liking via the Views Slideshow
  • heading H1 optimization for boosting your SEO efforts
  • primary and secondary links
  • custom login and logout options
     

The END! These are the top 5 free Drupal 7 eCommerce themes that you should consider evaluating first. To check whether their built-in collections of eCommerce-specific features suit your own needs and goals or maybe just partially. 

Mar 07 2018
Mar 07

Oops!...We did it again! We've got awarded 4 spots in Clutch's latest research highlighting the top-performing development companies in New York. It's in 4 of the industries included there that OPTASY's got recognized as one of the top developers in New York: Drupal development, PHP development, e-commerce, Shopify and web development.

Moreover — as if just being listed there, among all those leading development firms in New York, hadn't been enough — we got ranked #2 as Drupal developers, respectively #3 as PHP developers.

And, ranked top 15 in three other industries, as well!   

Now with the risk of showing lack of modesty, we have to admit that we had been starting to feel quite “at home” on Clutch's matrices. Those highlighting the leading web development companies in Canada, in various industries.

But to be recognized as one of the top developers in New York is simply an... overwhelming surprise!

And it's almost an organic process if we come to think of it: it's our clients' encouraging feedback that made us open an office in New York, too (besides the one in Oakville, Canada). And it's their feedback, again, that reassures us now that we've made the best decision.

We help our clients grow — powering their own ideas with our expertise and experience —  and, in return, they fuel our own growth plans.

As natural as that.

And this is precisely why we're particularly honored not just to be recognized as one of the top developers in New York, but to get ranked as a leader by Clutch itself.To get listed as a leader on any of their researches is already an honor for us.

This because the Clutch team doesn't apply “just” the conventional evaluative metrics when analyzing the “candidates”. Metrics such as industry experience or market presence. 

And it's not just data-driven content that they support their selections and hierarchies on, either. Instead, they actually interview both past and current clients of the given companies in order to identify both their strengths and weaknesses.

In other words:

First it was our clients that named us one of the top leaders in New York, then the Clutch team came to pinpoint their recognition. 

See why we're overly honored whenever we get listed on Clutch? Why we can't thank our clients enough for sparing some of their time to answer Clutch's questions; to put their experience with our team and their opinion on our work into words? 

Having our passion for what we do reflected in our clients' feedback is such a confidence-booster for us!

And receiving, once again, a Clutch recognition can only confirm to us that:

our client-centered approach and commitment to excellence make the best long-term strategy.

And that we should stick to it.

A big “Thank you!” to all our clients for their recognition and a big “Thank you!” to the CLUTCH team for the dedicated efforts put into each one of their famous researches.

Mar 05 2018
Mar 05

Here's where you probably stand now: you need to integrate all your on-premise systems or cloud (or both) applications and to automate them in a perfectly orchestrated infrastructure! And you're asking yourself: “Should I go with Mulesoft's capabilities?” “What if I evaluated other integration solutions, as well?” “What are my other options?” “Which are the Mulesoft alternatives?”

Since it's been a while since Mulesoft's Anypoint Platform's been competing with other technologies for users' preference in the enterprise integration software landscape.

And competition sure is fierce, and so is your paradox of choice:
 

  • each technology comes with its own type of infrastructure 
  • … geared at delivering integration as a service
  • each one's packed with specific capabilities, designed to meet particular integration needs
     

A comprehensive, yet succinct definition would go something like this:

MuleSoft provides companies with a next-generation integration platform (Mule ESB & CloudHub) for connecting all their systems (SaaS and enterprise apps) both in the cloud and on-premise.

“And how does it work?” “What can you achieve by using it?” You might then ask yourself.

Here's my three-version answer to your legitimate questions:
 

  1. MuleSoft manages and secures the continuous data flow between all the existing systems in your organization
  2. it provides your team with self-serve exiting APIs, thus supporting their innovative initiatives
  3. it practically unlocks data via APIs, “injecting” it in the indicated external apps and systems from your enterprise infrastructure
     

Now, if I am to briefly point out some of MuleSoft Anypoint Platform's biggest advantages:
 

  • it enables you/your team to deploy your application on cloud with utmost ease
  • it enables your team of developers to easily put together some truly complex orchestration flows: all it takes is some drag & drop on the user-friendly dashboard
  • the containers that it provides and its conveniently simple, user-friendly graphics can only streamline developers' workflow even more
  • it supports interaction with other platforms via web or REST services
  • it complies with all major connection and data representation standards
  • it enables simple and fast APIs exposure 
     

And by far one of the biggest edge that Mulesoft has over its competitors:

It's an integration platform that enables different existing apps and systems to connect with each other, acting as a bridge transporting data back and forth between them; and this data flow takes place within your enterprise or across the internet

Mule ESB still is one of the most easily (and widely) integrated applications.

And now, it would be only fair to point out some of MuleSoft's limitations, as well, right?
 

  1. it is particularly suitable for complex integration scenarios (since it supports Java code, as well)
  2. in short: you'll need to consider having an experienced Mulesoft developer (with some Java background) in your team
  3. you might want to be able to interact with MuleSoft support right from the design environment (which is not yet possible)
  4. when it comes to dataweave mapping, you'll need to ensure, yourself, that all the fields are mapped, by inserting the right names; you can't rely on some sort of control mechanism to double check that for you instead
  5. structuring a process hierarchy is not exactly “piece of cake”, since you'll have to set up flows and sub-flows in the very same XML configuration files
     

Apigee: One of The Most Popular MuleSoft Alternatives

And what makes it such a popular alternative (and implicitly one of MuleSoft's biggest competitors) is the fact that almost all components can be scaled horizontally!

But there's more! More reasons why many companies choose Apigee over MuleSoft when looking for the best integration software to “power” their own integration scenarios:
 

  1. it provides very good documentation (plus a blog), covering all the details of the most “popular” failures and valuable advice on error handling
  2. it empowers new users to get started right away, with very little guidance needed: they get to develop a Proxy and APIs right away
  3. a conveniently easy to use console
     

Another “rival” that the Anypoint Platform needs to share its worldwide fame with! 

Here are some of the strong points that make Tibco BusinessWorks the no.1 choice for plenty of enterprises looking to seamlessly and effectively interconnect all their systems:
 

  1. it comes “packed” with lots of integration options: you get to test and to troubleshoot the whole process within the designer, you can write (a file activity), then automate a process in just a few hours and to easily deploy it in the Tibco Administrator
  2. it's conveniently easy to monitor
  3. it handles data manipulation and integration of heterogeneous systems remarkably
  4. it makes transforming and analyzing data, as well as managing error cases, ideally quick and simple
  5. you get to enable communication between multiple different systems without the need to set up custom APIs
  6. short time to market
  7. it supports legacy system integration
  8. it supports REST services development
     

What is JitterBit's edge over Mulesoft? What convinced me to add it to this list of “MuleSoft alternatives”?

It's easy to use! It's a simple way for enterprises to connect all their apps, devices and critical data that they need to get “flowing” for running their business!

"Simplicity" and "ease of use" are the 2 keywords to describe this integration solution.

And here are some more reasons why JitterBit's on this list:
 

  1. it's easily customizable
  2. it's built to connect a lot of different sources and targets in the “data flow” circuit (SQL  DB, Salesforce, CSV, iSeries, IBM)
  3. it enables your team to set up operations (and to apply changes to, when needed) quick and easy, so you can leverage your entire infrastructure within minutes
  4. not only that it sync data collected from multiple different systems, but it uses multiple data formats, as well (both for intake and output), which takes the burden of writing custom ETL scrips off your back
  5. no steep learning curve
     

How can Zapier here, one of the Mulesoft alternatives, meet your integration needs? 

It empowers you to automate tasks performed between other online services: Gmail, Salesforce, Basecamp, 249 etc.

And here's how Zapier's “arsenal” of features and functionalities looks like; the ones that you get to tap into for connecting and automating all your apps nice and easy:
 

  • automated & connect applications
  • automated workflows
  • easy automation
  • developer platform
  • fast build processes 
     

You sure aren't nickel and dimed in choices when it comes to data integration tools!

Informatica Cloud Data Integration is yet another full-featured, complex solution to consider:
 

  • it comes with all the capabilities needed for connecting all your on-premise/cloud applications and make them share data
  • no matter what type of apps, since it supports NetSuite integration, Eloqua, Salesforce, Workday, Marketo, SAP, Oracle
  • it enables you to extract data from your ERP systems, to transform it and then to “inject” it into your operational data stores
     

As its name “divulges”: it's Oracle's cloud-based integration platform that we're putting into the spotlight here!

Similar to the Mule app since it, too, provides a data environment in exchange, Oracle ICS's “job” could be summarized as follows:

It provides a user-friendly web-based interface which makes possible for “citizen integrators” to peform basic mapping between the interconnected (cloud) applications.

But the 2 key features that turn it into one of the Mulesoft alternatives are:

  • unlike Mule, Oracle provides an enterprise information integration, too (EII)
  • it provides several different adapters, suitable for a wide range of cloud-based business applications

Practically, with just a few clicks, you can set up a connection to the Oracle Sales Cloud, SAP, RightNow, Salesforce, Oracle E-Business Suite and the list can go on...

And now to mention just a few more of Oracle's strengths:
 

  • it's easy to use (and I've just mentioned here its user-friendly web-based UI)
  • it takes just a few clicks to access your integration platform; no need to bring your own servers or software to the table
     

Not only that it “spoils” its users with an easy to use UI, drag and drop convenience for creating new processes and excellent support, but there's a whole “pile” of other features that make Dell Boomi one of the Mulesoft alternatives:
 

  • it provides a multi-purpose PaaS
  • integration cloud 
  • cloud-to-cloud integration
  • B2B integration
  • multiple tenant platform
  • SaaS-to-SaaS integration 
     

Furthermore, if I were to highlight its biggest strengths, I'd pick up 3 main benefits that you can reap from choosing it as your integration solution:
 

  • getting a simple integration up and running will only take you about a couple of hours
  • great visual interface that will speed up most of your team's tasks
  • you get out-of-the-box connectors to Taleo, Salesforce, plus many other popular SAAS
     

But (for there is, indeed, a “but”) there are also 2 discouraging drawbacks that I have to point out to you:
 

  1. the XML split does cause some irritating issues
  2. it's overly “picky” when it comes to the data format and the data type that it accepts
     

Now, if I am to sum up this “MuleSoft vs Dell Boomi” comparison in just one succinct, yet complete phrase, it would have to be the following:

While Dell Boomi's geared at providing you with comprehensive solutions for cloud integration, Mulesoft's “specialized” in API-based integration.

This is the key difference between the two integration solutions!
 

In Conclusion 

Determine and evaluate your integration needs first! It all boils down to this...

And that way before you jump to weighting each one of these integration technologies' strengths and limitations!

For it's only after you've defined your needs that you should start looking for the software capable to meet them.

Mar 02 2018
Mar 02

The Earth is round, a buttered toast will always fall butter-side down and doing clear cache is every Drupal developer's best practice, these are all globally-accepted truths! And speaking of the latter, when you discover that the familiar Drush clear cache technique is no longer universally unique you wonder: why the change?

Why go from clear-cache, to... actually rebuilding cache, starting with Drupal 8?

What's the catch?

This new way to clear Drupal cache must be stemming from a certain limitation that earlier versions of Drupal presented:

Partially completed cache-clearing operations threatening to grow into fatal errors.

And now, let's dig into more details on:
 

  • clear Drupal cache: why & when
  • the 4 methods for clearing your cache in Drupal
  • Drush clear cache vs rebuilding cache: differences, the initiative behind this change, main benefits to expect 
     

So, shall we proceed?
 

Clearing Your Drupal Cache: Why Bother? And When?

First of all, here's the “motivation” that drives Drupal to create a cache in the first place:

Each time a Drupal site has to render a certain web page, it is “forced” to perform specific database queries; and since all these queries have a negative impact on the overall page loading time, Drupal “decides” to store these web pages, once it will have rendered them, in a cache for later (streamlined) reference.

OK, now that we've settled this whole “cause and effect” process, let's see why and when you should clear cache on your Drupal site:
 

  1. when you're troubleshooting problems on your website; clear Drupal cache before you undertake any debugging, since this might just confirm to you that the “alerting issue” was nothing but a bad cache entry
  2. whenever you want Drupal to quickly record all the updates that you will have performed via the UI, all the changes you will have applied to your code
  3. when you're moving your website to a new host
  4. when you're installing a new theme or module on your Drupal site; just another scenario when Drush clear cache should be the very first step to take while you're troubleshooting
     

In a few words: clearing your cache might just be one of the most frequent actions you'll take while working (or simply maintaining) on a Drupal site. 

And in many cases, the one that will “save the day”, without the need to apply other more complex techniques from your “arsenal”.
 

4 Different Methods to Clear Drupal's Cache 

For there are several ways for you to clear your Drupal site's cache. Just go with the one that best suits your work style:
 

1. The Easy Way: Clear the Drupal Cache From the User Interface 

By far the handiest (and some might say “the less-efficient”, too) method to clear Drupal cache is via the UI:
 

  1. just go to Administration>Configuration>Development>Performance 
  2. and hit the “Clear all caches” button
     

It won't be long till Drupal displays the “Caches cleared” message for you! And that's it!


2. Drush Clear Cache (Drupal 7) or Drush Cache-Rebuild (Drupal 8)

And now, the second method in your “arsenal”: the clear Drupal cache command line one!

A two-way method, better said, which depends greatly on the version of Drupal on your website: 7 or 8?

In this respect, here's the “magic command” to use for clearing your Drupal 7's cache:

drush cache-clear all 

or

drush cc all

Whereas in Drupal 8, this is the Drush command for tackling your cache:

drush cache-rebuild

or, alternatively, these 2 aliased commands:

drush rebuild or drush cr

And here I'm sure you can already tell which are the specific steps to take for handling your cache in Drupal 8 using Drush (still the most convenient way to do it):
 

  1. first of all, you open a Terminal window and CD in your Drupal 8 website's root (a step that you can overlook if it's Drush aliases that you're using):
  2. next, your run your “magic formula”, your Drush command (“drush cache-rebuild” or “drush cr”) and wait for it to complete its task before going back to your website
  3. and finally, you just reload the page you were on, in your web browser
     

3. Run the /core/rebuild.php file for Clearing Your Drupal 8 Site's Cache 

Among all the improvements that Drupal 8 “lures” us in with (built-in WYSIWYG, a Twig templating system and so on), there's the /core/rebuild.php file standing out!

And “promising” us to streamline our frequent (and time-consuming) cache tackling tasks that we need to carry out during development:

The Drupal 8 site in question doesn't even have to be working and the whole process doesn't require Drupal Console or Drush either!

How about that?

The one and only requirement (for there still is one) is that your site's configuration supports it. 

And how can you check whether your site's config accepts this functionality? Well, there 2 methods at your disposal:
 

  1. in case you're working locally, just ensure that $settings['rebuild_access'] = TRUE; in your settings.php (settings.local.php)
  2. or run this script in your command line: /core/scripts/rebuild_token_calculator.sh; then just use the results there as query parameters for /core/rebuild.php (https://goo.gl/qTrJ9d)
     

And voila! This “trick” will rebuild all cache without even requiring for the Drupal 8 site itself to be working during the whole process! 

Which makes it the perfect “plan B”, whenever you don't have Drupal Console or Drush installed where you're working!

The only condition is that your websites' configuration supports this functionality!
 

4. In the Database: Truncate all Tables Starting With “cache_”

Spoiler alert: by “truncate” I do mean emptying, not removing!

The fourth method to clear Drupal cache involves clearing all the data from the cache-related tables in your database. Meaning all the tables starting with “cache_”.

For this, you just go over to your phpMyAdmin, select all the cache_* table and then click “Truncate” in the “with selected” drop-down menu placed at the bottom of the page:

TRUNCATE cache_config;
TRUNCATE cache_container;
TRUNCATE cache_data;
TRUNCATE cache_default;
TRUNCATE cache_discovery;
TRUNCATE cache_dynamic_page_cache;
TRUNCATE cache_entity;
TRUNCATE cache_menu;
TRUNCATE cache_render;
TRUNCATE cache_toolbar;

As for the command line, feel free to scan through and then to tap into the valuable info that you'll find here: https://goo.gl/1b4otB here's another practical example:

Let's say it's Sequel Pro — an SQL GUI app — that you're using. For truncating those specific tables, connect to the server, track down your site's database, have those specific “cache_” tables highlighted and just choose “Truncate tables”, from the drop-down menu!

Also, in the above-mentioned “scenario” you could alternatively go to your PhPMyAdmin's SQL command field or MySQL CLI and run the above-mentioned command:
 

From Drush Clear Cache to Cache Rebuilding in Drupal 8: Why the Change?

Here's the challenge that the conventional Drush clear cache (or “drush cc all”) used to make us deal with:

Drupal's using caching intensively and therefore, it implicitely creates lots of inter-dependencies. Only partially flushing this heavy load of caches used to pose some major risks for any website.

This is where the “cache-rebuild” method stepped in, starting with Drupal 8!

It practically rebuilds (re-bootstraps) the whole Drupal site, after making sure that all cache is perfectly cleared. A “check and double check” technique, you may call it, which makes sure that:
 

  1. your site is up and running
  2. all cache gets flawlessly flushed!
     

Drupal 7's so very popular Drush cache command itself gets cleared and replaced with “cache-rebuild” in Drupal 8.

Which (the Drush cache-rebuild command specific to Drupal 8) carries out the following tasks:
 

  1. clearing the APC cache 
  2. bootstrapping Drupal
  3. calling drupal_rebuild() 
  4. removing the Drush cache 
     

4. Wrap-Up

Summing it up now, the essential info to remember is that:
 

  • “clear cache” should be on top of your “best practices” list as a Drupal developer 
  • you have not just 1, but 4 methods to choose from, depending on your work style and context: via the UI, clear cache using Drush, by truncating your “cache_” database tables, by running the /core/rebuild.php file
  • Drupal 8's cache-rebuild is a step forward from the conventional cache-clear practice; it adds a new “re-bootstrapping” operation to the “cache clearing” process!
Mar 01 2018
Mar 01

A great developer experience or a great user experience? A familiar web technology for you to code in or native-like performance for your users? And these are just some of the questions “taunting” you right now, while dealing with a PhoneGap vs React Native dilemma, right?

Each platform comes with its own “temptations” to... lure you in:
 

  • PhoneGap promises you an “easy life” as a mobile app developer, enabling you to use any JavaScript library and framework that you're comfortable working with
  • React Native promises you to inject native-like performance into your app and thus...  to perfect the user experience
     

So, which one to go with?
 

PhoneGap: A Brief Overview

A compromise! This is, in my opinion, the perfect word/metaphor to describe PhoneGap.

A compromise in terms of user experience and performance, since it's hybrid mobile apps that you get to build using this technology:
 

  • a JS/CSS/HTML app having a browser-based UI (giving you the freedom to work in any of your preferred web technologies)
  • that exposes native mobile device APIs and data; accessing phone components through the API navigator
     

While a more “formal” definition would go something like this:

PhoneGap is a distribution of Apache Cordova — coming with a few tweaks and custom packages —  that you can use for embedding websites in mobile apps via WebView.

In short: more than a website, yet not a fully native mobile app. A hybrid app compromise!
 

A Few Words About React Native 

In a  PhoneGap vs React Native debate, the latter would always have its native components rendering “trump card” up its sleeve:

For a React Native-powered app is written in JS, like a PhoneGap one, yet it doesn't just render a webview, but REAL native components instead!

And that, my friend, would also win over users: it's better user experience and zero compromises on performance that you get “rewarded” with for using React Native.

You could also take this mobile app development platform as the answer to users' becoming more and more demanding:

If hybrid, HTML 5 and/or mobile web apps used to be enough to “satisfy” their needs, while being a “blessing” for developers' budgets, as well, mobile users started to crave native-like performance. And so, React Native emerged!

It's a convenient “bridge” between JS and native platforms:
 

  • React Native apps get written in JavaScript
  • they “play by the rules” and meet the standards of the operating system
  • ... while accessing a big part of the native platforms via this metaphoric “bridge” that React Native creates
     

PhoneGap: Tempting Benefits vs Discouraging Disadvantages

Now in order to get an accurate score to our “PhoneGap vs React Native” debate here, we'd better go “pros and cons harvesting”, right?

So, without any further ado, I'll list some of PhoneGap's “irresistible” advantages first:
 

  • it “spoils” the developer with a wide range of frameworks/libraries to choose from; if you're a big fan of web technologies, if you enjoy building UIs in HTML and CSS, you'll love the rich collection of choices that PhoneGaps puts at your disposal
  • therefore, PhoneGap is easy to work with and developer-friendly
  • it's not bound to any specific framework 
  • PhoneGap-based apps perform within wrappers targeted to each platform and use API bindings that comply with the all the given standards for accessing each mobile device's data, network status, sensors
  • it's based on the “write once run on every platform” philosophy: you get to “reap” the benefits of cross-platform development; just “work your magic” in any of the web technologies that you're comfortable with and have your app running on all available platforms
  • … with no need to get yourself tangled up in each platform's native development language
  • your app will have a similar UI on all native platforms 
     

And now, the limitations that you need to consider when building mobile apps using PhoneGap:
 

  • by far the biggest inconvenience is the sluggish performance (leading to poor user experience, needless to add); and it's a more than predictable drawback considering that the web was created for web pages, not for heavy, animations-loaded, complex apps
  • you risk to get all the issues of the web, as well, right out-of-the-box, along with your PhoneGap hybrid app. Bugs specific to certain browsers or styles that work differently depending on the browser here included! 
     

In short: on one hand, you get to enjoy a great developer experience, on the other hand, you risk to compromise the user's experience!
 

React Native: Top Pros and Cons

In a PhoneGap vs React Native “competition” the former would always fall behind when it comes to performance: React Native is undoubtedly faster.

And here are some other benefits to "reap" for using React Native to build your mobile app:
 

  • it renders real native components instead of a webview
  • also, since it renders NATIVE views without using webview as an intermediary, expect to face no browser compatibility challenges
  • there's strong social proof, highly relevant evidence for its reliability: Instagram, Airbnb, Uber
  • it's committed to the “learn once, write everywhere” philosophy; once you're familiar with React, you'll be writing native apps in no time, with no need to delve into Java or Objective-C coding, unless you want to extend your app's functionality
  • moreover, React's backed by a huge community, so during your learning time and then during your app development process, you can rely on plenty of “expert” support 
  • the user experience is significantly improved: a React Native app will always have a native look and feel to it compared to a mobile web app 
  • also, since it renders native views, expect smoother, high performant animations, as well
     

Yet, React Native does come with some drawbacks, as well, that might discourage some (even you!):
 

  • you need to be familiar with React, there's way around it
  • you'll need to write an app for every native platform (due to that above-mentioned JS-native platform based structure) since some of the components might be platform-specific
  • don't expect to be able to use HTML: it's native components that you'll need to "juggle with"


And The Answer to “Your PhoneGap vs React Native” Dilemma” Is...

“It depends!”

If you've already used React for the web, so you're definitely not stepping on alien ground, go with React Native!

It would be a pity not to leverage your React knowledge and not to benefit from all the top performance that you get to inject into your mobile app!

Not familiar with React? And, moreover, you love having an entire “palette” of familiar web technologies at hand, to just “grab and use”?

Then you'll love PhoneGap's “developer friendly” approach!

The END! Hope I've included all the most relevant pros and cons and managed to pull off some good explanations on why some developers get seduced by Facebook' baby, React Native, while others prefer to tap into familiar PhoneGap's own advantages.

How about you? Where do you stand now? 

Feb 28 2018
CSS
Feb 28

Automate all site-building tasks and streamline your theme development process! In short: reduce development time and boost your productivity as a Drupal 8 themer with Gulp! But how to use Gulp to automate your workflow?

How do you set it up and run its toolchain in conjunction with Drupal? How do you move away from the old practices of the “good old days”,  when you had to write your themes in pure CSS?

Since you had no alternative...

How do you “harness Gulp's power” to automate tasks that are crucial for your Drupal 8 theming process such as:
 

  • compiling SASS and LESS
  • watching/generating CSS files from SASS
  • testing
  • generating static design pattern pages
  • reloading the browser 
  • optimizing assets: images, JavaScript, CSS
     

Well, keep reading and “thou shalt find out”!
 

But What Is Gulp, After All?

I confess I couldn't come up with a better definition for Gulp, than the one on the official site:

"… a toolkit for automating painful or time-consuming tasks in your development workflow, so you can stop messing around and build something."

More often than not referred to as “build tools”, Gulp is a front-end automation tool aimed at streamlining your theme development process.

Basically, it enables you to have all those tasks that are critical (and time-consuming) for your workflow run... automatically!

And thus to give your productivity as a Drupal themer a significant boost!
 

Why Use Gulp over Other Theme Development Streamlining Tools?

Here are 3 of the strongest reasons why:
 

  1. because Gulp configurations are conventionality simpler, shorter
  2. because using Gulp you get to capitalize on a wider community support
  3. because it runs faster, as well
     

How to Install Gulp

A word of caution: since Gulp is a node module, make sure you install Node.js (this, of course, if you haven't installed it already) first things first.

Needless to add that:
 

  1. you should go for the latest version of Node.js
  2. the installation process depends (and may differ) greatly on the Operation System that you're using
     

Install Homebrew, then run the following command:

$ brew install node

Now, for installing Gulp, type the following command:

npm install gulp-cli -g

Where “npm” stands for the “Node Package Manager” used for installing Gulp on your PC. And where the “-g” flag signals that Gulp should be installed globally on your PC.
 

Creating Your Gulp Project: Set Up Your Package.json File

As you well know, Node.js uses “npm”, a package manager “in charge” with downloading and installing all the modules required for a given project.

And all these modules get defined in a “package.json” file. 

So, this is the step you, too, should take now: setting up your package.json file in the very root of your Drupal 8 installation.

For this, just run the following command inside that directory:

npm init

It's inside this newly created package that all the key information about the node packages required for your specific project gets stored!

Therefore, make sure to fill up all the needed information as you put together your package.json.

Note: still, you should also know that all the prompts are ideally intuitive and that even if you leave those fields blank, you can always come back later and change the default values.

Remember to set the entry point to “gulpfile.js” and, once you add the required information for your project, keep in mind to specify your git repository.

An Important Word of Caution!

Your “How to use Gulp to automate my theming tasks in Drupal 8?” question should be accompanied by: “How to prevent triggering a segmentation fault?”

One that you might involuntarily trigger once you run Drush. Since Drush will consider the node package's own .info file files as part of Drupal and since it doesn't recognize their format... trouble happens.

Here's how you avoid segmentation fault:

add a script to the package.json file, whose main role will be to remove all the .info files from the node_modules folder

And now, let's go back to our package.json setting up process!

One last piece of advice that I'd like to add: if you've run the “npm init” command for creating your package.json file, remember to identify the “scripts” section and to replace the following line:

"test": "echo \"Error: no test specified\" && exit 1"

… with this one:

"postinstall": "find node_modules/ -name '*.info' -type f -delete"

And one more thing: set up the following .npmrc file in your theme folder's root:

unsafe-perm = true

Here's how the “intro” of your package.jso file' structure will look like:

"name": "...",
  "version": "...",
  "description": "...",
  "main": "...",
  "author": "...",
  "private": true,
  "devDependencies": {
    "browser-sync": "...",
    "gulp": "...",

Once you have your package nicely set up, go ahead and install Gulp into your project by running this command:

npm install gulp --save-dev 

Note: you might be wondering why you need to install Gulp... again. The answer is simple: first, you installed Gulp globally and now you're installing it into your Drupal project!

In this respect, it's  “--save-dev” which will let your PC know that Gulp needs to be added as a dev dependency in your packgage.json. All Gulp files and dependencies associated with it will get downloaded and a “node_modules” folder will get created.
 

Set Up Your Gulpfile.js

You're not yet done with setting everything up! There's still one important step to take before you discover how to use Gulp to create and to automate your site building tasks: setting up the gulpfile.js!

For this, just:
 

  1. go to your custom theme directory
  2. manually create a gulpfile.js file by either using the cmd/terminal or just by right-clicking to create a new file
     

Note: keep in mind to change the config variable so that it should match your paths! Also, make sure that all your CSS gets stored in the same “CSS” directory in your theme (for example: sites/all/themes/my_theme/css/application.sass) 
 

How to Use Gulp to Create and Automate Key Tasks for Your Workflow

And finally, we've reached our “destination”! 

The very goal of this blog post after all: determining which site building tasks are crucial for my/your own workflow, creating them and then automating them all with Gulp!

Do you fancy automated:
 

  • Sass compiling into CSS?
  • cache clearing
  • “detection” of all the changes you will have applied to your .scss files?
  • page reloading?
     

And your “wishlist” might go on... 

Well, the answer to your “How to use Gulp to automatically run task “x” or “y”?” is simple:
 

Just run the gulp [task_name] “magic formula” in your terminal! 
 

Here are some examples: 
 

  • gulp.task('watch', function () which will watch for all the changes applied to your scss files and automatically recompile 
  • gulp.task('reload', ['clearcache'], function () which will clear cache, then automatically reload the page 
  • gulp.task('browser-sync', function() which will automatically run the BrowserSync server


In order to get the whole process started, simply type “gulp” in your terminal.

The END! Your turn now!

Time to use Gulp to its full potential and to automate all those key (and time-consuming) aspects of your theme development process in Drupal 8! 

Feb 24 2018
Feb 24

Simplify! This is the right way to go if you're “obsessing” over your productivity as an app developer. Declutter your toolbox and keep only the truly essential Android app development tools in there!  

But which are they?

What are the tools for developing Android applications that shouldn't miss from any developer's personal “arsenal”? 

The most effective ones when it comes to helping you:
 

  1. become (even) more efficient by improving your workflow and thus speeding up your development process
  2. develop higher-quality apps

And this is where this blog post here comes to “the rescue”! It's a selection of THE fundamental Android app development tools that you should keep at hand (take it as your productivity-boosting toolkit).

Ranging from:

  • IDEs
  • to emulators
  • to design tools
  • to game engines

… and geared at streamlining your debugging, your performance-checking, they make the best Android developer tools to rely on in 2018:

Stay vigilant and alert for detecting any memory leaks in your Android apps right on the spot! But mind this doesn't take too much of your valuable time!

Instead, rely on this powerful tool in your developer's toolbox for identifying them. It will take this time-consuming “burden” off your back and alert you any time it tracks down a memory issue threatening your app. 

Moreover, LeakCanary provides you with a full stack trace so you can have those memory leaks fixed right away, too.

You'll have a crush on this tool if:

  1. you're a beginner, struggling to get started with that innovative Android app idea of yours (and, hopefully, to turn it into the next big thing in terms of Android app development)
  2. you're planning to learn Java and Android SDK: it will practically enable you to follow your favourite tutorials with highlighted code and then to get them tested... in real-time, on the very same device!

In short: the irresistible advantage of AIDE and the very reason why it's got included in this selection of essential Android app development tools is that it runs on Android!

Just imagine it:

You get to develop your Android app on your device, nice and easy, then you get to test it... on that very same device! This is the true “superpower” that this development tool provides you with! 

Note: don't expect it to be free, for it isn't, nor to “spoil” you with a full load of features. 

The power that you'll unlock by including this tool in your smartphone application development process? It mirrors your real device on your PC.

And this does turn into a true power if you're one of those developers who hate building their apps on emulators, yet they crave the advantage of using one.

There's more! Vysor will even mirror your live app demos on projectors and big TV screens.

So, if you think that this functionality matches your own work style, that it streamlines your workflow and helps you create a better app with greater ease, go for it!

Debugging native Android apps will never be the same again!

That if you use this open-source platform wearing Facebook's signature here when you go “bugs hunting”. 

And not only that it makes your debugging work so much easier, but it's also geared at landing you a much needed helping hand with your:

  • inspecting the SQLite database
  • checking the View hierarchy
  • monitoring network operations

A debugging tool that shouldn't miss from your toolkit!

5. B4A, One of “Speed-Injecting” Android App Development Tools 

For “rapid development” is what you'll achieve by leveraging this tool's features.

And these are:

  • the ability to develop Android apps using the much simpler BASIC programming language 
  • a visual editor for manipulating your views to your liking
  • wireless debugging

In short, B4A (Basic for Android) makes such a convenient IDE and interpreter enabling you to create your app in a simpler procedural programming language.

Plus, it comes packed with other advanced features to speed up your development process (as above-mentioned).
 

The “Holy Grail” of all Android app development tools!

Officially it's the IDE for Android. 

But in reality, it's your own “Swiss knife” to use as an Android developer! Since it plays multiple roles crucial for your mobile app development workflow:

  1. it's a compiler that you get to leverage to create a file system for arranging your app project, to create multiple APK files
  2. it's an editor for the programming language that you'll decide to use in your app's development process (whether it's Java, Kotlin, C++...)
  3. it's an XML editor (providing you with a “design view”, as well, that will guide you in displaying your app's elements on the screen; crucial for keeping up with Google's Material design guidelines)
  4. it also includes the Android SDK itself (yet, the Java SDK needs to be downloaded separately)

In terms of pros and cons, do expect a steep learning curve for developing with Android SDK and Java. But once you've got through it, do expect to gain access to unlimited support, to a whole bundle of advanced features and to unmatched integration functionality.

From this standpoint, Android Studio is the “can't live without” tool-set for any developer! 

Does this scenario sound familiar to you?

You hit a dead end down your app development roadmap and you need to go over to Github or StackOverflow and have a quick look at some code examples!

Well, Codota enables you to do precisely that, but without having to leave your IDE.

Talking about speeding up your development process, right?
 

Far gone are the days when GenyMotion used to be “just” the developers' top choice whenever they wanted to create their apps using an Android emulator.

It has now grown into a complete platform whose powers you get to harness for:

  1. developing your app
  2. testing it
  3. deploying it

Do consider it as a “candidate” to be included in your own toolbox of Android app development tools essential in your work this year.

9. Visual Studio with Xamarin

These days you get Xamarin right out of the box with Visual Studio, Microsoft's IDE.

One supporting a whole wide set of languages: JavaScript, C#, VB.net, and others, too, via extensions.

And what's the “deal” with Xamarin? What makes it “essential” for your toolbox? 

  1. it enables you to develop cross-platform apps using C# (have you been “toying” with the thought of developing an app both for Android and iOS using the very same code?)
  2. … to test them on different devices that are connected to the cloud

A word of caution: accessing and working with Java libraries isn't really “a child's play”, do be prepared for that; also, you need to accept that you'll be losing some of Google's cool integrated features and support.

It makes any smartphone app developer's trump card making his work on Git as efficient as it can get!

Basically, this tool's aimed at making Git cleanly organized so you can visualize all your work there — commits, changes, branches — in the form of an easy-to-navigate-through structure. And all this without the need to use the command-line!

One that can only boost your productivity, as it helps you sweep through Git with great ease!

11. Fabric, One Those Powerful Android App Development Tools You Should Be Using

And its power lies in all the capabilities that it's been invested with. It provides you with a whole set of features designed to help you:

  1. develop
  2. deploy
  3. extend

… your Android apps' functionality fast and easily.
 

Once developers' very first choice when they started selecting the Android app development tools to build their toolboxes with.

This until it got “dethroned” by Android Studio!

And yet, Eclipse should still be part of your toolkit. It's an IDE that supports a wide range of programming languages after all (Java with the Android SDK here included).
 
Note: still, do not expect it to get you “spoiled” with out-of-the-box support, like Android Studio does, so be ready for some setting up work!

A tool that takes “bug hunting” to a new level!

Practically it empowers users to share video, audio recordings, screenshots, detailed logs whenever they detect anything suspicious in your app.

And these user-generated “signals” become priceless in your constant attempt to keep your app bugs-free!

If it's a cross-platform, feature-packed game app that you're planning to build, this game engine might turn out to be your best “ally”!

Here's why:

  1. it provides easy support for Android
  2. it's open source
  3. when it comes to graphics, it does have an advantage over its “rival”, Unity
     

Team up with Takt in your major lags and bugs detecting “adventure”! 

This library will help you check your app's FPS thoroughly and spot down bugs right in its development phase. 

For you don't want them to linger on in there once your app's being used in its production phase, now do you?

The END!

I know what you might think right now:

Each developer's toolbox depends solely on his/her preferences, goals and personal work style.

It's perfectly true and I've anticipated this “objection” myself. Therefore, I've grouped here only those truly essential Android app development tools that one should “carry” in his/her toolbox.

... irrespective of his work style and goals set for his/her app.

Feb 23 2018
Feb 23

When to use REST? What are some practical use cases of REST web services? How does it work? What's the “catch”, why has this new architecture for web services had such an impact on the industry? How is it any different/better than SOAP? Why use RESTful web services after all?

“Tormented” by all these questions related to the REST approach/alternative to building web services?

Relax now, you'll have your answers in a minute (or a few seconds)!

For here are the REST-related “enigmas” that I commit myself to solving in today's post:
 

  • What is REST and how does it work?
  • Which are the specific use cases for building web services using the REST architecture?
  • What's driving it? Why is this technology increasingly popular?
  • What sets REST apart from the traditional SOAP approach to web services?
  • When NOT to use RESTful web services?
     

And now... the answers that I promised you:
 

What Is REST and How Does It Work?

Here are some valid answers to all your “What?” questions: “What is REST?”, “What are web services”, “What are RESTful web services?
 

  • REST is the native API of web browsers
  • REST is how one creates web services
  • web services are... the future of everything: creating and publishing APIs that would do CRUD (create, read, update and delete)
  • … thus making machine-to-machine communication possible, making apps' functionality accessible to multiple users and external systems
  • RESTful web services are those resources on the web that can be tapped into for retrieving certain information
     

“And how does it work?”

First of all, we should get one thing straight: REST is not an official standard! It's more of an architectural style, the one organizing a network of systems, where the “systems” are basically servers and clients.

Here's how it works:

Clients make a request to the web servers; the latter process it and, in response, return the appropriate web pages. And in this request-and-response equation, RESTful web services are the very resources on the web that servers tap into for retrieving the requested data.

Does this definition shed any light on your RESTful web services-related questions? 
 

Why Use RESTful Web Services?

Here's the actual context where the RESTful web services technology emerged and “grew like a beanstalk”, with a huge impact on the industry:

The web “exploded” and, starting with web 2.0, the interaction between websites and client apps, between multiple sites, multiple devices, sites and databases, became increasingly intense. And more and more “demanding”, calling for a new technology that could handle and streamline this communication taking place on the web.

And here's where web services and REST, a new way of building them, emerged!

The REST architecture is designed to build:
 

  • maintainable
  • lightweight
  • scalable 
     

… web services, which make retrieving the data requested and “exposing” all that information far less cumbersome.

As compared to the conventional SOAP/XMLRPC web page-scrapping method.

Data's being passed on the web, from one website/app/device/database to another, faster than ever these days. Just think about all those websites incorporating Twitter and Facebook content!

Or of websites “capturing” data coming from multiple sources: financial information, sales data, online communities...

RESTful web services is the technology that streamlines all these intense data “harvesting” processes!

This is the answer to your “Why use RESTful web services?” question.
 

When Should You Use RESTful Web Services? 5 Practical Use Cases

There are specific use cases when you should go “the RESTful way”.

Adopt this approach to building web services if:
 

1. In your distributed app it's crucial to keep the coupling between client and server components to a minimum:
 

  • you'll need to be able to update your server frequently, without having to update the client software, as well
  • your server's going to be used by multiple clients, yet you don't want them to have control over it
     

Just make sure you follow all the REST constraints for achieving this kind of basic level of coupling. Maintaining a purely stateless connection will be challenging, but not impossible if you “follow the rules”.
 

2. It's a custom, on-demand digital product that you're developing

Such as an Ubercart or Drupal online store that you're putting together on a remote cloud server:
 

  • you set it up
  • create a suitable architecture that would scale the environment if/when this your custom product goes viral
     

3. You want your game's high scores and user community forums to be displayed both in-game and on the web

Let's say that you're a mobile/console game developer facing the above-mentioned “challenge”. 

In your practical use case you can:
 

  1. have your Drupal site publish an API, using Services (thus doing “CRUD” with the data that needs to be “harvested”)
  2. leverage a RESTful type of communication with the Drupal site in order to retrieve that data and have it displayed in-game, on mobile/console, too
     

4. You want to create a user alert system on your e-commerce website

One that would alert your customers, via your e-commerce mobile app, whenever a product that they visualized becomes available (or its price drops).

Also, you want those alerts to pop up in an iPhone app and on Facebook, too.

And the solution is:

Your Drupal site (for yes, it's a Drupal site that you own in this scenario) will use Services & a custom module to have the example.com/alerts/uid API published. And it's this specific API that the iPhone app and Facebook will use for manipulating that particular content to be shown in the user “alerting” message.
 

5. You want to provide (paid) access to commercially-controlled data

Such as movies, music, stock or trading data.

Imagine that you own an event venue and you publish a ticketing API. People (such as ticket brokers) will be charged for gaining access to it.

In short: RESTful web services for can be used for all kinds of commercial activities, as well.

Just use them to create and to publish the API that will do CRUD with precisely that commercially-controlled data that people are willing to pay for gaining access to!
 

What Sets REST Apart from the Traditional SOAP Approach to Web Services?

Of simply put: 

Why use RESTful web services instead of the traditional SOAP-based web services?

Here's a list of strong arguments:
 

  1. with REST, all that intense data interaction is more lightweight; it doesn't weight so heavy on your web server like a SOAP page-scrapping method would
  2. with REST, only the specifically requested information gets retrieved, instead of having whole web pages scrapped off the “target” content (like with the SOAP approach)
  3. the architecture is way simpler than the SOAP one and it leverages the standards (and protocols) of modern web
     

And what does this last argument even mean?

It means that heavy SOA (Service Oriented Architecture) is shifting to lightweight WOA (Web Oriented Architecture), since these days apps need to tap into a web that's “packed” with REST resources.

And so, instead of leveraging a few point SOA services, data gets collected and displayed via millions of granular REST resources. Developing arbitrary apps, that interact over the network, has become conveniently easier.

Complex things (systems) get simplified!
 

When not to Use REST Web Services?

There are — as I've just pointed out — use cases when the REST approach is the perfectly suitable one: business-to-consumer apps.

But there also are specific cases when RESTful web services don't work so well: B2B apps!

Take this practical example here:

A bookstore might find it a bit more challenging to make a volume purchase from an online vendor as compared to a regular customer. 

It would need to “juggle with” several apps to track shipment, sales, determine re-orders etc. And where do you add that one app might need to be re-entered into other apps, turning the entire process into an overly complex, hard-to-manage one.
 

The END! 

Have I managed to answer your “Why Use RESTful web services?” question or not quite? Or just partially? 

Do be honest and, if it's the case, share your other REST inquiries and dilemmas with me! Or point out those use case examples or explanations presented here that you'd like me to shed some more light on.

Feb 22 2018
Feb 22

So you've made up your mind: it's Magento “fuel” that will be powering your e-commerce website. And now you're facing challenge no. 2: Magento Enterprise vs Magento Community! 

Which one of the 2 Magento platform's editions is right for you? What are the key differences after all?

Which one's best suited to your current feature needs? And how about your daring goals and growth plans? Which one's scalable enough to accommodate your expansion plans?

The quickest/easiest/surest method to “find your match”: confronting your current requirements with each one of the 2 Magento editions' sets of features and functionalities.

Note: the method is the same if you're having a Magento vs Drupal Commerce "dilemma" instead, for instance.

Then draw the line and just do the math!

So, without further ado, let's dig up the:
 

  • Magento Enterprise features 
  • Magento Community features 
  • And draw the profile of the “ideal” online store for each one of the 2 Magento editions
     

1. Is Magento Free? Price Tag vs Value

With or without a price tag on.

This is the most rudimentary “Magento Enterprise vs Magento Community” comparison that one could make.The first one does come at a price, while the open source version is free to download off the internet and, implicitly, free to use.

And now the question that arises is: does the price tag come with added value, as well?

Without question!

The Magento Commerce edition —  merging, since June 2017, the Enterprise and the Magento Cloud Edition —  comes not with 1, but with 2 price tags on. Along with a heavy load of enterprise-level features and high-end functionalities.

And it's your own needs and goals that will tell you whether... it's worth it. Whether a free variant, with basic online selling capabilities or a bulky feature set, with a heftier price tag on, suits you best.
 

2. Top Magento Open Source Features 

The open-source community edition is Magento's downloadable version. And, as you can expect, it provides much of the same functionality, same basic performance and shares the core features with its enterprise counterpart.

And here are some of these core features that you can power your e-commerce business plans with and get your functional online store up and running in no time:
 

  • modern tech stack
  • regular updates
  • automated code merge
  • payment integrations
  • scalability
  • automated testing
  • flexibility (install the extensions of your choice to ramp up your site's functionality)
  • responsive layout
  • fast product import
  • integrated video & marketing tools integration
  • customizable & mobile-compatible admin dashboard
  • guest checkout
  • registered customers
     

A word of caution:

Determine your site's specific goals and needs right from its planning phases.This because implementing specific functionalities from your “wishlist” might require you to install additional plugins and to craft some custom code.  
 

3. Does Your e-Commerce Business Fit the CE Client Profile?

It does if your answer is “Yes” to most of the following questions:
 

  • Is it a small-scale e-commerce project that you're starting?
  • Are you planning to keep extension/plugins implementation to a minimum; can you already predict that there will be no need for custom modules in the future?
  • … no need for 3rd party design and web development teams to handle your not so complex site project?
  • Are you looking for an e-commerce platform that should provide you with the basic features needed for getting your store up and running?
  • On a shoestring budget?
  • No plans to grow from a small e-commerce site into an enterprise online store? Or to enter new markets?
  • Is it a versatile platform that you're looking for? One leveraging open source for delivering you a significant load of basic plugins and templates to custom-tune your store with?
  • … and to deliver rich experiences to your customers with?
     

In short: Magento's open source community edition (CE) is built, from the ground up, with the basic needs of small e-commerce business owners in mind.

It's a turnkey solution for small sites.

Note: having just a few products doesn't necessarily mean that your site's needs are basic. Therefore, this is no indicator that you should opt for Magento Open Source.
 

4. Magento Enterprise vs Magento Community: Do You Have Any Expansion Plans?

Just think these growth plans through and the sooner the better:
 

  • Would you like to enter new markets at some point in the future?
  • Would you like to ramp up and customize your site's current functionality at some point?
  • How much do you want it to grow? Is scalability a critical feature for you?
     

Do set up your e-commerce goals at this phase of the project!

For once you've got your site running on Magento Community (or Open Source), switching to Magento commerce will be more challenging than you expect:
 

  • the two editions' code bases are different
  • you'll need to give your website a full redesign
  • the Magento Open Source templates that you will have installed won't work in Magento Commerce
     

So, take some time to think about the future, your e-Commerce site's future...

Since “upgrading” it, later on, to Magento Enterprise, comes with inconveniences and compromises that you'll have to make (e.g. losing some of your team's hard work).
 

5. Top Magento Enterprise Features 

Magento Commerce — the 2-in-1 Enterprise & Cloud edition of the platform — provides you with enterprise-level features right out of the box. 

Along with the price tag comes the added value transposed into a set of online selling capabilities that you don't get with its open source counterpart. So, do consider this when you're having a Magento Enterprise vs Magento Community dilemma.

Capabilities geared at meeting your enterprise online store's complex demands from an e-Commerce platform.

And here are the enterprise edition's top features:
 

  • PCI compliance
  • MAP pricing
  • cloud hosting
  • 24/7 technical Magento support, including a dedicated account manager 
  • RMAs
  • visual merchandiser: drag & drop UI and sorting rules for easily organizing your product category pages by variables of your choice (best/newest products, by color etc.)
  • segmentation & targeted promotion features: personalize your customers' shopping experiences
  • full-page caching
  • improved UX: features such as wish lists and gift registry
  • advanced marketing features: it provides you with reward points that you can use for setting up your own customer loyalty programs
  • better performance: expect better page loading times as compared to Magento Open Souce
  • geo-targeting
  • B2B features: create custom catalogs and multiple payment options, set up multiple buyers, create several company accounts etc.
  • content staging
  • enhanced security out-of-the-box: PA-DSS payment bridge, credit card tokenization...
  • separate databases for Product data, Checkout, Order Management: a major performance boost
  • improved tax calculation functionality
     

In short: Magento Commerce offers you more out-of-the-box functionality as compared to Magento Community, where you'd need to engage in custom coding and extension implementation to have these features “injected” into your site)
 

6. Go With Magento Commerce If...

… you plan to launch a large, enterprise-sized online store or a small-scale one, but you're “nurturing” major expansion plans!

In this case, the Magento Enterprise vs Magento Community “dilemma” is an easy one: Magento Commerce (now including the enterprise version, as well) is perfect for you! 

For your big, “needy” website site, that you expect to:
 

  • accept non-standard forms of payments, too (e.g. check or cash in hand)
  • enrich your customers' shopping experiences with functionalities such as gift registries, wishlists, buy gift cards
  • provide you with advanced inventory management and detailed reporting functionalities, with no need to install any extensions (or to write custom code) for this
     

… definitely needs a more robust, premium-grade features-packed platform.

And Magento Commerce is the one. 
 
The END!

So, how about now? Do you find it any easier to decide for one of the 2 Magento editions? Do any of the eCommerce business needs and expectations that I've outlined here match your own?

If so, which of the 2 feature sets  —  Magento Enterprise's and Magento Community's — suits them best?      

Feb 17 2018
Feb 17

The future belongs to those that not only store their heavy load of documents in a conventionally digitized form, but also “maneuver” it with utmost efficiency: have instant access to it, track it, retrieve it, organize it. How? By leveraging the perfectly suited open source document management system!

Speaking of which, I'm sure you've already got your “feature wishlist” ready:
 

  • it should be easy to learn and to use 
  • it should provide you with version control
  • … with cloud access functionality
  • … with document workflow
  • … with document tagging
  • it should come be equipped with an intuitive, user-friendly interface
  • it should be free
     

But since it's open source document management software that I'll introduce you to in this post here, feel free to take this last “wish” off your list!

OK, so this is how the ideal, the one size-fits-all-contexts DMS looks like. But which one's the best for your own business?

The one that best meets your specific business needs'? Your organization's unique requirements?

For narrowing down your choices you should submit yourself to this quick questionnaire:
 

  1. What type of documents will you be storing though your future DMS?
  2. Where will you/your team need to access them? In a single office, across an entire infrastructure of offices scattered around the globe, on mobile devices?
  3. Is it a plug & play, a full-featured custom solution that you need or just the software to meet your needs? Which (your needs) are the “standard” ones, fitting into a particular market.
  4. What is your budget?
     

And while you're still pondering on some of your answers, let me narrow down your choices even more. To a list of 6 document management systems worth your attention:
 

1. Alfresco, On Top of The List of Any Organization Looking for The Right DMS

Geared, from the ground up, to meet the particular requirements of those enterprises having critical documents to store and manage.

What Open Source Document Management System to Choose- Alfresco

Therefore, the best answer to your “What Is Alfresco?” question would have to be:

"A robust enterprise open source document management system, fueled on open source, powerful enough to automate document-intensive processes within an organization"

And here are some of its most “tempting” features:
 

  • its complex user role system ensures effective collaboration across large teams/departments
  • robust content repository
  • freedom of customization: feel free to tailor custom workflows and content models to perfectly suit your specific needs
  • its collaboration web interface is geared at boosting team productivity
  • public source code: it leverages core open standards
  • access to a full set of add-ons and community-maintained extensions that you get to extend your DMS's functionality with
  • it seamlessly accommodates any productivity app \that you may want to integrate later on: Google Docs, Microsoft Office etc.
  • Alfresco mobile apps (for Android andiOS)
     

Should I also point out that NASA and the European Union, themselves, capitalize on Alfresco's:
 

  1. open standards
  2. unparalleled robustness in handling massive amounts of content
  3. convenient extensibility
  4. unmatched freedom of customization that it “spoils” its users with?
     

2. LogicalDOC Takes Open Source to a New Level

An open source document management system that comes in two flavors:
 

  1. Professional
  2. Community 
     

What Open Source Document Management System to Choose- LogicalDoc

A highly versatile one, that can be used in any web browser, perfectly “equipped” to:
 

  1. handle a significant load of documents
  2. boost the team's productivity while enhancing team collaboration, as well
     

Some of LogicalDoc's top features are:
 

  • quick & easy installation and intuitive use 
  • multilingual full-text indexing
  • task manager & events log
  • version control & document searching
  • local file system
  • reporting & statistics
  • task manager & events log
  • Web Services (SOAP & RESTful)
  • import from ZIP archives
     

And the list is literally an endless one! Do consider this feature-loaded, free open source document management software when looking for the right DMS to meet your requirements.
 

3. Seed DMS, A Powerful Open Source Document Management System

If for you “the best document management system” means “the most powerful one”, then you might want to take the Seed DMS for a test drive.

What Open Source Document Management System to Choose- Seed DMS

It's mature enough, so it's already built a strong reputation around it, and it's enterprise-ready. Built to store and to share huge loads of documents.

And now, here are its other strong points worth your full attention:
 

  • real-time collaboration
  • version control 
  • users & groups management
  • HTML documents editing
  • built-in metadata support (author, description, keywords)
  • document review & approval workflow
  • full-text search
  • functionality for creating online presentations 
  • multi-level content directory, which supports +32000 documents 
     

Should I go on? For, the deeper I delve into the pile of Seed DMS features, the more I find. Or even better: how about you give this open source document management system a chance and see whether these features do meet your organization's particular needs.
 

4. Feng Office: More Than “Just” a DMS 

Why “more”? Because you get so much more than just the “standard” document management and team productivity-enhancing features. 

What Open Source Document Management System to Choose- Feng Office

And these additional, beyond the “conventional” functionalities are:
 

  • Task management
  • Time tracking
  • Workspace management
  • Knowledge management
     

Its set of features also include:
 

  • automatic alerts & reminders
  • notes
  • calendar
  • timesheet
  • wiki & forum support
  • reports & tags
  • workflow processes
  • task templates
     

5. OpenKM, A Conveniently Extensible DMS

And extensibility, coming from its OpenKM plug-in architecture, is not its only “superpower”.

What Open Source Document Management System to Choose- OpenKM

Versatility comes right after, since it practically supports:
 

  • all web browsers
  • all major DBMS databases
  • all common file types (OpenOffice, PDF, Office, XML, HTML, JPEG etc.)
     

Moreover, it empowers teams to set their own rules (logic) for automating the documentation process. For example, imagine that you'll need to set up a rule specifically for moving a particular document to a new destination.

You can do that with OpenKM!

And now, the (almost) full list of features that this open source document management system has been supercharged with:
 

  • workflow
  • OpenMeetings integration
  • document encryption/decryption functionality
  • automatic key extraction
  • antivirus integration
  • web services API
  • OCR integration
  • HTML editor
  • a functionality to create new documents leveraging pre-built templates and forms
  • Dropbox integration
  • mobile interface & Google apps synchronization
  • metadata navigator (along with categories, thesaurus, keyword...)
     

6. Kimios, The Best Alternative to the Heavy Document Management Software

If it's an alternative to the robust, heavy “document managing machines” that you're looking for, lightweight Kimios makes the perfect fit for your needs.

What Open Source Document Management System to Choose- Kimios

And it's not just its lightness that convinced us to add it to this list of document management systems, but its entirely service-oriented architecture, too (among others).

This means that it follows the client-server model: Web client, Kimios for Office, Kimios Explorer and all the other supported third-parties are connected to the main Kimios server.

To its central server, “in change” with exposing the web service layer covering Kimio's features.

Speaking of which (this DMS's features):
 

  • repository customization using metadata
  • customizable search engine
  • document-centered functionalities: create, delete, update
  • check-in-/out feature
  • version control 
  • user rights management
  • bookmarks documents (along with creating bookmarks and advanced requests functionalities)
     

And it goes on and on... and on.

Note: Kimios does integrate with Microsoft and Windows Desktop environment, but only under commercial license!

The END! These are the top 6 open source document management systems that you should consider selecting the right one for you from. And this no matter how your own list of feature needs& specific requirements might look like. 

Feb 15 2018
Feb 15

Last' year's “Should I learn Nodejs?” dilemma has turned into an “I'll strive to become a better Nodejs developer!” resolution this year. Nodejs is already developers' “adored” framework and building "the next big thing" in terms of Nodejs-backed apps is the new challenge in 2018! And this definitely calls for a shiny and new set of coding habits to integrate into your Nodejs app development workflow.

New code practices to stick to when writing Nodejs apps, new coding standards that you should follow and techniques to master for using this framework to its full potential. To your future apps' advantage, of course.

Speaking of which, here's a list of 12 Nodejs development pieces of advice for you to consider if one of your resolutions for 2018 has been: “To become a Nodejs padawan!”
 

1. Start to Learn The Basics of Import and Import()

Think ahead of ES modules' current situation. Which is the following:

  • ES modules have been supported since Node.8.5
  • it's true, though, that they're still wearing their “experimental-modules” flag
  • yet they're already being used, intensively, with the @std/esm library (and transpilers)

Do consider learning the basics and be ready to level up from there. Since it's pretty obvious that 2018 has lots in store for the ES modules.

2. Integrate Asynchronous Programming Into Your Nodejs App Development Workflow

There are 2 ways of carrying out your input/output operations and setting up your Nodejs development environment:

  1. synchronously, having your resources blocked for some time 
  2. asynchronously (Node.js' innovative application of asynchronous programming): where tasks can be carried out simultaneously since the resources don't get blocked 

Now just consider a scenario of multiple operations to be performed, where resources keep getting blocked... This would have a dramatic impact on your Nodejs app's performance!

In other words: embrace the asynchronous code!

Use async-await! Turn it into your own “trump card” for handling async events and embrace the simplified version of the once so overwhelming code bases.

3. Modularize Your Code: One of The Very Best Coding Habits to Develop 

Keep it small! Get into the habit of writing “bite-sized” chunks of code replacing the tediously long blocks of code that you might be used to right now.

Here's why:

  1. it will be fairly easier for you to embrace the asynchronous coding philosophy this way
  2. small-sized pieces of code will be easier to handle, adjust and closely monitor both for you and for anyone in your development team 
  3. handling a cluster of bite-sized chunks of code gets particularly convenient when it's a complex Nodejs app development project that you're dealing with

4. Master Containerization & Adopt the Microservice Architecture

Since the Nodejs application architecture is a microservices-based one. 

Therefore, one of the best code practices to incorporate into your workflow is using containers. Containerize your Nodejs apps and streamline your services deployment by tapping into these 2 techs this year:
 

Docker:
 

  • the software technology to generate your containers 
  • … which are nothing less than all-in-one pieces of software encapsulating all the resources that they need to run: system tools, code, runtime, system libraries 
  • containers that will increase your deployments' security level
  • and that you even get to use for simulating production environments locally 
     

Kubernetes
 

  • an open-source system that you get to use for automating everything Docker containers-related: scaling, deployment, containerized apps management...
     

Friendly advice: before you jump straight to containerizing your services, take some time to upgrade your existing code; for this, apply the principles included in the 12-factor app methodology.
 

5. Nodejs Application Performance Monitoring: Make It an Ongoing Process

Especially if it's a complex microservice ecosystem that you need to keep a close eye on!

Monitor your system, using the ever-improving toolbox at your disposal, detect and fix errors before they even get to catch your app users' attention. 

Close and on-going monitoring sure is one of the very best Nodejs app development habits that you could develop this year!
 

6. Mind The Bugs in the Code, That You Might Leave Behind

Be alert and avoid those scenarios where you leave trouble-making bugs behind, as you “knit” your web of code. 

And being alert means:
 

  • tracking your error events
  • detecting errors in their early infancy
     

Note: luckily for you, incorporating this practice into your Nodejs app development process is somewhat easier when using this framework. 
 

7. Get Acquainted With HTTP/2

Again: always be one step ahead of the game! And since we can't but anticipate that HTTP/2 will be going from experimental to stable this year in Nodejs, make sure it won't “take you by surprise”.

HTTP/2 has multiplexing and server push, with a signification impact on the native module loading in browsers.

So, there's no doubt about it: it's going to lose the “experimental” flag, that it has been wearing since Nodejs 8.8, and become the new standard with Nodejs this year.
 

8. Use Semantic Versioning: Another Nodejs App Development Habit to Form 

And this practice is what sets apart a Nodejs padawan from a Node.js... enthusiast.

If you've decided to learn Nodejs this year, make sure you delve deep(er) into its set of best practices (don't just scratch the surface): use semantic versioning for letting the users know that you've updated the app.

To inform them about the actions that they should perform in order to update the app to its latest version.

In short: by updating your packages without SemVer you risk breaking up your precious app!
 

9. Turn Securing Your Nodejs Application Into Your Top Priority

Make sure your Nodejs app is 100% secure above all! Apps' security has been both the vulnerable aspect and the ultimate objective for app developers in 2017.

And 2018 is no different from this standpoint!

Run tests over tests to “challenge” your Nodejs app's security by tapping into all the apps that this framework puts at your disposal:

  • Snyk
  • Data Validation
  • Node Security Platform
  • Brute Force Protection
  • Session Management

If there's a vulnerability there, somewhere, within your app, make sure you track it down before... it gets exploited!
 

10. Adhere to The JavaScript Standard Style for Writing Your Code

Following a set of coding standards will just guarantee you that no big issues will show up later on. In this respect, the JavaScript standard style makes the best choice for your Nodejs app development workflow.

Here's why:

  • you get to “hunt down” style issues and coding errors early in the development process
  • it sets the single space after keywords “rule”
  • it will automate your code's formatting by running standard-fix 
  • it sets the “function name followed by space” standard
  • and the “single quotes for strings” one

11. Put All Your “Require” Statements at the Top 

“Pin” this app development advice right on top of your list of best practices!

It will make all the difference! By grouping all your “require” statements right at the top you'll practically:

steer clear of performance issues, since “Require” is synchronous and it will simply block the executions (thus avoiding ugly scenarios)

Major tip: use Node's built-in module loading system; it comes with a "require" function which will automatically load the modules existing in separate files.

END of the list! These are the top code practices & new “healthy” habits to get into this year for making the most of this framework.

And thus turn your Nodejs app development projects into the next famous apps built with Nodejs!

Feb 14 2018
Feb 14

I am a woman of my word and so, as promised to you in yesterday's post, I'm back now with a handful of Drupal SEO best practices to follow this year.

Best practices, valuable tips & tricks and key Drupal SEO modules waiting for you to unlock their optimization power and “inject” it into your website...

All which, once put together, will give you a significant boost in (Google) ranking. So, shall we?
 

5. Build Your Keyword List, One of the Drupal SEO Best Practices to Stick to

So, you've given your links a “deep clean” (as seen in Part 1), turned on your Google Analytics “tracking” power and your Drupal SEO Checklist's engines, too. What next? 

Putting together your targeted keyword list!

And this is one of those Drupal SEO best practices that can either “turbocharge” or turn your entire site optimization strategy into worthless effort. That if you underestimate its “superpower”.

And here are the tools to rely on when you go “keyword hunting”:
 

Google Keyword Planner
 

  • it shows the no. of searches for each potential keyword that you could rank for
  • so you'll know whether it's worth adding it to your list or not, depending on the traffic that it can generate
     

Google Trends:
 

  • it gives you an insight into how a specific keyword has “performed” over the years 
     

Moz:
 

  • a whole SEO toolkit put at your disposal, including tools for keyword research, link building, site auditing, reporting, you name it...
     

WordTracker
 

  • it puts a whole “ecosystem” of keyword-identifying tools at your disposal
     

6. From Lifeless Keywords to "Living", Keyword-Optimized Content

Now it's time to sprinkle your keywords across your website. And not just anyhow, but... strategically!

Your “battle plan” should include the following content optimization steps:
 

  1. create (if there isn't one already) one page for each target keyword 
  2. consider removing certain keywords from your list before designing new keyword-optimized pages; some keywords may just not be suitable for your particular business
  3. write custom page descriptions, page-focused titles, add page-relevant keywords
  4. … and make sure to optimize the content on each one of these targeted pages, pulling off a proper keyword density 
     

7. Add 2 More Essential Modules to your Drupal SEO Toolbox

2 Drupal 8 SEO modules, to be more specific: the RDF UI module and the Linkit module (available in Drupal 7, as well).
 

RDF (Resource Description Framework) UI:
 

  • it's built, from the ground up, with the idea of empowering you to (seamlessly) integrate Schema.org with your Drupal site (whether during or after the development process)
  • … another one of those Drupal SEO best practices with a clear impact on your Google ranking
  • with this on-page markup “on”, it will be fairly easier for search engines to “understand” what each page on your site is about
  • … and thus deliver richer search results
     

Linkit:
 

  • it “spoils” you (or I'd better say your content team), with a convenient UI for easily setting up links right in the WYSIWYG, using the autocomplete field
  • it sees that they're properly formatted, that they use the right path and that they're up to date, as well
     

8. "Fast" Is Just Another Word for "Optimized"

As fast as your budget allows! Fast-loading pages will:
 

  1. have a huge impact on the overall user experience
  2. “please” the search engines and signal them that your site's optimized for speed and thus for enhancing UX
  3. and implicitly give you the boost in rankings (the reason why you've put together this whole Drupal SEO strategy in the first place, right?)
     

From the dozens of techniques, tools & modules at your disposal, that you can leverage for optimizing your website for high speed, I outline just one: the Google AMP module.

Integrating it with your Drupal site you'll be killing two birds with one stone:
 

  1. you'll give your site a massive performance boost
  2. you'll make it mobile-responsive 
     

A Note of Caution as a Conclusion

Focusing on your links and forgetting all about the right keyword density across your site's content. Or injecting high speed into your website and forgetting to setup Google Analytics for your website. 

Or undermining the meta tags' critical role and focusing exclusively on building your target keyword list, won't give you that boost in ranking that you're aiming at.

Make them ALL work together!

Take these 8 Drupal SEO best practices as a clock mechanism: in vain do 7 parts get all your attention. If you neglect just the 8th component, the whole mechanism/SEO strategy won't work /won't give your site that boost in ranking that you're expecting.

Feb 13 2018
Feb 13

Aiming high? Do you have big plans for your Drupal site? Maybe even propel it right to the front page of Google? Well, you're already one big step closer to your goal: you've chosen Drupal, a content management system geared at granting you unparalleled functionality and flexibility to optimize its every node, snippet of code and view. But which are the essential Drupal SEO best practices to adopt in order to harness this SEO machine's full potential?

Which are the right Drupal modules for SEO, the updated tips & tricks: the SEO essentials of 2018 for optimizing your Drupal website?

For Drupal (and even so more Drupal 8) might be "spoiling" you, the marketer, with an ecosystem of SEO-focused tools and modules to “fuel” your optimization strategy with. Yet, you can't actually rock Drupal SEO if you don't know exactly:

  1. which of them are the truly "can't live without" ones
  2. how to put them all together and (most of all) make them all work together... to your site's advantage

In short: what precisely do you need to set up and tweak on your Drupal site to give it a mega boost in rankings?

And this is why we've put together this step-by-step guide on how to use Drupal's out-of-the-box potential for SEO to the fullest. 

Here's your list of 8 tips, tricks, Drupal SEO best practices for 2018:

1. Start By Giving Your URLs a "Deep Clean"

Enabling clean URLs on your website should be on top of your Drupal SEO best practices list!

Why?

  1. first of all, because all Drupal URLs get unique IDs instead of meaningful names
  2. secondly, because readable, clean URLs wearing the pages' titles, enhance both the search engines' crawling and the overall user experience

And although in Drupal 8 you get clean URLs by default, there still are 2 particular scenarios that call for special Drupal SEO modules:

  1. when you move a piece of content to another section of your site and change its URL (Drupal won't automatically remove the old path and you run the risk to end up with duplicate content on your website)
  2. when you're facing the cumbersome SEO chore of manually naming each and every URL on your website

Introducing the Redirect and Pathauto Drupal modules!

Redirect:

  • it creates 301 redirects which... redirect (obviously!) from the old URLs to the new ones
  • it guarantees you that the links on your site preserve their value even when you apply changes to your Drupal content 
  • it pretty much takes the burden of fixing every broken link, manually, off your shoulders

Pathauto:

  • it automatically creates SEO-optimized URLs based on the content that you, yourself, define
  • for instance, you can set the URL for your blog posts to always have the following path alias: /blog/[blog title]
  • also (and this is a huge SEO factor) if you have ideally keyword-packed page titles, the Pathauto-generated URLs will automatically contain all those valuable keywords, as well 

2. Install The Drupal SEO Checklist Module: One of The Very Best Drupal SEO Modules 

And, implicitly, the very first one to install before you go ahead and add any other Drupal tool or module to your SEO essential kit.

Drupal SEO Checklist is the most powerful Drupal module that "does nothing.” Robert Shea, IBM.

And this says a lot, yet... not everything.

For it's true, the Drupal SEO Checklist module doesn't show you how to optimize your website, yet it delivers you a full list of Drupal SEO best practices to adopt. Or a to-do list of actions you should take, modules you should consider implementing if you prefer.

One covering several key sections on your site to focus your SEO efforts on:

  • title tags
  • paths
  • content
  • and more ...

3. One of The Key Drupal SEO Best Practices: Adding Meta Tags to Every Web Page

"Letting Google (and other search engines and social media sites) know what the content on your web pages is all about", this is how we could sum up the meta tags' role.

They're snippets of text that not only that:

  • let Google know what each one of your web pages is all about
  • but also indicate how you want the content of each page on your site to be described on other websites.
     

Now, can you imagine the arduous task of manually adding a custom browser and page titles, descriptions and keywords to every single page on your website?

No need to, for you can always install the Metatag module, one of the must-have Drupal SEO modules to add to your toolkit!

Here's how it works:
 

  • it enables you to add all the needed meta tags automatically, to each page on your Drupal site
  • it places both the meta tags and the meta title in the pages' headers, which translates into less code to write for you and faster rendering
     

And since we've reached the meta tags "chapter" on your Drupal SEO best practices list, let's put another key module into the spotlight: the Alternate Hreflang Module!

A particularly vital module if it's a multilingual Drupal website that you're about to optimize:
 

  • it adds hreflang tags to every page on your site
  • alternative hreflang tags that search engines can then reference in order to serve the right language/regional URLs in their SERPs
     

Pretty convenient, don't you think?
 

4. Set Up Google Analytics for Your Website & Other Must-Have Drupal Modules to Enable

"Help them help you!"

Ease search engines' "job" of crawling and indexing your website, by making your website... easy to crawl into and to index (obviously!). 

And by tapping into all those Drupal SEO tools put at your disposal for better “communicating” with them (the search engines).

… for gaining a deep understanding of where your site's standing when it comes to its relationship with search engines and social media sites.

Which brings us to 3 Drupal modules/tools that can intermediate (and enhance) your site's communication with the search engines: Google Analytics, XML Sitemap and Cron.

Google Analytics:
 

  • it automatically adds the more-then-valuable Google Analytics code snippet to your site
  • ... that you can control (deciding how and when it should be used) to your liking
  • it "injects" Google Analytics superpower into your website: priceless insights into your site visitors' behaviour on your site, what keywords they've used to land there, their demographics etc.
  • moreover, the module fixes Google Analytics' known drawback of tracking down ALL visitors, admins here included
  • ... and it does that by showing the code snippet only when "regular" (non-admin) users are visiting the website
     

XML Sitemap:
 

  • it generates an ideally formatted XML sitemap listing the content on your website, that you can submit to the search engines
  • this way, they (search engines) get to crawl in easily and index ALL the pages on your site (all those that you want them to crawl)
     

Cron:
 

  • a system that keeps your Drupal site conveniently updated and "clean"
  • it checks for updates itself, it recreates the XML sitemap if needed, keeping it up to date, it indexes the newly added content...
     

End of Part 1! The second half of this post on Drupal SEO best practices to adopt in 2018 will tackle aspects such as:

  1. building your keyword list and using it to "fuel" your content with
  2. a few more essential Drupal SEO modules to add to your toolbox
  3. valuable tips and tricks on how to speed up your website (since top speed and search engine optimization go hand in hand)

... and more! Stay tuned!

Pages

About Drupal Sun

Drupal Sun is an Evolving Web project. It allows you to:

  • Do full-text search on all the articles in Drupal Planet (thanks to Apache Solr)
  • Facet based on tags, author, or feed
  • Flip through articles quickly (with j/k or arrow keys) to find what you're interested in
  • View the entire article text inline, or in the context of the site where it was created

See the blog post at Evolving Web

Evolving Web