Upgrade Your Drupal Skills

We trained 1,000+ Drupal Developers over the last decade.

See Advanced Courses NAH, I know Enough
Aug 04 2020
Aug 04

argument-open-sourceargument-open-source Like many developers, some of our first websites were built on the backbones of WordPress. It’s the hyper-popular king of content management systems. It has name recognition, an overflowing user base, and plenty of third-party integrations that help cut your development time. But, over the years, we’ve migrated almost exclusively to Drupal. So why did we switch? What is it about Drupal that leaves developers drooling? And why would anyone pick Drupal — which has around 1.3 million users — over WordPress —which has over 400 million users? Today, we’re going to compare David to Goliath. Why is Drupal, the third most active CMS behind WordPress and Joomla, a good choice for businesses looking to build a refreshing, impactful, and feature-rich website?

UNDERSTANDING THE CORE DIFFERENCES BETWEEN DRUPAL AND WORDPRESS

By far, the most significant difference between WordPress and Drupal is the overall development need. WordPress is simple. There are hundreds of thousands of third-party plugins that you can leverage to build an entire website with virtually no coding or developing knowledge. And, that’s the single biggest reason that WordPress is so massive. Anyone can build a WordPress site. It’s easy. Drupal requires development. If you want to build a Drupal website, you’re going to have to hire some developers. So, naturally, Drupal has fewer overall users. But, it’s essential to make that distinction. Drupal is built for businesses, public entities, and enterprises. WordPress is built for your everyday website. It’s important to keep this main difference in mind. It’s this difference that resonates throughout these core pillars. And, it’s this core difference that creates pros and cons for each platform.

DRUPAL VS. WORDPRESS: SECURITY, FLEXIBILITY, AND SCALABILITY

We consider security, flexibility, and scalability to be the three primary pillars of a CMS. An amazing designer can make a fantastic template or theme regardless of the CMS. And ease-of-use is relative to your plugins/modules, familiarity with the platform, and overall development capabilities. So those are both highly subjective. Security, flexibility, and scalability aren’t subjective; they are what they are.

SECURITY

WordPress has a security problem. Alone, WordPress accounts for 90% of all hacked websites that use a CMS. There’s a tradeoff that comes with leveraging third-party plugins to build websites. You increase your threat landscape. WPScan Vulnerability Database shows 21,675 vulnerabilities in WordPress’s core and with third-party plugins. This security vulnerability issue has been an ongoing headache for WordPress from the start. If we do a play-by-play, year-over-year of WordPress’s history, we see an ongoing and consistent security issue:

  • 2013: 70% of the top 40,000 most popular WordPress websites were vulnerable to hackers
  • 2014: SoakSoak compromises +100,000 websites, a massive DDOS attack hits 160,000 websites, and All In One SEO Pack puts +19 million sites at risk.
  • 2015: A core vulnerability puts millions of websites at risk, Akismet opens millions of websites to hackers, and YoastSEO puts over 14 million websites in hackers’ crosshairs.
  • 2016: At this point, millions of hacks are happening every week across plugins. Check out this WordFence weekly update during this period.
  • 2017: The hacks continue. The average small business website using WordPress is attacked 44 times a day at this point, and WordPress websites are 2x more likely to be hacked than other CMS.

The list goes on. Year-over-year, more vulnerabilities happen across WordPress. And this is an important point. WordPress has subpar security by design. It’s the tradeoff they made to build an ecosystem that doesn’t require development. We aren’t saying that the core of WordPress is inherently security-stripped. It’s not. But, given the scale, scope, and third-party-fanatic nature of the platform, it’s weak on security by nature. Drupal, on the other hand, is the opposite. Websites require development time, each website is customized to the user, and building a website takes time and patience. The tradeoff is better security. Drupal has built-in enterprise-scale security, and you don’t rely on a hotchpotch of third-party applications to build your website’s functionality. There’s a reason that NASA, the White House, and other government entities use (or used) Drupal. It has better security. We want to take a second to make the distinction. WordPress has a secure core. We would argue that Drupal has a more secure core. But the difference isn’t massive. WordPress’s security vulnerabilities are a product of its reliance on third-party applications to make a functional website.

FLEXIBILITY

WordPress is more flexible than Drupal to some users. And Drupal is more flexible than WordPress to some users. That may sound complicated. But it comes down to your development capabilities. Drupal has more features than WordPress. Its core is filled with rich taxonomies, content blocks, and unique blocks than WordPress. But, if you aren’t experienced, you probably won’t find and/or use many of these functionalities. On the surface, WordPress has more accessible features. At the core, Drupal is the single most feature-rich CMS on the planet. So, for businesses (especially public entities and larger enterprises), Drupal has a more robust architecture to tackle large-scale projects that have hyper-specific needs. For small businesses and personal website owners, WordPress is easier to use and requires far less development experience to tap into its functionalities, features, and flexibility.

SCALABILITY

Drupal has better scalability. This one isn’t a competition. Again, this comes down to the dev-heavy nature of the platform. To scale WordPress websites, you add more plugins. To scale Drupal websites, you develop more. There’s a key practical difference here. Drupal modules, taxonomies, and content blocks all exist in the same ecosystem. Each WordPress plugin is its own micro-ecosystem. So, with WordPress, most users are stringing together a ton of third-party ecosystems in an attempt to create one overarching website. Also, Drupal is built for enterprise-scale projects. So there’s backend support and a large landscape of community support around large-scale projects. WordPress is a catch-all CMS that has a little of everything. If WordPress is a Swiss army knife, Drupal is a custom, hand-forged bread knife — explicitly designed to help you scale, slice, and butter larger projects.

ARE YOU READY TO DEVELOP YOUR PERFECT DRUPAL WEBSITE?

At Mobomo, we specialize in Drupal development projects. Our agile-based team of top-level design, development, and support talent can help you launch and scale your website to fit your unique needs. From NASA to Great Minds, we help private and public entities build dreams and execute visions.

Contact us to learn more.

Jul 30 2020
Jul 30

argument-open-sourceargument-open-source Over 500,000 businesses leverage Drupal to launch their websites and projects. From NASA to Tesla, public and private institutions regularly rely on Drupal to launch large-scale websites capable of handling their development and visual needs. But, starting a Drupal project doesn’t guarantee success. In fact, 14% of all IT projects outright fail, 43% exceed their initial budgets, and 31% fail to meet their original goals! In other words, if you want to create a successful Drupal project, you need to prepare. Don’t worry! We’ve got your back. Here are 5 things to keep in mind when starting a Drupal-based project.

1. GATHER REQUIREMENTS FROM STAKEHOLDERS EARLY AND OFTEN

According to PMI, 39% of projects fail due to inadequate requirements. Believe it or not, requirement gathering is the single most important stage of project development. In fact, it’s the first step Drupal itself takes when pushing out new projects (see this scope document for their technical document project). Gathering requirements may sound easy, but it can be a time-consuming process. We recommend using SMART (Specific, Measurable, Agreed Upon, Realistic, Time-based) to map out your specific needs. If possible, involve the end-user during this stage. Don’t assume you know what users want; ask them directly. Internally, requirements gathering should rally nearly every stakeholder with hefty amounts of cross-collaboration between departments. You want to lean heavily on data, establish your benchmarks and KPIs early, and try to involve everyone regularly. The single biggest project mistake is acting like requirements are set-in-stone. If you just follow the initial requirements to a “T,” you may push out a poor project. You want to regularly ask questions, communicate issues, and rely on guidance from stakeholders and subject matter experts (SMEs) to guide your project to completion.

2. PLAN YOUR SDLC/WORKFLOW PIPELINE

We all have different development strategies. You may leverage freelancers, a best-in-class agency, or internal devs to execute your Drupal projects. Typically, we see a combination of two of the above. Either way, you have to set some software development lifecycle and workflow standards. This gets complex. On the surface, you should think about coding standards, code flow, databases, and repositories, and all of the other development needs that should be in sync across devs. But there’s also the deeper, more holistic components to consider. Are you going to use agile? Do you have a DevOps strategy? Are you SCRUM-based? Do you practice design and dev sprints? At Mobomo, we use an agile-hybrid development cycle to fail early, iterate regularly, and deploy rapidly. But that’s how we do things. You need to figure out how you want to execute your project. We’ve seen successful Drupal projects using virtually every workflow system out there. The way you work matters, sure. But getting everyone aligned under a specific way of working is more important. You can use the “old-school” waterfall methodology and still push out great projects. However, to do that, you need everyone on the same page.

3. USE SHIFT-LEFT TESTING FOR BUG AND VULNERABILITY DETECTION

Drupal is a secure platform. Of the four most popular content management systems, Drupal is the least hacked. But that doesn’t mean it’s impenetrable. You want to shift-left test (i.e., automate testing early and often in the development cycle). Drupal 8+ has PHPUnit built-in — taking the place of SimpleTest. You can use this to quickly test out code. You can perform unit tests, kernel tests, and functional tests with and without JavaScript. You can also use Nightwatch.js to run tests. Of course, you may opt for third-party automation solutions (e.g., RUM, synthetic user monitoring, etc.) The important thing is that you test continuously. There are three primary reasons that shift-left testing needs to be part of your development arsenal.

  • It helps prevent vulnerabilities. The average cost of a data breach is over $3 million. And it takes around 300 days to identify and contain website breaches.
  • It bolsters the user experience. A 100-millisecond delay in page load speed drops conversions by 7%. Meanwhile, 75% of users judge your credibility by your website’s design and performance, and 39% of users will stop engaging with your website if your images take too long to load. In other words, simple glitches can result in massive issues.
  • It reduces development headaches. Nothing is worse than developing out completely new features only to discover an error that takes you back to step 1.

4. GET HYPER-FAMILIAR WITH DRUPAL’S API

If you want to build amazing Drupal projects, you need to familiarize yourself with the Drupal REST API. This may sound like obvious advice. But understanding how Drupal’s built-in features, architecture, and coding flow can help you minimize mistakes and maximize your time-to-launch. The last thing you want to do is code redundantly when Drupal may automate some of that coding on its end. For more information on Drupal’s API and taxonomy, see Drupal API. We know! If you’re using Drupal, you probably have a decent idea of what its API looks like. But make sure that you understand all of its core features to avoid headaches and redundancies.

5. SET STANDARDS

Every development project needs standards. There are a million ways to build a website or app. But you can’t use all of those million ways together. You don’t want half of your team using Drupal’s built-in content builder and the other half using Gutenberg. Everyone should be on the same page. This goes for blocks, taxonomy, and every other coding need and task you’re going to accomplish. You need coding standards, software standards, and process standards to align your team to a specific framework. You can develop standards incrementally, but they should be shared consistently across teams. Ideally, you’ll build a standard for everything. From communication to development, testing, launching, and patching, you should have set-in-stone processes. In the past, this was less of an issue. But, with every developer rushing to agile, sprint-driven methodologies, it can be easy to lose sight of standards in favor of speed. Don’t let that happen. Agile doesn’t mean “willy-nilly” coding and development for the fastest possible launch. It still has to be systematic. Standards allow you to execute faster and smarter across your development pipeline.

NEED SOME HELP?

At Mobomo, we build best-in-class Drupal projects for brands across the globe. From NASA to UGS, we’ve helped private, and public entities launch safe, secure, and exciting Drupal solutions. Are you looking for a partner with fresh strategies and best-of-breed agile-driven development practices?

Contact us. Let’s build your dream project — together.

Jul 28 2020
Jul 28

argument-open-sourceargument-open-source

DRUPAL MIGRATION PREPARATION AUDIT

All good things must come to an end. Drupal 7 will soon meet its end. Does your organization have your migration plan to Drupal 9 in order? Here’s what you need to know to keep your Drupal site running and supported. Talk to Our Drupal Migration Experts Now!

OUR APPROUCH TO DRUPAL MIGRATION.

  • Analyze 
  • Inventory
  • Migration
  • Revision
  • SEO

OVERVIEW

Staying up to date with Drupal versions is vital to maintaining performance to your site:

  • Future-proofing
  • Avoiding the end-of-life cut-off
  • Performance
  • Security

GOALS

  1. Catalog existing community contributed modules necessary to the project
  • Do these modules have a corresponding Drupal 8 version?
  • If the answer to the above question is no, is there an alternative?
  • Is there an opportunity to optimize or upgrade the site’s usage of contributed modules?
  1. Catalog existing custom built modules
  • Do these modules rely on community contributed modules that may not have a migration path to Drupal 8?
  • Do these modules contain deprecated function calls?
  • Are there any newer community contributed modules that may replace the functionality of the custom modules?
  1. Review existing content models.
  • How complex is the content currently—field, taxonomy, media?
  • What specific integrations need to be researched so content will have feature parity?
  1. Catalog and examine 3rd party integrations.
  • Is there any kind of e-commerce involved?
  • Do these 3rd party integrations have any Drupal 8 community modules?
  1. Catalog User roles and permissions
  • Do user accounts use any type of SSO?
  • Is there an opportunity to update permissions and clean up roles?

PRE-AUDIT REQUIREMENTS

  • Access to the codebase
  • Access to the database
  • Access to a live environment (optional)
  • Access to integrations in order to evaluate level of effort

DELIVERABLES

Module Report The module report should contain an outline of the existing Drupal 7 modules with the corresponding path to Drupal 8, whether that’s an upgraded version of the existing module or a similar module. This report should also contain a sheet outlining any deprecated function usage for the custom modules that will need to be ported to Drupal 8.

Content Model Report The Content Model report should contain an overview of the existing site’s content types, users, roles, permissions and taxonomic vocabularies with each field given special consideration. Recommendations should be made in the report to improve the model when migrating to Drupal 8.

Integration Report The integration report contains a catalog of the third party integrations currently in use and marks those with an existing contributed module from the community and those that will require custom work to integrate with the Drupal 8 system.

Our Insights on Drupal Our latest thoughts, musings and successes.

Contact us. We’ll help you expand your reach.

About Drupal Sun

Drupal Sun is an Evolving Web project. It allows you to:

  • Do full-text search on all the articles in Drupal Planet (thanks to Apache Solr)
  • Facet based on tags, author, or feed
  • Flip through articles quickly (with j/k or arrow keys) to find what you're interested in
  • View the entire article text inline, or in the context of the site where it was created

See the blog post at Evolving Web

Evolving Web