Upgrade Your Drupal Skills

We trained 1,000+ Drupal Developers over the last decade.

See Advanced Courses NAH, I know Enough
Sep 09 2021
Sep 09

One of the things that’s remarkable about the open source movement is that it brings together people from all over the world to solve difficult and complex problems. 

While some level of conflict is to be expected - and can even be productive - effective collaboration requires that people treat each other with dignity and respect, even when they disagree. 

It’s why the vast majority of open source projects have adopted codes of conduct that set expectations for how people should interact with each other and what kind of behavior is unacceptable.

As one of the founding members of the Drupal Community Working Group, I learned many important lessons about community management and governance. Since stepping down from the group’s conflict resolution team at the beginning of this year, I’ve been discussing these issues alongside people from other open source projects who are equally as interested in fostering a more friendly, welcoming, and inclusive community for their contributors.

Lesson 1: Having a Code of Conduct is Not Enough*

In 2010, Drupal became one of the first major open source projects to adopt a code of conduct, but there were no structures in place to enforce it in a clear or consistent way. This meant incidents of harassment and abuse sometimes went unaddressed and valuable contributors left the community as a result.

Recognizing an open community need, project lead Dries Buytaert led a governance sprint in the summer of 2012 that resulted in the creation of several working groups, including the CWG, which was chartered in early 2013. During its first year, the CWG established the creation of a conflict resolution policy and process and mechanisms for community members to report incidents in a safe and confidential manner. Incorporating community input, we continued to evolve and refine our processes, documenting every step of the way.

Lesson 2: Understand the Scope of Your Community

Many open source projects are maintained by individual developers. Others are overseen by large technology companies like Google, Facebook, and Microsoft or nonprofit foundations like Linux, Apache, and Mozilla.

Conversely, Drupal is an independent project supported by a community of hundreds of companies and thousands of individuals who lend their time, talent, and treasure to support and maintain the project. Our large and broad community required clarity about what was and was not covered by our code of conduct.

Some of the CWG’s most challenging issues to address have involved questions of the extent to which actions that someone engages in outside of the project should impact their ability to participate in its community. Many codes of conduct only apply to actions that occur within designated community spaces and/or when someone is acting as an official representative of the project.

However, we agreed early on that the CWG needed to be able to address harassment of a member of our community by another member of our community, regardless of whether it occurred in a community space or outside of it. For example, we wanted to be able to address cases where someone was using their personal social media account to harass another community member, even if they were completely polite when interacting with that same individual in an issue queue.

Issues that fall outside the scope of our code of conduct include (but are not limited to) personal or workplace disputes between individuals that do not have a clear connection to the community, or situations that fall under the jurisdiction of law enforcement or other authorities and where no imminent or ongoing threat exists to members of our community.

Lesson 3: Leadership and Accountability Go Hand-in-Hand

One of the things that distinguishes large open source projects like Drupal is the number of leadership roles available to members of the community, which include maintaining a project, speaking at events, participating in working groups and committees, and assisting in the mentorship and onboarding of new contributors.

Those who serve in these roles act as representatives of the project and community and are responsible for the important task of fostering collaboration and ensuring the community remains a welcoming place. Being aware of and taking responsibility for their words, and actions, and the impact they have on others is paramount.

Remembering they are modeling behavior for others any time they interact with members of the community is vital.

The CWG created and adopted a Code of Ethics that outlines what you can expect of the group’s members and their responsibilities regarding confidentiality and conflicts of interest. This has not only helped people outside of our group feel more comfortable sharing reports with us, but has also ensured we hold ourselves more accountable.

In response to community feedback, we also modified our charter to institute term limits for members of the conflict resolution team and created a new review panel to provide oversight and act as a point of escalation and appeal. In order to provide both community accountability and perspective from outside of our project this panel consists of two community-elected Drupal Association board members and an outside representative appointed by the board as a whole.

Lesson 4: Accept That Some Questions Don't Have Clear Answers

No matter what you do to prepare, you will always run into situations that don’t have clear or obvious solutions. During my tenure on the CWG, we encountered several examples of these kinds of thorny issues:

  • How do we handle suspected incidents of harassment or abuse that we only have knowledge of third-hand or through whisper networks?
  • What can we do to help community members who are subjected to campaigns of anonymous harassment on social media when the platforms involved can’t (or won’t) take action?
  • How do we consistently and effectively enforce event bans across a broad, decentralized global community?
  • Is there a “path back” for those who have been banned from community spaces due to their past behavior? What does restorative justice look like within the context of an open source community?

For these, and other challenging cases, a one-size-fits-all approach simply doesn’t work. For the CWG, we found that reaching out to trusted experts to get their perspectives (while being sure to maintain confidentiality) to be incredibly helpful when figuring out the right path forward.

Join the Conversation

If you’re curious to learn more about how to help make your open source community a more welcoming place, you can view the session I presented at FOSS Backstage 2021, or see me speak at DrupalCon Europe (October 4-7) or All Things Open (October 17-19).

MacBook Air stickers - DrupalCon Dublin 2016 by Michael Cannon, licensed under CC BY-SA 2.0.

Sep 09 2021
Sep 09

In the previous parts, we focused on Drupal configuration and the overview of modules and libraries. In the third part of the series on conducting a security audit, we'll focus on the overview of custom modules and themes. We'll perform an audit of the project repository, identify and analyze the elements worth paying attention to during the auditing process.

Overview of custom Drupal themes and modules

In custom Drupal themes and modules, attack vectors are most likely to appear. There's code there that isn't being widely used, unlike the code for contrib modules and themes. Therefore, it's not so well-tested in terms of security. In this article, I'll discuss a basic checklist used for auditing custom Drupal code. This list can be used as the basis for an audit of custom modules and themes.


We’ll start with the analysis of the parameters received from the user. Let's check out what is their type and how are they filtered. Drupal allows for using parameters in routings. These are dynamic values, incorrect processing of which may create attack vectors. If a query is created on the basis of a parameter and not filtered, this may cause a vector for SQL Injection attack, for example.

Next, we should look at the routing access configuration, specifically – the permissions that the user must have to get access. When declaring the routing, we need to define the requirements that the user must meet to gain access to the routing. We have to analyze the required permissions for every routing specified in our custom Drupal code and consider whether their level is appropriate. Specifying too low or incorrect level of required permissions will result in users having access to pages that they shouldn’t have access to. These can be both the pages listing the articles on your page and the pages listing all users along with all the data assigned to a given account. For this reason, the permissions audit is so important.


First, we'll analyze the correctness of the element types and check out if the correct type for a given field has been used. During the analysis of the types of fields used in the form, we may come across a field whose name and description suggest that it should be filled out with data of a specific type. However, the field's definition may allow the field to be filled out with other types of data. We should make sure that the definition of the type of elements corresponds with their purpose.

The next step will be to analyze the used methods of validating the field values in the form. Drupal allows for defining custom methods that validate the correctness of the entered data. We should test the correctness of the custom validation methods and make sure that only the valid data passes the validation.

The last thing will be to verify the presence and correct use of Form API provided by Drupal. We should analyze the way of using Form API, preferably using the documentation, and make sure that the forms are being created as directed.

The documentation specifies:

  • the cases where the use of a given field type is correct,
  • how to create the methods of validation,
  • how to use hook_form_alter,
  • how to create forms to be intuitive for the user.

SQL queries

Let's start with verifying the presence and correct use of the Database API provided by Drupal. It's equipped with methods providing security against attacks on the database. The correct use of API largely protects against attacks. We should particularly pay attention to whether input data filtering methods are used in the SQL queries. Drupal recommends using placeholders if there's a need to use input data, e.g., from a variable the value of which has been specified by the user in the form. Here's an example:

$foo = $this->getFormData(); $query = \Database::getConnection()->query(‘SELECT foo FROM {bar} b WHERE b.name = ‘ . $foo[‘name’]);

In the code above, we can see that the value 'name' from the $foo array is being assigned to the query without filtering. In such cases, I recommend using placeholders.

$foo = $this->getFormData(); $query = \Database::getConnection()->query(‘SELECT foo FROM {bar} b WHERE b.name = :name’, [‘:name’ => $foo[‘name’]]);

By creating queries in this way, we subject the variable $foo ['name'] to filtering, which will protect the query against SQL Injection attacks.

Filtering mechanisms

This means verifying the presence and correctness of the filtering data received from the user. We need to check that only TWIG is being used to render the variables in the templates, which by default filters the content of the variables and makes sure that they're safe. In the case of working with variables that are then used in translatable strings, we need to make sure that those variables are substituted for the appropriate placeholders. The plain text coming from the user should be filtered using the Html::escape() method if the user shouldn't be able to provide HTML tags in the text and the Xss::filterAdmin() function if they should be able to do so. If the user provides links, they should also be filtered.

Used for this purpose are the functions UrlHelper::stripDangerousProtocols() and UrlHelper::filterBadProtocol(). Filtering mechanisms are also applicable on the client's side. To clean up text in JavaScript, we should use the Drupal.checkPlain() function.

Sensitive data

We should check whether the code doesn't contain credentials or API keys. In some cases, we may come across the credentials left in the code of custom modules. Identifying them doesn't require much work.

Repository review

It's worth taking a look at the repository to search for sensitive information that may be stored in the files. The first step is to analyse the settings.php file and ensure that there are no credentials in it that would provide access to the database or other Drupal website components. Next, let's go over the environment variables' files and make sure there aren't any credentials in them. The credentials required by the environment shouldn't be part of the repository.

The next step is to check if there are no deeply hidden confidential files, for example – with SSL private keys or database copies or dumps. Sometimes the files that should never be in the repository get there by mistake. Some of them are, for example, database dumps or private keys. Identifying and removing them is recommended.

Analysis of the Drupal code – summary

In the third part of the series on performing a Drupal security audit, we've learned the ways of checking the code of custom modules and themes, we've audited the project's repository in order to make sure that no sensitive data was publicly available, and we've analyzed the elements that are worth paying attention to during the audit process.

Applying the tips I've posted in this article will make your application more secure. A code audit is a key element leading to better page security. It requires more time and knowledge than the update we covered in the first part and the correct configuration of Drupal we covered in the second part of the series, but the benefits of doing it are much more valuable than the time spent on it.

In the next part of this series of articles, we'll learn about external tools for automating the auditing process. It's the next step performed in a comprehensive security audit. Do you need help in performing such a task? Our Drupal support team has extensive experience in conducting audits.

Sep 08 2021
Sep 08

This week, September 5-11, 2021, has been set aside as National Suicide Prevention Week

Suicide has reached epidemic proportions in the United States, with each year adding another dark chapter to the to rising trajectory. 

Stemming the tide and saving lives calls for a complex mix of solutions. Key among is bringing the topic out of the shadows and onto the table, with a greater awareness of helpful and easily accessible resources and support.

That’s why we at Promet Source were so honored this year for the opportunity to partner with Marin County, California, Behavioral Health and Recovery Services, in the design and development of a new Drupal site for Prevention and Outreach.

Encouraging, Engaging, Easy

The objectives for the new site centered on the creation of a comforting community hub, that fueled awareness of and interaction with the full scope of available services, including vetted and recommended community resources, events, and community connections. 

Many of these resources had previously been buried within the main Behavioral Health website.

Recognizing that reaching community members who are in critical need of support
means that resources needs to be not just easy to find, but comforting and encouraging, the site’s UX allows for access to all resources directly from the home page. Resources are presented in meaningful categories that include Suicide Prevention, Parenting & Families, Schools & Educators, and Mindfulness & Self Care.

All critical hotline phone numbers are displayed prominently on the home page, and repeated again on the footer of every page. Within every section, opportunities to get help are highlighted.

A handwritten script-like font on the home page, along with rounded corners on the photos and a contemporary UX, contributes to a comforting, human touch.

Content Editor Empowerment

Also essential was a flexible CMS that could be easily updated with a drag-and-drop design functionality, enabling stakeholders and content editors to make revisions, as needed, without ever needing to touch the site’s underlying code. 

The CMS platform needed to be one that could be richly and easily expanded upon by members of the Prevention and Outreach Team, without needing to reach out to the IT department or ever touch the underlying code.

Promet’s Provus solution enables content editors to easily work with established design components to update content, add functionality and switch up layouts as needed.
Our recent engagement with Marin County’s Behavioral Health and Recovery Services Prevention and Outreach Team has inspired us to package a web solution that can be easily deployed by other local governments. 
Contact us to learn about a ready-to-deploy site with UX that is inherently comforting and encouraging, and provides easy access to a wide range of resources, while allowing for easy updates and revisions. 

Sep 08 2021
Sep 08

DesignHammer has been awarded four MUSE Creative Awards in the 2021 competition, including two Gold Awards and two Silver Awards. DesignHammer’sredesign of the Divers Alert Network website took home a Gold Award in the Nonprofit category and a Silver Award in the Association category, while our TransmetriQ website build for Railinc earned a Gold Award in the Information Technology category and a Silver Award in the Transportation category.

To win these awards, DesignHammer collaborated with DAN to consolidate three of their sites into one user-friendly WordPress website with a custom-designed, mobile-responsive theme to maintain brand identity and more effectively engage their audiences. The TransmetriQ achievement comes after longtime client Railinc commissioned their third project with DesignHammer for a custom website to effectively reflect the rebranded identity for their commercial product line.

The MUSE Creative Awards is an international competition for creative professionals who inspire others to greater heights with their concepts, ideas, or designs. The organization was created by the International Awards Association (IIA), on a mission to honor, promote, and encourage creativity by providing a new standard of excellence for evaluating media design production and distribution.

The IIA conducts five awards competitions, including the MUSE Creative Awards, NYX Marcom Awards, the TITAN Business Awards, the LIT Awards and the Vega Digital Awards. DesignHammer has now earned eleven awards in total from the IIA over the span of four years. Prior to MUSE, our most recognition from the IIA was in the 2021 Vega Digital competition where our Divers Alert Network redesign also earned two awards, including a Canopus Award (platinum), and Centauri Award (gold). This latest achievement for 2021 is important to DesignHammer, because this year is our first time entering the MUSE Awards ever. 

Judges for the MUSE Creative Award competition are chosen from top-tier digital agencies across the United States; creative directors, copywriters, photographers, illustrators, educators, and some freelancers are all represented within the jury panel. MUSE Award winners must demonstrate outstanding achievement in one or more of the following areas: content, imagery, audio, interface, design, accessibility, innovative use of technology, appropriate use of technology, and overall appeal. The full 2021 MUSE Creative Award winner list can be found here.

“I am pleased with DesignHammer’s success in our first set of entries in the MUSE Creative Awards.  The competition was tough this year, with likes of industry leaders such as IBM, Getty Images, and Clinique winning Platinum awards." 

— David Minton, DesignHammer Managing Partner

About DesignHammer

As a full-service web strategy, design, and development agency, DesignHammer has been integrating proven practices and delivering tailor-made technology solutions to help companies and organizations achieve their business goals since 2001. Headquartered in Durham, North Carolina, DesignHammer has been internationally recognized for their award-winning websites and web design & development industry expertise. Using a collaborative development process, DesignHammer’s close-knit team of experienced web strategists, developers, and designers leverage existing software platforms, custom software frameworks, and third-party software integrations to provide client organizations with the best ROI.

Sep 08 2021
Sep 08

A Drupal e-commerce project

Drupal Commerce has been around for more than a decade. More than fifty thousand sites report using Commerce, and its maintainers have kept the suite of modules modern, flexible, and robust over the years for both Drupal 7 and Drupal 8/9 with the latest code for the Drupal 7 version released as recently as earlier this year.

The National Center for Employee Ownership (NCEO) came to us in 2018 with an existing investment in a Drupal 7 Commerce site that had thousands of hours poured into it in terms of configuration, custom development, and order management. At the time their staff were manually entering email and telephone orders into the Drupal Commerce backend, and were hoping to upgrade to a full-featured, payment gateway enabled online store. They also wanted to develop a brand new public facing NCEO.org that better captured their organization and connected users with their content.

At that time building a brand new public-facing website and upgrading an existing complex online store presented an interesting problem. Do we continue building on top of Drupal 7 knowing it will reach end-of-life in a couple of years? Or do we bite the bullet and invest in a new Drupal 8 solution with its promise of a future-proof approach to website development?

Spoiler alert — the answer was both.

Drupal 7 and Drupal 8: The best of both worlds

NCEO was using a custom Drupal 7 implementation of Commerce and RedHen CRM to manage nearly a thousand products, tens of thousands of customers, hundreds of thousands of order records, and complex coupon and membership pricing logic. Their existing platform represented an extensive investment — and their staff were already trained and proficient on the existing suite of tools. While the tides were definitely turning towards all things Drupal 8 in 2018, completely rebuilding the platform, migrating records, and training staff on a new system was a tough sell. And it was the wrong solution.

The right solution was to protect the existing investment, and building a lightweight Drupal 7 / Drupal 8 integration could do just that. Users needed to be able to browse NCEO’s content and products on a new Drupal 8 website, and then be seamlessly handed-off to a Drupal 7 Commerce backend to make payments or review order details. Luckily, Drupal’s architecture lends itself to just this sort of integration and synchronization across platforms.

A touch of tech

After extending NCEO’s Drupal 7 Commerce implementation to include an intuitive, turnkey customer checkout experience, all that was left to do was wire that backend to the brand new Drupal 8 NCEO.org that would roll out the following year.

The solution had to synchronize both users and products. The NCEO team would continue managing their products on the Drupal 7 platform, but those product updates would need to automatically post to the Drupal 8 site where users would browse them. Additionally, users would need to see their custom membership pricing on the Drupal 8 site, and maintain their session and membership data as they were seamlessly directed to the Drupal 7 platform for checkout.

Single sign-on & user data synchronization

We used the CAS module to create the “behind the scenes” single sign-on between the two sites, and to help synchronize the user role data that translates to special membership pricing and offers. When a user completes a membership purchase (on the Dupal 7 portion of the experience) their new user role is synchronized back to the Drupal 8 website — ensuring that they see the appropriate discounts and membership offers while browsing products, and later receive those discounts at checkout.

Product synchronization via the hook system

The NCEO team continues to manage products and customer records on the Drupal 7 portion of the platform. On the Drupal 7 side we built a simple webhook system that posts product update data using Drupal’s drupal_http_request($url, $options) everytime a product is created, updated, or deleted. We capture those actions with the insert, update, and delete node hooks available in the Drupal 7 API. In essence, every time someone makes a change to a product managed on the Drupal 7 platform, those changes are securely transmitted to the public facing Drupal 8 site.

When the data posts to the public-facing NCEO.org Drupal 8 site the products are updated almost immediately, ensuring that users are consistently presented with the absolute latest product information. Product updates on the Drupal 8 side are accomplished by defining a controller to accept data at a specific endpoint or URL — I wrote a pretty detailed post about capturing webhooks in Drupal 8 sometime ago, complete with code samples.

The integration is super lightweight and the end product is a seamless checkout experience. The solution lets the existing platform continue working as designed while rebuilding the primary public facing website with the more modern, evergreen Drupal 8.

Value before technology

As a developer there’s often an urge to design and build systems using the latest and greatest iterations of our favorite technologies. As the Director of Engineering at Aten, it’s important for me to consider how to achieve our clients’ goals in a way that’s cost effective, secure, and sustainable. Often that requires a mix of bleeding edge technology and creative out-of-the-box solutions that keep the people using the software at the center of the process.

In this case we were not only able to protect an existing investment while delivering a brand-new Drupal 8 website, but also built out a flexible architecture that will be super easy to upgrade in the future. In place of a Drupal 7 Commerce and RedHen CRM backend, NCEO could easily drop in another customer records solution to plug into their Drupal 8 site and store — all with hardly any changes to the Drupal 8 side. Even now in 2021 the solution works great — and as Drupal users everywhere decide what to do with their Drupal 7 assets, NCEO is in a great place to consider next steps for the commerce administration aspect of their platform without having to think about a complete website rebuild.

Interested in learning more about what innovative digital solutions can do for your organization? We’d love to hear from you.

Sep 08 2021
Sep 08

Thanks to the hard work of our team this past year and stellar reviews from our clients, DesignHammer has once again been recognized with an esteemed Clutch Leaders Award. Clutch recently listed DesignHammer as the 2nd best digital agency in all of North Carolina for 2021.

Clutch.co is the leading ratings and reviews platform for IT, marketing, and business service providers. Each month, over half a million buyers and sellers of services use the Clutch platform which contains over 200,000 agency listings. To select their annual Leaders Award winners, Clutch uses a complex methodology that consists of meticulously evaluating a company’s service focus, case studies, brand reputation, and verified reviews, among many other factors, to determine a company’s industry expertise and ability to deliver.

Securing a second place position against hundreds of North Carolina competitors demonstrates that Clutch’s algorithm has recognized industry excellence throughout every qualifying aspect of our agency and considers DesignHammer to be one of the development industry’s finest. 

In addition to their annual Leaders Award, Clutch regularly updates their proprietary “Leaders Matrix,” which provides a visual representation of top performing companies in a particular industry and location. As of this release, DesignHammer is ranked 2nd on Clutch’s Top Drupal Developers Matrixin Raleigh/Durham, and 3rd in Clutch’s Top Web Developers Matrix for all of North Carolina.

In reference to the 2021 B2B Leaders list, Clutch Customer Operations Representative Austin Ellis stated: 

“These providers excelled in their respective fields and have shown that they can provide high-quality services to their clients. Companies looking for a partner in web design, branding, SEO, mobile app development, and other B2B services should check out the firms on this list.” 

This is DesignHammer’s third Leaders Award following our previous recognition from Clutch as a Top Performing B2B Company in North Carolina as well as a Top Global Service Provider in 2020. Winning a Clutch Leader’s Award is a testament to our clients’ success working with DesignHammer and a reflection of the time spent sharing their satisfaction level with Clutch representatives.

“DesignHammer is honored to be recognized as a top digital agency by Clutch in their recently published Top-Performing B2B Companies in North Carolina. We’d like to thank both current and former clients who left us glowing reviews, as well as Clutch for recognizing our agency’s commitment towards delivering quality work and providing our clients with a positive, collaborative project experience.” 

David Minton, Managing Partner


See Clutch’s official North Carolina Leaders Award Press Release

Top North Carolina Web Developers on Clutch

About DesignHammer

As a full-service web strategy, design, and development agency, DesignHammer has been integrating proven practices and delivering tailor-made technology solutions to help companies and organizations achieve their business goals since 2001. Headquartered in Durham, North Carolina, DesignHammer has been internationally recognized for their award-winning websites and web design & development industry expertise. Using a collaborative development process, DesignHammer’s close-knit team of experienced web strategists, developers, and designers leverage existing software platforms, custom software frameworks, and third-party software integrations to provide client organizations with the best ROI. For more information visit: https://designhammer.com.

Sep 08 2021
Sep 08

DesignHammer has been awarded five dotCOMM Awards in the 2021 competition, including two Platinum Awards, one Gold Award, and two Honorable Mentions.

Our custom TransmetriQ website build and the DesignHammer website have each been recognized with a  Platinum Award in the B2B category and in the marketing/digital agency category, respectively. Additionally, our redesign of the Divers Alert Network website has been awarded one Gold Award in the nonprofit category, as well as two Honorable Mentions, one in the association category and one in the sports/recreation category.

Longtime client Railinc commissioned their third project with DesignHammer for a custom website to effectively reflect the rebranded identity for their commercial product line (TransmetriQ), a website that dotCOMM has now recognized with a Platinum Award. DesignHammer’s latest Gold dotCOMM Award was the result of close collaboration with Divers Alert Network in 2020 to consolidate a number of web properties into a user-friendly WordPress website with a custom theme. In addition to these two clients, DesignHammer took home a Platinum dotCOMM for the 2021 redesign of our own company website.

“We are pleased with the recognition of the new Divers Alert Network website — and we’re thrilled with the improved user experience for our customers and members”

— Bill Ziefle, DAN President & CEO


Administered and judged by the Association of Marketing and Communication Professionals (AMCP), dotCOMM Awards is an international competition honoring excellence in web creativity and digital communication. The AMCP is one of the largest and oldest, third-party evaluators of creative work in the world. Other noteworthy dotCOMM award-winning projects from 2021 were commissioned by Duke Energy, NATO, Cornell University, and WP Engine. See the rest of the 2021 dotCOMM award winners.

These five awards bring DesignHammer’s total dotCOMM Awards total to fifteen, since 2017. Previous DesignHammer projects to have taken home awards include work for the Council for Entrepreneurial Development (CED)Highland CompositesInteriors in FlightThe William Blake Archive, the North Carolina Center for NonprofitsRailincDuke Health, and the Full Frame Documentary Film Festival.

“I’m very proud to hear of our agency's recent achievement and happy to see the AMCP judges have recognized the value of the results we deliver our clients. Earning two Platinum Awards, one Gold, and two Honorable Mentions from dotCOMM, is a testament to the skill, vision, and collaborative effort our team.”

— David Minton, DesignHammer Managing Partner

2021 dotComm awards

About DesignHammer

As a full-service web strategy, design, and development agency, DesignHammer has been integrating proven practices and delivering tailor-made technology solutions to help companies and organizations achieve their business goals since 2001. Headquartered in Durham, North Carolina, DesignHammer has been internationally recognized for their award-winning websites and web design & development industry expertise. Using a collaborative development process, DesignHammer’s close-knit team of experienced web strategists, developers, and designers leverage existing software platforms, custom software frameworks, and third-party software integrations to provide client organizations with the best ROI.

Sep 08 2021
Sep 08

In combination with the FacetAPI module, which allows you to easily configure a block or a pane with facet links, we created a page displaying search results containing contact type content and a facets block on the left hand side to narrow down those results.

One of the struggles with FacetAPI are the URLs of the individual facets. While Drupal turns the ugly GET 'q' parameter into a clean URLs, FacetAPI just concatenates any extra query parameters which leads to Real Ugly Paths. The FacetAPI Pretty Paths module tries to change that by rewriting those into human friendly URLs.

Our challenge involved altering the paths generated by the facets, but with a slight twist.

Due to the projects architecture, we were forced to replace the full view mode of a node of the bundle type "contact" with a single search result based on the nid of the visited node. This was a cheap way to avoid duplicating functionality and wasting precious time. We used the CTools custom page manager to take over the node/% page and added a variant which is triggered by a selection rule based on the bundle type. The variant itself doesn't use the panels renderer but redirects the visitor to the Solr page passing the nid as an extra argument with the URL. This resulted in a path like this: /contacts?contact=1234.

With this snippet, the contact query parameter is passed to Solr which yields the exact result we need.

 * Implements hook_apachesolr_query_alter().
function myproject_apachesolr_query_alter($query) {
  if (!empty($_GET['contact'])) {
    $query->addFilter('entity_id', $_GET['contact']);

The result page with our single search result still contains facets in a sidebar. Moreover, the URLs of those facets looked like this: /contacts?contact=1234&f[0]=im_field_myfield..... Now we faced a new problem. The ?contact=1234 part was conflicting with the rest of the search query. This resulted in an empty result page, whenever our single search result, node 1234, didn't match with the rest of the search query! So, we had to alter the paths of the individual facets, to make them look like this: /contacts?f[0]=im_field_myfield.

This is how I approached the problem.

If you look carefully in the API documentation, you won't find any hooks that allow you to directly alter the URLs of the facets. Gutting the FacetAPI module is quite daunting. I started looking for undocumented hooks, but quickly abandoned that approach. Then, I realised that FacetAPI Pretty Paths actually does what we wanted: alter the paths of the facets to make them look, well, pretty! I just had to figure out how it worked and emulate its behaviour in our own module.

Turns out that most of the facet generating functionality is contained in a set of adaptable, loosely coupled, extensible classes registered as CTools plugin handlers. Great! This means that I just had to find the relevant class and override those methods with our custom logic while extending.

Facet URLs are generated by classes extending the abstract FacetapiUrlProcessor class. The FacetapiUrlProcessorStandard extends and implements the base class and already does all of the heavy lifting, so I decided to take it from there. I just had to create a new class, implement the right methods and register it as a plugin. In the folder of my custom module, I created a new folder plugins/facetapi containing a new file called url_processor_myproject.inc. This is my class:

 * @file
 * A custom URL processor for cancer.

 * Extension of FacetapiUrlProcessor.
class FacetapiUrlProcessorMyProject extends FacetapiUrlProcessorStandard {

   * Overrides FacetapiUrlProcessorStandard::normalizeParams().
   * Strips the "q" and "page" variables from the params array.
   * Custom: Strips the 'contact' variable from the params array too
  public function normalizeParams(array $params, $filter_key = 'f') {
    return drupal_get_query_parameters($params, array('q', 'page', 'contact'));


I registered my new URL Processor by implementing hook_facetapi_url_processors in the myproject.module file.

 * Implements hook_facetapi_url_processors().
function myproject_facetapi_url_processors() {
  return array(
    'myproject' => array(
      'handler' => array(
        'label' => t('MyProject'),
        'class' => 'FacetapiUrlProcessorMyProject',

I also included the .inc file in the myproject.info file:

files[] = plugins/facetapi/url_processor_myproject.inc

Now I had a new registered URL Processor handler. But I still needed to hook it up with the correct Solr searcher on which the FacetAPI relies to generate facets. hook_facetapi_searcher_info_alter allows you to override the searcher definition and tell the searcher to use your new custom URL processor rather than the standard URL processor. This is the implementation in myproject.module:

 * Implements hook_facetapi_search_info().
function myproject_facetapi_searcher_info_alter(array &$searcher_info) {
  foreach ($searcher_info as &$info) {
    $info['url processor'] = 'myproject';

After clearing the cache, the correct path was generated per facet. Great! Of course, the paths still don't look pretty and contain those way too visible and way too ugly query parameters. We could enable the FacetAPI Pretty Path module, but by implementing our own URL processor, FacetAPI Pretty Paths will cause a conflict since the searcher uses either one or the other class. Not both. One way to solve this problem would be to extend the FacetapiUrlProcessorPrettyPaths class, since it is derived from the same FacetapiUrlProcessorStandard base class, and override its normalizeParams() method.

But that's another story.

Sep 08 2021
Sep 08

I'm excited to announce that Acquia has signed a definitive agreement to acquire Widen, a digital asset management (DAM) and product information management (PIM) company.

The Acquia and Widen logos shown next to each other

It's not hard to understand how Widen fits Acquia's strategy. Our goal is to build the best Digital Experience Platform (DXP). Content is at the heart of any digital experience. By adding a DAM and PIM to our platform, our customers will be able to create better content, more easily. That will result in better customer experiences. Plain and simple.

Widen is for organizations with larger marketing teams managing one or more brands. These teams create thousands of "digital assets": images, videos, PDFs and much more. Those digital assets are used on websites, mobile applications, in-store displays, presentations, etc. Managing thousands of files, plus all the workflows to support them, is difficult without the help of a DAM.

For commerce purposes, marketers need to correlate product images with product information like pricing, sizing, or product specifications. To do so, Widen offers a PIM. Widen built their PIM on top of their DAM — an approach that is both clever and unique. Widen's PIM can ingest product content from proprietary systems, master data management (MDM) platforms, data lakes, and more. From there, marketers can aggregate, synthesize, and syndicate product content across digital channels.

In short, organizations need a lot of content to do business. And online commerce can't exist without product information. It's why we are so excited about Widen, and the ability to add a DAM and PIM to our product portfolio.

Because content is at the heart of any digital experience, we will build deep integrations between Widen and Acquia's DXP. So in addition to acquiring Widen, we are making a large investment in growing Widen's engineering team. That investment will go towards extending the existing Widen module for Drupal, and creating integrations with Acquia's products: Acquia Site Studio, Acquia Campaign Studio (Mautic), Acquia Personalization, and more. Digital asset management will be a core building block of our DXP.

Needless to say, we will continue to support and invest in Widen working with other Content Management Systems and Digital Experience Platforms. We are building an open DXP; one of our key principles is that customers should be able to integrate with their preferred technologies, and that might not always be ours. By growing the engineering team, we can focus on building Drupal and Acquia integrations without disrupting the existing roadmap and customer commitments.

A few other facts that might be of interest:

So last but not least, I'd like to welcome all of Widen's customers and employees to the Acquia family. I'm excited to see what we will accomplish together.

Sep 07 2021
Sep 07

This guest post comes from Paulo Herinque Cota Starling, who explains how CI&T made contribution to the Drupal project a central part of its work culture, and how that has improved the Drupal talent on their team and brought them more business. 

For four years, CI&T has made its mark as a top Drupal contributor in Dries Buytaert's report "Who sponsors Drupal development?".

CI&T logo

In 2016, we created internal initiatives to get noticed by the Drupal Community with the quality and volume of our contributions. Today, we see the results of these efforts, with recognition as a Drupal leader and increased visibility for the CI&T brand through the Drupal marketplace. This commitment has directly helped us win new businesses.

To manage our efforts, we have an internal Drupal Competence Office (DCO), a team responsible for leading Drupal community contributions and building relationships with the broader Drupal community. The DCO operates as a bridge between the Drupal community and CI&T development teams tackling different pipes. DCO's developers are focused on solving various module issues and Drupal core issues, organizing and updating all Drupal training materials, and providing training support for new developers joining CI&T.

New DCO members who are not knowledgeable in Drupal often start working on less complex module issues. These new developers gain significant knowledge as they discover the modules available in the community, their structure, what Drupal offers out-of-the-box, how to extend its functionality, and how to search for information in various channels. We also often welcome new people at the DCO who are trained, contribute to Drupal, and are ready to work on a project at CI&T.

In addition to our Drupal team, we also undertake internal contribution campaigns, allowing all CI&Ters outside the DCO to feel motivated to contribute. These campaigns usually take place once a year and last approximately six months so everyone has an opportunity to contribute and be recognized. After the end of a campaign, people who made the most significant contributions receive awards. For this year's campaign, the first-place winner will take home a new PlayStation 5!

These internal campaigns are a win-win situation for both CI&T and the greater Drupal Community. Internally, we recognize the contributors while at the same time increasing the number of overall contributions made to the Drupal Community. Contributing to Drupal for the first time can be tricky. It's common for CI&T to run 'dojos' to teach everyone interested in getting a Drupal environment up and running quickly, creating or finding an issue, creating a patch or a merge request and reviewing the changes made in an issue. The participants can also collaborate with documentation, camp organizing, and support requests. 

Drupal has been a widely used technology in customer projects in recent years. In addition to being an open-source framework and significantly lowering our costs, CI&T's contributions to the Drupal Community help the company's business to grow. When talking to potential customers, we're frequently asked about our current contributions, which modules are we a maintainers of, and whether we help in core or not. If the client asks about this issue, we know it will be a significant factor when deciding whether to close a contract with CI&T or another company.

All our initiatives for the Drupal Community aim to increase our employees' knowledge so that they can work on projects, help win new clients and increase the overall quality of Drupal. CI&T, in turn, can continue to offer innovative solutions that meet the needs of our clients.

Editor's note: We at the Drupal Association want to congratulate CI&T on taking the initiative to put their Drupal Competence Office together within their organization. We believe that other organizations in the community can learn from their example, and create a rising tide of contribution to raise all ships in the Drupal ecosystem - building both better Drupal software, and executing better projects for Drupal clients.

Sep 07 2021
Sep 07

One of Acro Media’s very own, Mike Hubbard, breaks down two of the world’s best-known content management systems. Full of detailed analysis and side-by-side comparisons of the WordPress and Drupal CMS admin user interfaces. Read on to learn everything you didn’t know you didn’t know.

Side-by-side: WordPress and Drupal admin UI comparison quick links.

Click on the links below to jump to each section and see which CMS comes out on top.

Content management systems (CMSs) are the engine that drives content creation on the web today. They form the foundation that we build on for publishing and sharing information, creating digital experiences and conducting online retail. WordPress and Drupal are staples in the CMS world and they have both been around a long time. WordPress is known for its intuitive and easy-to-use interface. Drupal is known for its flexibility and complexity. While both have their strengths and weaknesses, the usability gap between WordPress and Drupal is changing. This article will show you the current state of Drupal’s admin user experience in a side-by-side comparison with WordPress, the most widely used CMS. If you’re familiar with one CMS but not the other, this comparison is also a good introduction to the other.

TL;DR: The primary goal of this article is to dispel the perception that Drupal is widely different and harder for administrators to use than WordPress. If you don’t care about the background behind this perception, just skip down to the direct comparison.

WordPress is easy, Drupal is hard… why does this perception exist

But first, a little background. The dominant CMS in terms of the number of sites running on it is WordPress. W3Techs estimates that WordPress powers about 62% of all websites that use a CMS, meaning multiple millions of websites are using it.

Why is WordPress so popular? WordPress started as a blogging engine with a focus on being easy to use. This proved to be incredibly important because it meant that nearly anyone could get a WordPress site up and running fast and be able to use it with little-to-no training. The idea caught fire with both individuals and local businesses who just wanted a simple, low-cost website that others could find online. Web developers and agencies also finally had a framework that allowed their clients to make simple content edits within an admin environment that was friendly.

Of course, today, businesses can use WordPress for much more than a simple website, but ideally, that is still the best use case. The perception that WordPress is easy to use stands true. It may not be the solution if you have more complex needs.

But, dear reader, this article isn’t meant to praise and promote WordPress. Instead, much of this article will focus on another popular CMS, Drupal. 

Drupal is a fantastic CMS and is incredibly powerful when used correctly. Drupal is the go-to solution for providing a robust solution for today’s CMS-driven website development in many web development circles. It is thriving as the #3 ranked CMS with about 3% of the internet population, equalling hundreds of thousands of websites using it. 

Why isn’t Drupal more popular? Well, anyone who knows Drupal (and even many who don’t) will tell you that Drupal is best suited for large websites with high traffic and complex requirements. Universities, government, nonprofits and online retailers are a sample of those who use Drupal. Out-of-the-box Drupal isn’t as ready to use as WordPress, so it’s unlikely a suitable fit for simple websites. For non-developer individuals, configuring Drupal is a steep learning curve. Local web agencies take more time to set up, which means they must charge more. These reasons alone essentially take Drupal out of the running for many websites, so for Drupal, it’s more about the use case than mass adoption.

With that said, Drupal’s ability to be configured and developed means it can handle nearly any situation required of it, whether selling products for enterprise businesses or being the integration layer between multiple platforms. While this inherent flexibility is excellent for software developers, Drupal’s perception of complexity, combined with a historically underwhelming admin experience, has cemented a reputation that Drupal is unintuitive and difficult to use for the end-user. Much like WordPress, Drupal’s reputation preceded itself. In Drupal’s case, however, this reputation isn’t as flattering, and it’s something that our sales and outreach teams often battle.

For Drupal, it’s time for change

Like WordPress, Drupal is open source software. It’s free to use, and anyone has full access to the underlying code to modify and build on. Both platforms have a core team for advancing key initiatives and a massive community of individuals and organizations that support the initiatives while also adding additional functionality through plugins (WordPress lingo) or modules (Drupal lingo).

While usability has always been important to WordPress (since it started as a blogging platform), Drupal was historically more focused on being open and flexible. Its user experience has continuously improved with each version release, but late 2018 marked the beginning of a big push towards modernizing the Drupal admin user interface (UI). Drupal is an amazing software, and it’s time that the admin experience catches up.

Introducing Claro, Drupal’s new admin UI

Drupal 8 Claro admin theme
Claro interface design mockup courtesy of Drupal.org

Claro is the new admin theme being built as part of the Admin UI Modernization initiative. It’s included with every Drupal 8 site, new and old, and can be enabled right now if you so choose. Just be aware that it is currently considered “experimental” while progress continues to be made. It’s not yet in its finished state, but you can view the development roadmap here to see what is still left to do.

Side-by-side: WordPress & Drupal Admin UI Comparison

On to the comparison!

For WordPress, I’m using version 5.3.2 (released Dec. 18, 2019) which comes with its own Twenty Twenty default theme and content.

For Drupal, I’m using version 8.8.1 (also released Dec. 19, 2019. How about that!) and the new, but experimental, Claro admin theme. If you’re looking at this at a later date, some aspects may be different (for the better!) as the development of the theme continues. I’ve also installed Drupal using the official Umami demo install profile so that I have a theme and some content to work with.

In each of the 10 comparison categories below, I’ll give my opinion on which CMS has the edge out-of-the-box and why I think this. I’ve used both platforms and do have some bias towards Drupal, but I’ll do my best to keep that in check.

Category quick links
  1. Admin toolbar
  2. Login dashboard
  3. Managing media
  4. Creating pages
  5. Editing pages
  6. Managing widgets and blocks
  7. Managing menus
  8. Managing users, roles and permissions
  9. Site status report
  10. Plugins and modules
  11. WordPress & Drupal comparison summary

1. Admin toolbar

The admin toolbar is always present on the page of both WordPress and Drupal.


WordPress admin toolbar

In WordPress, a single toolbar is used as a jump-off point for common admin pages, but you can also start the content creation process and access your account profile and information.


Drupal 8 admin toolbar

Drupal has a similar admin toolbar except you have access to everything, including creating new content. Every admin page that your user role has permission to view is available through this menu. While it’s more to look at initially, experienced users enjoy fewer clicks to get where they want to go.

Edge: Drupal

While the learning curve to know where everything is might be a bit steeper, experienced Drupal users enjoy being able to access everything in one familiar way. With that said, new users may find this larger menu intimidating.

2. Login dashboard

After logging in, the login dashboard is the first page you see. WordPress and Drupal both take a different approach to their login dashboard.


WordPress login dashboard

WordPress has a robust dashboard right out of the gate. This dashboard takes admins away from the site frontend and into an interface that only they can see. The left side has a larger menu for accessing the rest of the admin interface. The main content area mix of useful information about your site and information specific to WordPress as a whole, such as training resources and upcoming WordPress events. The panes on this page can be toggled on and off and plugins can add new panes.


Drupal 8 login dashboard

This is the first area where Drupal takes a different approach. Instead of a robust dashboard, you don’t actually get much of anything. The admin toolbar already gives you access to the entire site, so Drupal keeps you on the website frontend and instead shows you your “user page”. This page is entirely customizable although you will most likely need third-party or IT support to do so. It’s an open canvas to do with as you like. For ecommerce, you might show a customer their information, recently viewed products and their last order placed. For content creators, you might show a custom dashboard with quick links to their common tasks. What you do here is entirely up to you.

Edge: WordPress

Although it’s not entirely useful, WordPress actually has a dashboard which is a nice touch for new users. Drupal's clean slate offers a lot of exciting potential for admins and visitors alike, but any potential must first be realized before this page is useful.

3. Managing media

Images, videos, documents and more are uploaded and organized within a media manager. Both WordPress and Drupal offer a convenient content editor plugin that makes selecting and adding media into content easy.


WordPress media manager

WordPress really defined the way media can be managed within a CMS. Their interface for managing media contains a handy drag-to-upload feature and each piece of media is shown in a grid format by default. Media can be filtered by date, type and name.


Drupal 8 media manager

Drupal admittedly isn’t as clean as WordPress in this interface yet but its functionality is essentially the same and solid for most users. The visual interface will improve as the development of Claro progresses. By default, Drupal displays media in a list, but you can toggle between list and grid. There are also similar filtering options. Like all other aspects of Drupal, advanced users can customize media types beyond what you see here and entirely new media types can be created. This advanced functionality is unique to Drupal and isn’t as easily done in WordPress.

Edge: WordPress

WordPress does a great job of making media easy to manage. Drupal will continue to see improvements in the near future, but right now it still feels clunky.

4. Creating pages

Creating new pages, such as general content pages and blog posts, is a common interaction that most admin users will need to do.


WordPress new page Gutenberg editor

As of version 5.0, WordPress includes their much anticipated Gutenberg editor experience. This editing format is sleek, modern, and very intuitive. You start with a title and then continue piecing together chunks of content by selecting various types of “blocks” to build the page with. Blocks are a single, reusable type of content such as a heading or paragraph of text, an image or gallery, a list, a quote, etc. Custom blocks can be created and plugins may also add additional blocks that content creators can use. Along the right side of the page is a settings pane. This pane provides various page specific settings and customizations such as page visibility, featured image, an option to allow comments, etc. Additional settings for the currently selected content block also appears here.


Drupal 8 new page creation

Out-of-the-box, creating a new piece of content looks like the screenshot above. Content in Drupal could potentially be something wildly different than just a basic page, so Drupal defaults to a standard “field-based” editing interface where the different fields that are configured to make up the content are laid out on the page. All editors need to do is fill in the blanks. Field types can be text (with an optional WYSIWYG editor), an image, a file upload, a date, and anything else you can imagine. This again is where Drupal’s flexibility is both an advantage and a curse. The advantage is that a type of content can be anything you can imagine, but the downside is that someone has to configure that content type first. The field-based editing experience is provided by default to ensure the editing experience is consistent across different content types.

Here’s the important thing to know about Drupal. Drupal doesn’t like to make assumptions as to what your editing experience should be. As an example, a used car dealership, a national newspaper, and an online retailer will all have entirely different content editing requirements. Drupal doesn’t want to get in your way and it doesn’t try to. What it does do is give you a solid foundation to create YOUR ideal editing experience. This might not be ideal for organizations and businesses with simple website requirements, but for those with complex workflows and unique requirements, Drupal is ideal.

One last important note to make on this topic is that Drupal does also have a Gutenberg editing experience, it just doesn’t come packaged with Drupal out-of-the-box. This module and other editing interface modules and initiatives can be installed in Drupal to make the default editing experience more capable and modular.

Edge: WordPress

When based solely on out-of-the-box functionality, WordPress's pre-packaged Gutenberg editing experience is modern and intuitive for new and experienced users. However, it’s important to note that Drupal modules exist that greatly improve Drupal’s default experience. You can even add the same Gutenberg experience.

5. Editing pages

Once a page has been created, sometimes you still need to go back and edit it once in a while. This is a different experience from creating new content, so let’s now look at how it works with each CMS.


WordPress editing existing pages

Pretty standard, as a logged-in administrator you have access to editing content by viewing the page on the website frontend and using one of the various “edit” buttons. You’re then brought to the same Gutenberg interface that you see when creating content.


Drupal 8 edit existing pages

I would say Drupal has the upper hand for editing existing content. Similar to WordPress, as a logged-in administrator you have access to page edit links when viewing the content which brings you back to the same interface as when the content was created. However, in Drupal, you also have additional links to view content revisions as well as the view and edit page translations for multi-language sites.

Drupal 8 inline page editor

The current version of Drupal, Drupal 8, also includes an additional edit icon that contains a new “quick edit” option. Depending on the content, the quick edit allows on-page inline editing (shown above) instead of taking you to a separate page! This makes simple edits quick and easy. Furthermore, the edit icon also appears when administrators hover over menus and other configurable page elements too, giving you a quick way to access their configuration.

Edge: Drupal

While WordPress has the edge when creating new content, Drupal’s on-page inline editing feature makes editing existing content quick and easy by keeping content editors on the website frontend.

6. Managing widgets and blocks

Widgets (WordPress lingo) and blocks (Drupal lingo) are two words for essentially the same thing. While not limited to these locations, the header, footer and often left and right columns beside the main content area contain defined regions where certain elements can be placed. I’m talking about slogans, menus, a search bar, your copyright, recent posts, social feeds, etc. WordPress and Drupal have similar but different ways to manage these elements.


WordPress widgets page

WordPress includes backend and frontend methods for editing page widgets, both of which are quite basic and lack a lot of real capability.

The backend method (shown above) is accessed through the backend Appearance menu. This page gives you a nice list of available widgets on the left side and another list of active widgets within the available regions on the right. A simple drag and drop interface lets you move elements around and opening each widget allows for basic configuration.

WordPress widgets live editor

The frontend method is through a "Live Preview" mode (shown above) where a version of the site theme is presented and widgets are managed through the left column. Settings for existing widgets can also be quickly opened by clicking its blue edit icon, as you can see in the image above.

Out-of-the-box, it’s difficult to understand exactly where a widget will appear throughout the site because you don’t have the ability to see or control which pages accept the widget. Some third-party plugins are available to give you this functionality, but they must be added. New widgets are also a bit more difficult to add as they must be created by a developer or added through a plugin.


Drupal 8 block layout page

Like WordPress, Drupal has the ability to manage blocks from both the backend and frontend of the website, although Drupal handles both situations better.

The backend method (shown above) is accessed through the admin toolbar’s Structure menu. Here you can view all available regions and the blocks contained within each. Regions are a big part of Drupal theme creation, so you will often see 10+ available regions to choose from. If you’re not sure of your themes regions, the “Demonstrate block regions” link above the list of regions will give you a preview. Each region has a “Place block” button for adding new pre-configured blocks. Existing blocks can be moved dragged between regions and each block can be configured independently. Block configuration in Drupal is very robust, including but not limited to control over what pages the block is visible on and what account roles can view it. Like content, blocks can be translated and even have revisions.

Custom blocks can also be created by more advanced Drupal users in a similar way that new media and content types are created. In the screenshot above there is a link to the “Custom block library,” which is where new blocks can be created. Like WordPress, modules can also be installed which will add new blocks.

Drupal 8 frontend block quickmenu

Drupal’s frontend method for managing blocks takes on the same familiar editing experience that we discussed for editing content. When logged in and viewing the website frontend, navigating to a page and hovering your cursor over an element will reveal an edit icon if that element is a configurable block. Options for the block are then given. The block in the screenshot above contains a menu, so we see options to configure the block and edit the menu. In this case, clicking one of these options will take you to the backend page for performing these actions. If the block contained text, we would also be given an option to edit the text directly on the page, just like we can with content.

Edge: Drupal

Simply put, Drupal’s block management is robust yet not too difficult. Being able to manage existing blocks directly from the website frontend is both user-friendly and familiar given that existing pages can also be managed in the same way.

7. Managing menus

Menus connect the pages within a website. Commonly you’ll find primary navigation and some sort of footer menu, but menus are used in many other places as well.


WordPress menu management

The menu system in WordPress is a bit strange at first, but overall it’s pretty simple. You create a menu (or select an existing one using the menu selection dropdown), then add links by selecting pages, categories, or by creating custom links (add menu items in the image above), then use a drag and drop interface for moving and nesting the menu items (menu structure in image above). Each menu item within the menu structure can be opened for a bit of customization.

The menu settings area controls where the menu is displayed within predefined template locations. Just check the box and the menu will appear once saved. Any menu created here can also be assigned to the region as a widget or through the template live preview screen.

One odd thing I’ve found with WordPress is that, when editing a page, you’re not able to add it into a menu. I’m sure there are plugins that allow this, but out-of-the-box you have to add the page through the menu system or check a setting within the menu that all new pages get added… but then you might have to remove some.


Drupal 8 menu management

Drupal’s approach to menus is what I would consider more standard. You navigate the “menus” page which lists all of the menus that have been created, then you create a new menu or edit an existing menu. The screenshot above is what you see when editing a menu. Here you manage this menu’s links by either adding a new one or manipulating the existing ones. When adding a new link you can easily search for content that the link will link to or specify a custom link.

Pages can also be added to a menu when the page is being created or edited. Within the page settings, all you do is select the menu and specify a link title.

Like WordPress, once you create a menu you can then add it into a region of the site as a block. However, within the menu itself, you don’t have the ability to put the menu anywhere.

Edge: Drupal

A more standard approach makes managing menus clearer and more user-friendly. Also being able to choose if a page should be included in a menu while creating the page is a nice feature. That said, I appreciate being able to manage a menu in its entirety on a single page as you do in WordPress.

8. Managing users, roles and permissions

Managing users is common for both controlling who can edit the website and who can log in for other reasons, such as non-admin accounts for an online store or community.


WordPress user management

WordPress has six predefined user roles: Super Admin, Administrator, Editor, Author, Contributor, and Subscriber. Each has varying degrees of what they can do, but it’s pretty clear for the most part and goes back to when WordPress was mainly a blogging platform. Users can be created and managed through a “users” page (shown above), which is laid out in a straightforward manner displaying

But WordPress has some major drawbacks here. First, WordPress doesn’t have any frontend user self-management, meaning users can’t view or edit their own profiles. Second, the predefined roles and their associated permissions don’t work for everyone and actually complicate user management when you don’t need it. Third, there is nowhere to really manage role permissions in a granular way. These drawbacks can be fixed through custom development and/or various plugins, but many consider this to be a general weak point of WordPress.


Drupal 8 user management

User management is another area where Drupal shines. In contrast to WordPress, Drupal only starts with three default roles: Anonymous, Authenticated and Administrator. Anonymous is a user who is not logged in, authenticated is a user who has an account but isn’t someone who typically isn’t managing content and site configuration, and administrator is a user with the full site and admin access. These three roles are minimal, clear and cover all of the basic needs of most sites. If and when another role with different permissions is created, this is easy to do right out of the box.

The image above shows Drupal’s version of the current list of users. It follows a similar look and style to the rest of the admin pages, giving administrators a place to add and manage user accounts, including assigning users to specific roles. Anonymous and authenticated users can also create or manage their own accounts through the website frontend (although this functionality can be turned off if desired).

Drupal 8 user permissions page

Drupal’s strength in user management comes in the form of roles and permissions. When a role is created, a column of permission checkboxes for the role is added to the Permissions page (shown above). Almost every piece of functionality within Drupal has associated permission. Simply checking the boxes determines what each role can and can’t do. It’s powerful and easy.

Edge: Drupal

A simple yet powerful user management system combined with frontend self-service functionality gives Drupal a clear edge over WordPress.

9. Site status report

Both WordPress and Drupal include a site status page that gives you information about the website and server configuration as well as an overall health report that outlines any issues. These automated health checks help keep your CMS up-to-date and secure.


WordPress site health page

The “Site health” page (shown above) gives you an overall health status and a list of any issues. This status page is clean and each item can be expanded for more information, but there is no visual urgency that makes the “2 critical issues” stand out. In my opinion, critical issues should be resolved and so highlighting these issues in some way is a necessary UX improvement.

An info tab at the top of the page can be opened which gives more information about your installation of WordPress, the server, the PHP version, and the database.


Drupal 8 status report page

Drupal contains both site information and site health in one “Status report” page (shown above). Like WordPress, this page gives you everything you need to know at a glance about your Drupal installation and the other components that make it run. Here we can also clearly see what errors and warnings have been found and some information on how they can be resolved.

Edge: Drupal

While both WordPress and Drupal have similar pages that show similar information, Drupal’s status report does a better job at laying out the information and visually capturing the severity of any issues.

10. Plugins and modules

Plugins (WordPress lingo) and modules (Drupal lingo) extend core CMS functionality and add new features. Extensions are usually created by third-party developers and released to the platform communities for anyone else to use. Whether it’s to increase performance, enhance SEO capabilities or create an online store, extensions are a powerful way to improve and adapt the CMS platform.


WordPress plugins page

Visiting the “Plugins” page (shown above) is a quick way to see what additional plugins are currently packaged with your WordPress installation and can be activated if desired. The plugins shown here all provide some sort of new functionality or feature that is not part of the core WordPress software.

WordPress plugin search page

When you need new functionality, WordPress provides an excellent and convenient plugin library browser (shown above) accessible within the website backend. Here you can search for, view, and install plugins easily with the click of a button.


Drupal 8 extend page

Drupal’s module list is where you can see all current extensions, activated or not, for your Drupal installation. The big difference here between WordPress and Drupal is that for Drupal you are able to see all modules installed, even those that are part of the core software. Modules are also nicely grouped which nicely organizes the large list.

Installing new modules isn’t nearly as easy in Drupal. Unlike WordPress, Drupal doesn’t include a module library browser within the backend interface. Instead, users must search for modules within a web browser and manually install them. Finding modules can be difficult if you’re not familiar with the process.

Edge: WordPress

While both platforms have a massive library of extensions, WordPress offers users a much friendlier and intuitive way of finding and installing extensions that users of any skill level can appreciate. This may or may not be an issue for you if you have a capable IT team or development partner, but for small teams, WordPress has the clear edge.

WordPress & Drupal comparison summary

I hope after going through this comparison you now have a good understanding of the differences and similarities between WordPress and Drupal. As you can see, both platforms out-of-the-box have different strengths and weaknesses, but it’s important to know that all of the weaknesses can be overcome through platform extensions and experience. In extreme cases, both platforms support custom development to overcome unique problems.

For convenience, here is a quick summary showing which CMS has the edge in the 10 categories compared. However, I would recommend that you go back and read the edge summary for each category if you haven’t done so already.

Comparison category WordPress Drupal Admin toolbar   ✓ Login dashboard ✓   Managing media ✓   Creating pages ✓   Editing pages   ✓ Managing widgets and blocks   ✓ Managing menus   ✓ Managing users, roles and permissions   ✓ Site status report   ✓ Plugins and modules ✓  

A final word of advice

In my opinion, you shouldn’t be turned off from one platform or the other simply because you’ve heard that one is better or easier to use. Both platforms are mature and constantly improving, user experience is top of mind, and usability gaps have become less of an issue in recent years.

My advice, select the platform you use based on your requirements. WordPress is a great authoring tool and is good for small and medium-sized organizations. Drupal is fantastic for medium and enterprise organizations or anyone who has complex workflows, products, and/or a need to integrate with other platforms. That’s a pretty general summary, but if you’re considering either of these platforms, first know what your requirements of the platform are and then start talking to the experts for each.

Acro Media is an ecommerce consultation and development agency that can help you in this regard. We specialize in open source ecommerce and a large part of our work is based around Drupal. Drupal typically works better for our clients but we know WordPress, too. If you’re researching your requirements or evaluating your options, hit us up for a quick chat, we would love to help. Otherwise, check out some of these related resources.

Contact Acro Media Today!

Related resources

Sep 07 2021
Sep 07

The Coffee module adds quick search functionality for backend pages in Drupal. The module was inspired by the Spotlight app on MacOs and Alfred.

Coffee makes it possible to navigate quickly through backend configuration pages by just searching for them instead of using the toolbar.

Sep 07 2021
Sep 07

6 minute read Published: 7 Sep, 2021 Author: Matt Parker
Drupal Planet , Migrations

This is the fifth in a series of blog posts on writing migrations for contrib modules:

Stay tuned for more in this series!


While migrating off Drupal 7 Core is very easy, there are still many contrib modules without any migrations. Any sites built using a low-code approach likely use a lot of contrib modules, and are likely blocked from migrating because of contrib. But — as of this writing — Drupal 7 still makes up 60% of all Drupal sites, and time is running out to migrate them!

If we are to make Drupal the go-to technology for site builders, we need to remember that migrating contrib is part of the Site Builder experience too. If we make migrating easy, then fewer site builders will put off the upgrade or abandon Drupal. Plus, contributing to migrations gives us the opportunity to gain recognition in the Drupal community with contribution credits.

Problem / motivation

In the last blog post, we walked through the process of creating a simple configuration migration — but I noted that, even after you’ve built the migration, when you get to the “What will be upgraded?” step in the migration wizard, the module will still show up in the list of “Modules that will not be upgraded”. This happens because core’s Migrate Drupal UI has no way of knowing whether you’ve written all the migrations that you intended to write!

If you look closely at the “What will be upgraded?” step, you’ll see there is a row for each module that has stored data on the D7 site — that is to say, D7 modules which do not store data are not listed; and D9 modules are only mentioned if they declare a migration for the data in one of those D7 modules.

Also, to date, this blog series has assumed that you are migrating to D9 from an older D7 version of the same module — but that doesn’t necessarily need to be the case: for example, the D9 Address module didn’t exist in D7: its predecessor module was named AddressField. Address module migrations would be written to migrate data from the AddressField module.

Recall that the main goal of this blog series is to improve the upgrade experience for Site Builders… as a Site Builder facing an upgrade, I want as many of my D7 modules to be (accurately) accounted for in the “What will be upgraded?” step of the migration wizard, so that I know how much manual migration that I need to do after running the migration wizard.

Proposed resolution

In Drupal 8.8, the migration team introduced a way for modules to declare their upgrade status. The status determines whether the “What will be upgraded?” report will list a D7 module in the list of “Module(s) that will be upgraded” or “Module(s) that will not be upgraded”.

A migration status looks like…

# In migrations/state/D9_DESTINATION_MODULE.migrate_drupal.yml
    d6_source_module_1: D9_DESTINATION_MODULE
    d7_source_module_2: D9_DESTINATION_MODULE
      - other_d9_destination_module

    d7_source_module_4: D9_DESTINATION_MODULE

You can see from this example that:

  1. You declare migrations as either finished or not_finished.

    In the “What will be upgraded?” report, a source module that does not have a migration declared for it — or whose migration is declared as not_finished — will appear in the “Module(s) that will not be upgraded” list.

    If a migration is declared as finished, then the module will appear in the “Module(s) that will be upgraded” list.

  2. You declare migration statuses for D6 and D7 modules separately.

    This allows you to tackle D6 and D7 migrations separately.

  3. You can declare migrations from one or more source modules to one or more destination modules.

    For example, core’s telephone module declares that it can migrate content from both the D7 Phone module and the the D7 Telephone module.

    Unfortunately, I’m not aware of an example where more than one D9 destination module is defined for a D7 source module.

  4. You declare migrations as finished or not_finished for the module as a whole.

    For example, this means that if a D7 module stores both content AND configuration, and you’ve only written a migration for configuration, then the module’s status is not_finished. Only once you’ve written the migration for the content, you can declare the status as finished.

Steps to complete

Let’s try to follow the principles of test driven development (TDD) by writing a test before we write the code to make that test pass. Put the following template at your module’s tests/src/Kernel/Migrate/d7/ValidateMigrationStateTest.php:

namespace Drupal\Tests\MODULE_NAME\Kernel\Migrate\d7;

use Drupal\Tests\migrate_drupal\Kernel\d7\MigrateDrupal7TestBase;
use Drupal\Tests\migrate_drupal\Traits\ValidateMigrationStateTestTrait;

 * Tests that the MODULE_NAME test has a declared migration status.
 * ValidateMigrationStateTestTrait::testMigrationState() will succeed if the
 * modules enabled in \Drupal\Tests\KernelTestBase::bootKernel() have a valid
 * migration status (i.e.: finished or not_finished); but will fail if they do
 * not have a declared migration status.
 * @group MODULE_NAME
class ValidateMigrationStateTest extends MigrateDrupal7TestBase {
  use ValidateMigrationStateTestTrait;

   * {@inheritdoc}
  protected static $modules = ['MODULE_NAME'];


The test inherits from MigrateDrupal7TestBase, which automatically sets up a migration; and the test includes code fromValidateMigrationStateTestTrait — which has a public function testMigrationState() — so the migration state is automatically tested if you just fill in the MODULE_NAME.

Since we haven’t declared a state yet, if you run this test, it will fail.

Now, let’s write a migration state! At migrations/state/MODULE_NAME.migrate_drupal.yml


Now, when you run the test, it will pass, because the module has declared a status (even though the status is not_finished).

Once you’re confident that you’ve written migrations for all the data that your D7 module can store, you can change that not_finished to finished.

Next steps

If you’ve already contributed some migrations, you can update those contributions to declare the migration status for that module. Remember, only declare the status as finished if you’ve written migrations for all the data stored by the D7 module that can be stored by the D9 module.

The article Easy commit credits with migrations, part 5: Declaring a module’s migration status first appeared on the Consensus Enterprises blog.

We've disabled blog comments to prevent spam, but if you have questions or comments about this post, get in touch!

Sep 06 2021
Sep 06

This month, we have reports on community activity from:

  • Bugsmash, by Mohit Aghera
  • DrupalCon Europe Advisory Group, by Cecilia Levy
  • Drupal Trivia, by Stella Power
  • Security Team, by Tim Lehnen

Where can you help to drive forward the Drupal project?

Bugsmash, by Mohit Aghera

What have been your priorities in the last three months?

Primarily we have been more focused on the streamlining triage process and have been trying a few things lately.
The team actively took part in Drupal South 2021 code sprint and had significant representation from everyone in the community. Thanks to the amazing mentors like larowlan, jibran, Kristen Pol, quietone, Griffyn Heels, and many other folks.

Apart from that, recent updates include the Bug-smash initiative keynote session by mohit_aghera and Spokje.
Recently, we tried another async meeting approach for triage meetings and it was productive as well as well-received within the contributors.
Apart from triage meetings, the team also focussed more on reviewing open issues and cleaning up issue queues by closing irrelevant issues.

And what has been your greatest success in the last three months?

We did significant work in the last quarter. Here are the statistics from 1, June 2021 till 28th August 2021. Thanks to Lendude for coming up with bug statistics tools. There is a more interactive tool hosted here https://lendude.gitlab.io/bug-smash-initiative/

As on: 2021-08-28

From: 2021-06-06 to 2021-08-28
Only bugs tagged Bug Smash Initiative
Open: 28, including 5 fixed
Closed: 315

Age Count



































Status Count closed (duplicate)


closed (won't fix)


closed (works as designed)


closed (cannot reproduce)


closed (outdated)


closed (fixed)


Based on statistics, we have approximately 2004 year reduction in the total number of years of all open bugs that are tagged with Bug-smash Initiative.

The team actively worked on Drupal South 2021 contribution sprint and making it a success.
A new page (https://www.drupal.org/community-initiatives/bug-smash-initiative/goals) for tracking Bug Smash statistics and goals, 'Goals', has been added to the initiative page (link in the channel topic). Thanks to @jhodgdon for adding it to the menu.

What has been your greatest challenge in the last three months?

Time to work on contributions is the biggest challenge everyone is facing.

Apart from that, we need to focus more on reviewing issues as there are approx 200 issues that need review.

Primarily, we are trying to address that issue within the team by doing review swaps. However, more help from the community will speed up the process.

Do you have a "call to action" you want to make to the Drupal Community?

We welcome everyone to join the async Bug-smash initiative meetings which remain open for 24 hours. You can also join triage meetings. You aren't comfortable in writing code, you can always spend time doing issue triage, review patches, etc.

The initiative page has all the relevant information about the timing and overall activities related to the initiative. Thanks to quietone, dww, jibran for maintaining initiative-related documentation.

As mentioned earlier, we have many issues that are in review state, so folks are encouraged to do a quick review of issues.

DrupalCon Europe Advisory Group, by Cecilia Levy

What have been your priorities in the last three months?

Our top priorities in the last three months were:
- Build a qualitative program (impactful and captivating keynotes & informative and diverse sessions selected from hundreds of submissions) based on a schedule alternating daily to allow a wider audience attending the event.
- Make the most of the event platform we are using this year: Hopin; and provide the best experience possible for our attendees and sponsors.

And what has been your greatest success in the last three months?

As a first edition gathering for DrupalCon Europe with local Camps and Communities, we have been working hard on building the most comprehensive event possible and we are proud to be sharing the floor this year with not less than 7 camps & local associations.
>> https://events.drupal.org/europe2021/join-your-local-community-drupalcon
We know being the firsts to support a new concept is not always an easy decision. That is why we want to express our deepest thanks to the Camps & local Communities which believe in the conjunct project and are already on-board for DrupalCon Europe 2021. They will give another opportunity for their members to experience DrupalCon for Drupal’s 20th anniversary.

What has been your greatest challenge in the last three months?

Our greatest challenge in general is to organize another online event for a target audience who is used to spend hours behind screens and is also tired from online events.
Even if Europe is reopening, we do not know what the future holds and we want to prioritize the safety and health of our participants. Therefore, we are giving our best to make DrupalCon Europe 2021 THE leading event in Europe, by giving exclusive access to insights from open source and tech industry leaders, as well as the broader Drupal ecosystem. It’s also a great opportunity to meet peers and have fun.

We truly hope to meet you all in person next year (fingers crossed), but we also know that to do that and for DrupalCon in Europe to sustain, we need this year’s edition to be a success in terms of participation and sponsorship.

Do you have a "call to action" you want to make to the Drupal Community?

Help us spread the word about DrupalCon Europe happening in less than a month! If you are not registered yet and don’t want to have the FOMO: Buy your ticket here >> https://events.drupal.org/europe2021/registration-information

Drupal Trivia, by Stella Power

What have been your priorities in the last three months?

Building the bank of questions for Trivia night

Do you have a "call to action" you want to make to the Drupal Community?

Yes, I need someone to help me with writing trivia questions. DrupalCon Europe is next month, so we're busy getting ready for that.

Security Team, by Tim Lehnen

What have been your priorities in the last three months?

Preparing for the end of life of Drupal 8, when older versions of core and modules that only have Drupal 8 releases will become unsupported. We strongly encourage maintainers to update their modules for D9, or to seek co-maintainers!

And what has been your greatest success in the last three months?

The security team has continued to have a great relationship with contrib and core maintainers in ensuring that vulnerabilities are responsibly disclosed and patches provided in the appropriate window.

What has been your greatest challenge in the last three months?

Third party dependencies (such as CKEditor) can make scheduling security releases a challenge. We have had to support some releases not on our normal release day to accommodate their schedules. We have mitigated this with PSA messaging to the community.

Do you have a "call to action" you want to make to the Drupal Community?

Update your modules for Drupal 9 compatibility, and seek new maintainers if you need help. DrupalCon Europe contribution time is a great place to look for new people.

Sep 06 2021
Sep 06

Healthcare industry is one of the fastest growing industries that need to embrace digitalization for offering customized care and services to patients. Every aspect of healthcare operations demand a digital transformation to meet the numerous necessities of modern healthcare. In this article, we will get a deeper understanding about how the healthcare industry is welcoming new digital tools and innovations breaking the old traditional healthcare pathways. You will also get a glimpse of what role Drupal plays in empowering the healthcare industry. 

How digital transformation trends are contributing to the digitalization of the healthcare industry?

Digital healthcare is enabling patients to get access to modern healthcare services that deliver seamless patient experiences. Here are some of the digital trends that are adopted by the healthcare industry to bring radical changes in their respective services. 

Describing the digital trends which are contributing to the digitalization of the healthcare industry

Telehealth facility

Telehealth enables us to witness a complete change in the communication process between a patient and a healthcare provider. The technologies such as telemedicine, patient-portals, remote patient monitoring, video conferencing and mobile health are making the patient-doctor interaction very secure and swift.  

Artificial intelligence

Artificial intelligence is one of the most rapidly growing trends for healthcare and technology. The AI-based solutions enable the doctors and medical staff to rightfully take data-driven decisions beneficial for all. Instead of utilizing the rule-based registries, the AI-powered data recovery method is practised to provide exact patient information. The chatbots and automated voice systems are adopted by the hospitals to reduce the workload for the medical staff and screen patients without any difficulties or concerns. The versatility in chatbots enables it to play multiple roles such as diagnostic tools, customer service representatives and therapists as well. Also, the AI screening helps in recognizing who is in need of immediate care and guides patients towards the right contact channels. 

Robotics Process Automation

Since robotics process automation(RPA) can be termed as an intelligent form of business process automation which helps in recording processes carried out by humans on their computer and then carrying out the same processes without the help of any human interference. This technology can be very useful for the hospitals as it can automate all the repetitive processes that necessitate human interference in a hospital.

Virtual Reality

Virtual reality has significantly brought a change in the way patients are treated. This technology helps physicians and doctors to perform proper diagnosis and also plays a huge role in physical therapy, where patients are instructed to follow an exercise routine including VR instead of invasive surgeries and drugs. It can be considered as a powerful communication channel between doctor-patient that helps the healthcare providers to have a better understanding of patients needs and engage them virtually with the necessary services.

IoT & Patient Interaction

IoT provides operation theatres, labs and hospital’s diagnosis rooms with sophisticated technology that connects tools, equipment and machinery to deliver smooth integration where data is shared. IoT altogether helps in enhancing the patient satisfaction with better and much effective communication between patients and healthcare professionals. Additionally, healthcare providers are able to track data for critically ill patients with IoT based wearable devices to get a better understanding of their health conditions. Preventive healthcare is facilitated to patients where they can monitor their internal health conditions by wearable technology. Some of the commonly used wearable devices are oximeters, heart rate sensors and exercise trackers. This technology provides a sense of ownership to the patients during the process of improving their health conditions. The information received from these wearable devices also enable the health insurers to correctly rate a patient’s risk for ailment. It overall enables the healthcare industries to save a lot of money and provide the best healthcare assistance to the patients.

Cloud solutions for healthcare

Cloud-based data services enable hospitals to work upon value-based reimbursements models, providing real-time access to data storage and offering much required agility and flexibility in the healthcare operations. Since, the healthcare companies need to maintain a large volume of data in the form of patient information, medical reports and electronic records. All this data needs to be analyzed, and cloud technology enables the healthcare companies to properly store and access the data also at the same time avoiding any additional costs of physical servers in-house maintenance. Depending on the needs, cloud provides healthcare professionals with the facility to increase or decrease the data storage capacity as well. 

Data Management & Analytics

Since there has been a problem of managing huge data of patients by the medical professionals, they are seen majorly depending on Electronic Health Records (EHR). Maintaining data manually can create errors at times. But adopting necessary technologies such as big data, wearables and blockchain to properly obtain, manage and analyze data can be very beneficial for healthcare providers. Such effective data management leads to better patient diagnosis and care. 

Big Data & Hospitals

Big data brought a change in the process of fetching, analyzing and managing data, also improving the quality of patient care services, reducing the treatment costs and predicting disease outbreaks. The various healthcare apps having exclusive features help companies to get access to huge data, and Big data further analyses them and provides necessary insights. It provides additional benefits like lowering the rate of medication errors, availing preventive care and proper staffing facility.

Blockchain & Medical Records

Blockchain enables registering every transaction, identifying any conflicting information, and decentralizing data. There are countries like the UK and Australia which are seen utilizing blockchain for managing proper medical records. It is an effective tool that helps in preventing data breaches as well.

Safety and security

Cybercriminals and hackers target hospitals to take away sensitive patient data and further misuse them. Therefore, to ensure safety to patients, there is a need to have a robust cybersecurity architecture in the healthcare organizations. With the growing technology, the healthcare industry is able to maintain the necessary safety and security.

Healthcare consumerism

The healthcare consumerism helps patients to actively get involved in their important healthcare decisions. Due to the emerging technologies, like mobile health apps, member portals and bi-directional provider portals, a proper communication between the patient and the physician is built. By using such technology, the health community is able to design and develop modern healthcare facilities. 

Therefore, the above discussed emerging technology trends succeeded in enhancing the various healthcare systems and led to better patient care service. 

COVID 19 emphasizing the growing need of digitalization in the healthcare industry

The COVID 19 pandemic has adversely affected the healthcare sector leading to restriction in various services to prevent infection from this deadly virus which further resulted in reduction in health spending. Undoubtedly, due to this pandemic, there has been an economic impact on healthcare but at the same time, the industry also felt the need of prioritizing digitalization to ensure better healthcare facilities for all. It was observed that globally, the corporate funding for digital health companies was doubled and the investment in telemedicine also rose to a great extent. Additionally, due to these hard times, there has been a disruption in the supply chains of businesses. As it is mainly about life and health, the healthcare industry has to take better initiatives in the form of contingency planning than other industries to resolve such a major issue that is currently prevailing around the world. Therefore, 60% of companies are stepping in to invest in the digital supply chain prioritizing robotics, machine learning/artificial intelligence and automation according to a research conducted by Capgemini. For example, Melbourne Health Logistics has decided to take on a Supplier Improvement Pilot Project that includes 10 Australian-based SMEs and further focuses on addressing the supply chain challenges and inventory management with the help of digitization. The three main focus areas of the project are executing of data capturing technologies, enhancing data quality and enabling suppliers to utilize the Electronic Data Interchange (EDI).

Let us look into some of the healthcare predictions for 2021, post COVID 19.

Describing the healthcare predictions post COVID 19

Telehealth technologies will help in addressing specific patient and caregiver necessities. Currently, due to the pandemic, every health system has to adopt telehealth programs. So, the leaders are trying to look beyond the pandemic to rework upon their telehealth programs for a longer period of time. These platforms are facilitated with unique integration to EHR i.e. back-end electronic health record systems. Based on various factors like, geographical location, care and real-time language translators, this platform will enhance the functionalities to meet the growing necessities of patients.

The digital health companies will go beyond the electronic health record (EHR) systems. For better digital patient engagement, the companies are striving to look for much improved tools and technologies. Some of the big tech firms, like Salesforce and Microsoft will possibly become the platforms for patient engagement and enterprise collaboration due to the growing need of consumerism. 

Enhancing the digital experience of consumers in terms of consumer finance and e-commerce. Since consumerism is significantly growing, along with adopting telehealth technology, the healthcare industry needs to look after all the aspects of consumer satisfaction. Therefore, sectors like consumer finance and e-commerce where the healthcare industry is unable to develop best digital experiences for consumers, shall be prioritized and provided with world class facilities and experiences. The healthcare leaders will focus on enhancing digital engagement, also accepting the challenge of providing seamless customer experience.

Low-contact experiences to be a standard and quality feature of healthcare experiences. The pandemic has given a rise of contactless and low-contact experiences to provide safety to the consumers at its best. Therefore, many of the health systems have started executing online features like registration and payments which helps in replacing the earlier in-person experiences. Without any concern, the healthcare professionals can use the geo-tracking, automatically “check-in” patients at the time of their arrival at a physical location and also assist them to their appointments. 

To know more, read about pandemic-driven digital transformation, digital readiness during pandemic, and how businesses are reimagining their operations in the post-Covid era.

Why opt for Drupal?

Illustration diagram describing the Drupal features

The healthcare industry is hugely supported by Drupal development resulting in its exclusive features and functionalities. Drupal features help in building the perfect digital experiences for the healthcare industry also maintaining all the safety measures required for creating websites and applications. 


The Drupal project is totally open-source software. Without any concern, you can download, use, work and share it to anyone for free. It is purely based upon principles like innovation, collaboration and globalism. Under the GNU General Public License (GPL), it can be distributed and there are no licensing fees for Drupal.

The Drupal community is ever ready to support its users by answering their questions and concerns. So, if you have any question, somebody will certainly answer it, since it’s a worldwide platform.

You can find more information about open-source here:

Content workflow

The in-built tools of Drupal helps in content creation, workflow and publishing, also allowing the content creators to work on it without any difficulties. The editorial workflows can be handled effectively by the provision of authentication and permission in this platform. With the provision of previews in Drupal, you get the opportunity to view the content on a device before approving and publishing it, create content with a WYSIWYG editor, and quickly track all revisions and changes to maintain the history of content changes if required. You can manage your roles and actions efficiently by observing all the stages of content i.e. creating, reviewing, and publishing. Drupal gives you access to a special feature where you can create a structured content, for example, describe content elements, tag content based upon any attributes, create convenient taxonomy for content so that it can be searched, used, reused if required in a manner that can improve customer satisfaction. 

You can create relevant content architecture using the Admin Interface or programmatically also do it. This platform gives you special mode tools and views, customizable menus that provide you a good user experience.

Read about how layout builder and paragraphs module enhance content workflow in Drupal.


Drupal never fails to provide security to all kinds of web threats and vulnerabilities. It always prefers keeping robust security as a priority. There is a team of security experts that Drupal has which looks after all the security issues with their well-built coding standards, and strict review coding process. Drupal proves to be a stable and a secure open-source platform due to its wide professional service provider.

According to the 2020 edition of the Acunetix, Web Application Vulnerability Report, Drupal was found to be the most secure CMS in the open source CMS market.

Illustration with a circle describing the minimal security issues of Drupal CMS Source: Acunetix

Scalability and performance

Drupal’s in-built performance features when combined with a modern CDN provider performs exceptionally well under the pressure of supercharged databases, advanced caching and load balancing. The scalability feature of Drupal allows your website to perform well even on the busiest days. To know more, read about Drupal’s performance optimisation offerings and how it scales with your needs to govern high web traffic.


The automated language translation in Drupal helps in reaching out to a diverse audience with the provision of localized content. Drupal can build complex multilingual web applications and customized sites in various languages. The core modules of Drupal help in complete translation of every part of a website, content types and their definite fields, users, menus, taxonomy, blocks, contact forms and comments. This further allows in acknowledging the suitable language as per the user’s IP address, URL, browser settings, session and more. Read more about Drupal’s multilingual capabilities here.


With Drupal you get a special feature of building websites that can be accessible by people with disabilities. Drupal ensures that all its features conform with the World Wide Web Consortium guidelines (W3C) guidelines: WCAG 2.0 and ATAG 2.0. This feature provides an equal opportunity for all regardless of any discrimination. 

Learn more about accessibility here:


Drupal users receive a special, personalized profile for every visitor like using geolocation, browser history, behavior taxonomies and device type. They also are given a customized experience that helps them in tracking and reporting with A/B and multivariate testing, improving ROI through target marketing and also segmenting visitors over devices by focusing on the important user identity for your business goals. 

Learn more about personalisation here:


With Drupal, you get access to exclusive SEO tools that help you in improving your website’s visibility. Here are the tools and modules.

Understanding the linking game through Linkit module; 
Understanding keyword game through Real-time SEO for Drupal;
Understanding the duplicacy predicament through Redirect module;

To know more, read this definitive guide to Drupal SEO in 2021.

Multisite support 

Drupal helps you in managing various websites over your organization, geographies, brands and campaigns on a single platform, enabling easy, fast website creation and deployment. Read this complete guide on Drupal Multisite to know more. 

Marketing automation

By utilizing tools and modules in recent versions, Drupal facilitates smooth integration with the automation platforms that can collect customer demographics and convert potential leads within the suitable time. Learn more about how marketing automation can be leveraged with Drupal here.

Mobile first approach and mobile apps

Drupal helps in creating responsive sites and building web applications that can deliver better user experience. It provides responsive design best practices and makes sure your users are benefited with the best content experience each time on every device. There are two ways of building mobile web applications which work with Drupal - integrated with Drupal at the theme layer, or a standalone mobile web app that communicates with Drupal using web services. Even though, both the approaches will work for building mobile web applications, it will be a way easier to begin with integrating the mobile web app into Drupal as a theme. To know more, read about mobile-first design approach and mobile apps like that of Flutter-powered delivered by Drupal.

Integrated Digital Tools and Applications

Drupal can smoothly integrate with a wide ecosystem of digital technology and other business applications to help you opt for the right set of tools today and tomorrow according to your preferences. 

Strong Stack Foundation

Drupal depends upon Linux, Apache, MySQL and PHP, the latest LAMP technology stack which meet the requirements of flexible, fast-moving agile companies and brands that help in building the next generation digital platforms. 

Facilitates Decoupled Architecture

Content flexibility is one of the features that Drupal provides to allow a smooth flow over sites, native apps, connected devices that can be displayed on third party websites and social networks. Since, many CMSes look for managing content in a back-end repository and move it to “front-end” templates which can provide a static experience. Drupal facilitates decoupling the back and front ends, wherever it’s required. So, the content of Drupal remains as reusable chunks, which is free from presentation, and ready for easy delivery to sites and applications. Drupal’s presentation i.e. RESTful API and neutral content help the front-end developers to build interactive websites and applications according to their preferences. There is availability of tools like Angular, Node, Ember and Backbone. With this platform you can obtain third-party content ((eg. syndicators and aggregators) and make it accessible to any app, website or channel. The content of Drupal can be comfortably consumed by other websites and applications with the support of Drupal’s content-as-a-service capability. The front end developers of Drupal can easily design content such as separating back-end content from front-end presentation according to their conveniences. 

Learn more about decoupled Drupal here:

Web Hosting

You can choose the best hosting vendor that fulfills your needs, with Drupal. Additionally, you can change hosting vendors whenever you want, and also select to host the website internally. 


Drupal upgrades can be said to be easy and convenient. The makers reveal that the upgrade from Drupal 8 to 9 was very simple. By referring to these four simple steps, you can build your site’s functionality, and maintain proper security standards of Drupal 9 by using the Upgrade Status. With Drupal Module Upgrader and Upgrade Status, the developers can make the upgrades themselves. Moreover, you can also recognize  whether your modules and themes are capable enough for Drupal 8/9 and convert your custom code respectively.

Learn more about Drupal 9 upgrade here:


Drupal offers various themes and distributions to its users. Now, taking you through some of the significant themes offered by Drupal. The first theme we have is YG Medical - Healthcare | Bootstrap based Drupal 9 theme. Available for Drupal 8 and Drupal 9, the YG Medical is a complete modern bootstrap theme for Clinics and Hospitals. 

The second theme is Medical Zymphonies. It is not dependent on any other core theme and has a modern look and feel. The features of this theme include Medical related color combination, Doctor appointment form., Awesome slider, Quick contact details on top of the website, Font awesome icons, Drupal forum, HTML5, JavaScript, jQuery & PHP, Single column, two columns and full width layout, a total of 16 regions, Nivo slider, views, webform module styles, Minimal design and nice typography and Social media (Facebook, Twitter, Google+, LinkedIn, Pinterest, Vimeo). 

The third theme we have is Medicare Zymphonies. This theme is a perfect fit for medical companies and hospital websites, for small clinics, like pediatric, dental, gynecology or general therapist clinics, family doctors and ambulances. It also has all the necessary features needed especially for the medical websites. 

Next, the fourth theme is Ultra Zymphonies. This is a responsive multipurpose Drupal theme which is perfect for any business themes. Be it a medical doctor, freelancer, corporate team or a lawyer who is looking forward to a modern business website or a personal blog, Zymphonies theme can be the best choice.

The fifth theme is Decor Zymphonies. This theme is similar to the above theme. A complete responsive multipurpose theme that suits best for the business theme. It proves to be the perfect theme for anyone including a medical doctor, lawyer, creative, corporate team or freelancer who is proactively willing to build a modern business website or create a personal blog.  

Finally, we will end up with Clinic Zymphonies Theme. It is a Mobile-first Drupal 8 responsive theme. Along with being highly customizable, it also features a custom sideshow, responsive layout and multiple column layouts. 

Now, we will go through one of the Drupal distributions for healthcare i.e. Virtual care. It is a distribution that offers a Basic Drupal Healthcare site for better communication between Patient and Healthcare Professional which further facilitates the exclusive features for patients, healthcare professionals, editors and site-admins as well.

Support and maintenance, hiring of developers, and partnering with digital agencies

You will find various Drupal agencies that will provide you with quality services as per your requirements. Below are the top 5 Drupal agencies in the global Drupal marketplace.

Describing the top 5 Drupal agencies in the global Drupal marketplace with the help of a diagramSource: Drupal.org

Supporting emerging technologies

Drupal uses the latest technologies such as artificial intelligence in the form of chatbots, virtual reality, IoT and Blockchain, cognitive search and digital voice assistants like Alexa on Drupal sites. Check out some of the Drupal-powered healthcare technologies here.

With the above mentioned features, Drupal healthcare websites can be built ensuring all the necessary security standards and requirements. 

Now, below you will get a glimpse of the drupal websites that were successfully built for the healthcare industry around the globe. 

Success Stories

You will get to witness some successful case studies around the world that depict Drupal’s extreme efforts in reaching its users expectations. 

National Nurses United

National Nurses United(NNU) can be considered as the largest union and professional association of registered nurses in the United States. They wanted to architect, redesign and create their new website on Drupal 8. Their main requirements were to design, create and launch their website within a very tight frame. NNU wanted their website to be of light design, modern and also a content management system. Finally, the Drupal 8 website was successfully launched on time and also under the budget. The NNU team now has a modern and powerful content management system that enables their professional members to obtain required tools and information on time.

Great Ormond Street Hospital Children’s Charity

Great Ormond Street Hospital Children’s Charity is one of the UK’s biggest charities, which is also an international centre of excellence in child health care. The website of the hospital provides significant information to healthcare professionals, parents and child patients. They rely upon their site to support campaigns for raising funds. The hospital’s main aim is to deliver best clinical care and training, and in partnership with other organizations, pioneer new treatments and research for the well-being of children around the globe. GOSH’s primary objective was to build a single harmonised platform that would be compiled from the migration of two large, business critical sites (30 content types and 6,000 nodes per site) and 10 sub-sites to Drupal from a proprietary software that is already outdated. The secondary objectives included prioritizing digital at the centre of all organizational activities, scalable architecture, removing complexity, platform for innovation, facility of accessibility, time-saving tools and improved search facility. Therefore, the results were as such that both the content and commerce could swiftly be intertwined, they were no more constrained by their content management system, in fact all the options were available and being capitalised, facility of suitable access privileges, and availability of flexible security boundaries were achieved with the help of Drupal’s powerful Organic Groups module. Additionally, personalization could be achieved by guiding visitors quickly to microsites and site sections for their necessities. Every section could adopt message, content, imagery, tone and Solr Search for the suitable audience. Lastly, the stakeholders could recover control and regularly adapt content. 


Digital transformation in healthcare is a must as it provides comprehensive patient care services with much efficiency and effectiveness. Therefore, having the right technology partner is very essential as it enables in building the foundation required for digital capacities and enhances the healthcare and patient experience to a complete whole new level. And Drupal is the best technology partner to deliver such a seamless experience for both the patients and healthcare industry.

Sep 06 2021
Sep 06

You must be aware that apart from content, the landing page call to action is another crucial component that can drive the visitors to perform an action you desire. The CTA can ensure you have effective online campaigns and can improve conversions through your website. This article will discuss the various ways to create effective CTAs on your landing page.

Businesses are focusing more on their online presence than ever before. They must tweak their digital strategies to reach out to a more significant section of their audience at a relatively enhanced RoI. There is an increased focus on their website and is used to ensure a steady flow of visitors. The workflows help to embark with the visitors on the buyer's journey that culminates in a sale.

What Makes Landing Page Call to Action Buttons so Important?

You can use the CTA buttons as a significant component of your landing page. It allows your prospects to move to the next stage in the workflow as envisaged by you. These buttons must be easily spotted and should be placed appropriately on the landing page. You must have powerful words along with a compelling proposition on the CTA button. Let us first understand the psychology behind the use of the call to action on the landing page.

Grabs the Attention of Visitors

Your landing page must persuade the visitor to take the path you have laid down for them. A call to action button with the perfect colour, font and content can entice the visitor to click on it and embark on the buyer’s journey with you.

Motivates the Visitor to Act

Most brands use colours and fonts in line with their branding guidelines that motivates the visitors to act. It enhances the conversions from your campaigns and informs the visitors about what lies ahead. The visitors are more likely to click if they know what lies ahead.

Makes a Specific Request

You may find a landing page making too many requests to a visitor. But always make a few requests and do not confuse the visitors. The CTA button informs the visitors what to do and places it at a suitable position on the landing page.

Essential Landing Page Call to Action Best Practices

It is crucial to optimize the CTAs to ensure improved conversions from your website. The renowned brands use innovative CTAs to entice users to act. We will now discuss some of the tips to create an effective landing page CTA button. 

Write Enticing Text

If you are working on enticing web content, why shouldn't you bother about the content for the call to action on the landing page? You must opt for action-packed words and do away with the boring ones. It is the content that makes the visitor decide whether to act or not. Always mention what the visitors can expect as an outcome of clicking on the CTA button.

Make it Clear and Concise

The clarity in the content is necessary if you look forward to receiving an adequate number of clicks on the landing page call to action. The visitors are usually impatient. If the content isn't concise and clear, they will not bother to click on it. Therefore, always use effective and short phrases and try to keep the content within a few characters.

Place it Logically

Another critical factor to consider is the placement of the landing page CTA. Placing it is an essential part of a proper UX design. Place the button on the path that the visitors will take when they are on the landing page. It is necessary that there is a natural flow and is present where the visitors expect it to be. You may adhere to the general layout of a call to action as users may be acquainted with it.

Create an Urgency

Many brands create urgency in their marketing messages and social media posts. It would be best if you create urgency on the CTAs as well. It is an effective way to enhance clicks and conversions on the landing page. It is because visitors would fear missing out on the offer you have proposed. Using time-related phrases or adding a countdown timer can add to conversion chances.

Consider the Colours Used

When creating the landing page call to action buttons, we forget to consider the colours used. It must match the overall branding requirements and complement the other colours used on the website. Choosing the right colour can attract visitors and take the action you desire. The colour of the CTA button must be such that it distinguishes it from the surrounding elements.

Create Curiosity

Many of us act when we find something unique around us. Similarly, you can build a sense of anticipation in the minds of the visitors through the content on the CTA button. Creating a limited time offer instils a sense of urgency among the visitors. The fear of missing out on the proposal can induce more conversions from website users.

Keeping it Above the Fold

Place the call to action on the landing page where the visitors can find it easily. Ideally, if you place it above the fold, the visitors need not search the whole landing page. The users will first see the banner on the landing page. They will not miss the CTA if it is above the fold, and you can also put across your message without much fuss. Keep the supporting information below the fold. 

Using Responsive Design

Web admins must consider the fact that several of the website visitors will use a mobile device. Therefore, you must consider a responsive and interactive website design when creating the landing page CTA. The buttons must be of an ideal size and should be easily readable on screens of all sizes. You can test the size of the CTAs across various software agents and screen sizes.

Test and Refine the Call to Action

You must undertake regular A/B testing of the CTA button on the landing page. You can make small changes in the entire context and find out the differences in user behaviour. Test the colour, font, placement of the button, and check what is adequate for your audience. Also, check whether the link is working correctly and moving to where you have wished.

Few Action Examples for Using Call to Action Buttons

We will now discuss a few use cases of how you can use the CTAs.

Using Gated Content

You can drive the visitors to download a flyer, product brochure, case study, whitepaper, etc. The landing page must have the requisite content about the benefits associated with the product. You can then entice them to provide their name and email address for access to the document.


Businesses can use the CTA procedure for registrations to an event or an online webinar. For example, you can use it to register the visitors for a restricted free trial of the product you offer or appointment bookings.


The most common use is to make the visitor click through and visit the page you wish. So, for example, it could ideally lead to your portfolio pages, and it helps you assess the number of visitors interested in what you offer.


The CTAs form the basis of the landing page, and the optimally created CTAs can provide the needed impetus to your landing page. It can improve the quality of leads you have and increase conversions. It is also challenging to have the right CTAs on the landing page. We have discussed the landing page call to action best practices in this article. Our team of experts is always ready to help you with any of your queries.

Sep 03 2021
Sep 03

I am pleased to announce that Victoria Spagnolo (quietone), Ben Mullins (bnjmnm), and Cristina Chumillas (ckrina) have accepted our invitations to become new provisional Drupal core committers!

Victoria Spagnolo (provisional release manager)

Victoria Spagnolo (quietone) is based in New Zealand and has been contributing on Drupal.org for over eight years. She is a maintainer for the Drupal core Migrate subsystem as well as multiple contributed projects. Victoria is also an active contributor to the community Bug Smash Initiative, which aims to improve everyone's experiences with Drupal by fixing bugs and reducing bug report response times. She received the New Zealand Open Source Award in 2018 for her contributions to Drupal.

Victoria's patience, empathy, attention to detail, and issue triage skills make her excellently suited to her new role as a provisional core release manager. She will collaborate with current release managers catch and xjm to improve core process, manage technical debt and disruptive changes, and ensure that core releases are shipped on time.

Ben Mullins (provisional frontend framework manager)

Ben Mullins (bnjmnm) is a United States-based Drupal contributor, also active on Drupal.org for over eight years. Ben is a Drupal core accessibility topic maintainer and subsystem maintainer for the Claro theme. He works for Acquia's Drupal Acceleration Team on a variety of Drupal core strategic initiatives and projects.

Ben will be collaborating with lauriii and ckrina as a provisional frontend framework manager. Ben has contributed extensively to helping solve tricky theme and JavaScript development problems without disrupting site owners' experiences, so we look forward to his further input on Drupal's frontend code. Ben's knowledge about accessibility and documentation also adds valuable expertise to our committer team.

Cristina Chumillas (provisional frontend framework manager)

Cristina Chumillas (ckrina) has been contributing to Drupal for over a decade. She is a core usability topic maintainer and also maintains the Claro theme. Cristina contributed design and theme expertise to the Admin UI and JavaScript Modernization Initiative.

Cristina started out her career in the graphic design industry and had formal training in Digital Marketing and UX. While working as a freelancer, she started coding with Drupal and quickly became part of the local community, where she has helped organise many local events in her home city of Barcelona. She joined Lullabot as a front-end developer in 2019.

Cristina is also joining the frontend framework manager team provisionally with lauriii and bnjmnm. Cristina has already brought a wealth of expertise and leadership to the Drupal project, where she has patiently and successfully shepherded many long-running initiatives. We're excited to see her continue the hugely impactful work she’s been doing under this new role.

Please join me in welcoming these new members of our core committer team!

Sep 03 2021
Sep 03

I am pleased to announce that Victoria Spagnolo (quietone), Ben Mullins (bnjmnm), and Cristina Chumillas (ckrina) have accepted our invitations to become new provisional Drupal core committers!

Victoria Spagnolo (provisional release manager)

Victoria Spagnolo (quietone) is based in New Zealand and has been contributing on Drupal.org for over eight years. She is a maintainer for the Drupal core Migrate subsystem as well as multiple contributed projects. Victoria is also an active contributor to the community Bug Smash Initiative, which aims to improve everyone's experiences with Drupal by fixing bugs and reducing bug report response times. She received the New Zealand Open Source Award in 2018 for her contributions to Drupal.

Victoria's patience, empathy, attention to detail, and issue triage skills make her excellently suited to her new role as a provisional core release manager. She will collaborate with current release managers catch and xjm to improve core process, manage technical debt and disruptive changes, and ensure that core releases are shipped on time.

Ben Mullins (provisional frontend framework manager)

Ben Mullins (bnjmnm) is a United States-based Drupal contributor, also active on Drupal.org for over eight years. Ben is a Drupal core accessibility topic maintainer and subsystem maintainer for the Claro theme. He works for Acquia's Drupal Acceleration Team on a variety of Drupal core strategic initiatives and projects.

Ben will be collaborating with lauriii and ckrina as a provisional frontend framework manager. Ben has contributed extensively to helping solve tricky theme and JavaScript development problems without disrupting site owners' experiences, so we look forward to his further input on Drupal's frontend code. Ben's knowledge about accessibility and documentation also adds valuable expertise to our committer team.

Cristina Chumillas (provisional frontend framework manager)

Cristina Chumillas (ckrina) has been contributing to Drupal for over a decade. She is a core usability topic maintainer and also maintains the Claro theme. Cristina contributed design and theme expertise to the Admin UI and JavaScript Modernization Initiative.

Cristina started out her career in the graphic design industry and had formal training in Digital Marketing and UX. While working as a freelancer, she started coding with Drupal and quickly became part of the local community, where she has helped organise many local events in her home city of Barcelona. She joined Lullabot as a front-end developer in 2019.

Cristina is also joining the frontend framework manager team provisionally with lauriii and bnjmnm. Cristina has already brought a wealth of expertise and leadership to the Drupal project, where she has patiently and successfully shepherded many long-running initiatives. We're excited to see her continue the hugely impactful work she’s been doing under this new role.

Please join me in welcoming these new members of our core committer team!

Sep 03 2021
Sep 03

Mike and Matt are joined by Lullabots Cathy Theys, Greg Dunlap, Cristina Chumillas, and Albert Hughes to talk about hiring people into different Drupal roles. 

Sep 02 2021
Sep 02

Maps are a common feature many websites want to implement, and depending on requirements, often it is enough to simply embed the map. However, what if you want to create map markers using your own site data or use custom overlays to display additional geographic information? Drupal makes this quite easy with modules like Views and Gmap for Drupal 7.

A Drupal 8 port of GMap is in the works, and there is also the Geolocation D8 module which has Views and Google Maps support. For this article we will review a D7 implementation, although the Javascript code should be easy to adapt for D8 and Geolocation.

Getting Started: Location Markers

Maps require GPS or similar type formats to generate location markers. While you could enter GPS coordinates directly it is more user friendly to use a standard postal address and have Drupal geocode the address using a mapping service like Open Street Map, Google Maps, etc. The Drupal 7 modules used to create our map display are:

  • Address Field
  • Geofield
  • Geocoder
  • GMap
  • Views

This allowed us to create an address field of type "Postal address" and a geofield using the "geocode from another field" widget type. Now a user can enter a regular postal address and the geocode module will query a map service such as Open Street Map or Google Maps to create a map friendly coordinate. With our location data points we can build a View using the GMap format, add our geo field, then update the GMap format settings and select the geo field which should now be available.

Add a few items with addresses and the Geo modules generate the GPS coordinates for Gmap to display as you can see in the screenshot below. The drop down Legislation Category above is a standard Drupal Views filter, while the Location Boundaries checkboxes on the right are some custom HTML added as a “Global: Text area” field in the View’s footer section with layout and styling done via CSS.

Map of San Francisco with three markers

Here are some screenshots of the View configuration. The View format is set to Gmap which requires at least two fields, one with the content’s Node ID and one with the location coordinates. The title field was added to give some information for the marker popup, but you can add more data by using the “rewrite results” option for any field in the View’s config. Simply check “Rewrite the output of this field” and use the Replacement Tokens to combine other field data, and usually you will exclude those other fields from the View display so you don’t have redundant content.

Drupal 7 Views configuration with GMap module

There are some settings required for the Gmap format. We must select the field containing the map coordinates (geotag from the geofield module for our setup), the field with the Node ID, and a field with information to display in a popup when a map marker is clicked.

Gmap Views configuration Gamp configuration continued

Building Custom Overlays

For our custom layers we created arrays of GPS coordinates that could be used to define map polygons, and then attached event listeners to HTML elements such as buttons and select lists to control the behavior of our custom polygon layers. In our case we set the fillOpacity of the desired layer to 35% so the markers would be visible underneath, but you could toggle only the border or a variety of other actions. Note that the layer configuration and click handlers are added through the bind and init functions. This makes sure your customizations are added before the map is built:

gmap_object.bind('init', function () { ... code inside here ... });

The Javascript code must be added to your map display. You can attach it through a custom module, theme layer, or even through the Javascript Injector module. The JS Injector module works well, but it is generally advised against because it stores code in your site’s database. It is useful for users that do not have access to the site’s codebase, just restrict access to trusted users only.

All of the JS code should be added inside the obj.bind(‘init) function which is wrapped by the Drupal.gmap.addHandler function. This makes sure all of your JS is ready before the map gets loaded. In the init function we set up the coordinates for our layer boundaries, then use those to create a layer with our desired options. Our layers start out hidden with fillOpacity set to zero, then the sidebar controls are used to control options like borders, fill color, and transparency.

The sidebar controls are simple HTML added in the View’s footer section with a global text field with the functionality added through a jQuery ready function. We use jQuery(document).ready to make sure all the elements are rendered before we attach the interactive functionality. With each button you can specify different actions, so our “Districts” grouping checkbox turns on the borders for all the district layers. The same can be done with pure JS, or your framework of choice, but jQuery is readily available in Drupal 7.

Map of San Francisco with layer borders

Clicking “District 1” zooms in and pans to the level specified in our jQuery button handler while toggling all the other districts to be grayed out by looping through the rest of the items using our custom highlightItem function to set their opacity to 35% then setting our target layer to transparent:

neighborhood_01_layer.setOptions({fillOpacity: 0.0});

Map zoomed to highlighted layer

Here is a basic example of the JS code, make sure it is only added to your map page.

// GMap module customization for neighborhood map
Drupal.gmap.addHandler('gmap', function (elem) {
  var obj = this;
  obj.bind('init', function () {
    /*** Neighborhood Layers ***/
    // Neighborhood 1
    const neighorhood_01_coords = [
        { lat: 37.76351, lng: -122.51965 },
        { lat: 37.78172, lng: -122.52265 },
        { lat: 37.79393, lng: -122.51210 },
        { lat: 37.79312, lng: -122.50107 },
    const neighborhood_01_layer = new google.maps.Polygon({
      paths: neighorhood_01_coords,
      strokeColor: "#000000",
      strokeOpacity: 0.0,
      strokeWeight: 2,
      fillColor: "#333333",
      fillOpacity: 0.0,

    // Array of layer names so we can easily loop through
    // and make changes to all layers, such as hiding all
    // layers except for the one selected by the user
    var neighborhoods = [
      neighborhood_02_layer, //not created in this example
    /*** Map controls ***/
    jQuery(document).ready(function($) {
      /*** Neighborhood highlight controls ***/
      var buttonN1 = document.querySelector('.neighborhood-1');
      buttonN1.addEventListener("click", function() {
        neighborhood_01_layer.setOptions({fillOpacity: 0.0});
        obj.map.setCenter( {lat: 37.77810413996199, lng: -122.48471403048961 } );
      }, false);
      // Helper functions below that can be used to loop
      // through many layers to modify display options
      // Only "highlightItem" used in this example
      function showBorders(value, index, array) {
        value.setOptions({strokeOpacity: 0.5});
      function hideBorders(value, index, array) {
        value.setOptions({strokeOpacity: 0.0});
      function highlightItem(value, index, array) {
        value.setOptions({fillOpacity: 0.35});
      function highlightClear(value, index, array) {
        value.setOptions({fillOpacity: 0.0});


Increasingly, customized maps that highlight neighborhoods, featured locations, and other specific, bespoke points of interest are being sought after by governments, nonprofits and businesses. Drupal allows you to respond quickly and effectively with custom map overlays using GMap and Views. Please feel free to contribute some of your examples in the comments.

Sep 02 2021
Sep 02

The world of technology is constantly evolving and strives to create new solutions, as well as to improve the old ones. Consequently, the life cycle of every software sooner or later reaches its inevitable end. Such a fate awaits the distinguished and still popular Drupal 7 with the end of its official support by the developers. This is a great moment to recall the novelties it brought in relation to the previous versions and to shed some light on what's next.

General information

Released on 5 January 2011, Drupal 7 was the successor to Drupal 6, obviously, and brought many awaited and – above all – necessary changes. Here are some of the most important ones.

  • The concept of entity was introduced, known from many other solutions. Hereafter, entities can be anything – from a user profile and a node, to things like a comment or a taxonomy term.
  • Support for multisite appeared.
  • Content Construction Kit (CCK) became a module in the Drupal 7 core.

In addition, there were many smaller, but no less important improvements, such as: improvement of performance and security, changes in hooks and API, reduction of system requirements, ability to create shortcuts, scheduling tasks using cron, and many, many more.

Drupal 7 end of life - change of date

Originally, Drupal 7 end of support was planned for November 2021. However, this date has been changed to 28 November 2022. Where did this change come from? As we may learn from the official information on this topic, the main reason for postponing it is COVID-19 and the impact it has had on the international market – especially on companies and their budgets. In practice, this means an additional year of support covering the security and development of patches for Drupal 7 websites. It also means extra time to move your projects to newer and dynamically supported and developed versions of Drupal.

End of support for Drupal 7

From the end of November 2022, no further official patches will be published. Therefore, if we don't update our pages to a higher Drupal version, we'll be left on our own and at the mercy of hackers, to whose attacks our page may become vulnerable. Of course, this isn't the only reason why you should jump to version 8 or 9, which I'll try to convince you of in the next paragraph.

Drupal 7 vs Drupal 8

The introduction of Drupal 8 meant a very big and significant change towards the development of the system. Let's take a look at some of the most important changes and improvements when compared to the previous version.

  • Drupal has been rewritten using the Symfony framework. For those unfamiliar with the topic, Symfony is one of the most popular PHP frameworks. Therefore, from the very beginning Drupal could boast that it gets a lot of support from the community and creators associated with Symfony. This change is actually so big, because the earlier Drupal versions weren’t based on any such powerful frameworks.
  • A new engine for creating templates has been introduced - the well-known and popular Twig (this is the result of switching to Symfony, where this engine is also used). This streamlines the work when creating templates, and brings the way of implementing them closer to modern standards, abandoning the previous themes and PHP templates.
  • The lack of a sensible text editor in Drupal 7 has been solved in version 8 with CKEditor - an extremely powerful and multifunctional tool for working with content.
  • The Views module has become a part of the system's core.
  • Drupal 8 brought almost 200 changes and patches that you can read about on Drupal.org.

You may also be interested in: 10 tricks to work efficiently with the Composer in Drupal 8

Then is the change from version 7 to version 8 or even version 9 (which you'll read about further down) a good idea? To put it simply: YES! From the very beginning, switching to Drupal 8 seemed like a necessary move. The number of novelties and possibilities introduced at that time by version 8 was stunning, and the obsolete solutions known from Drupal 7 were starting to be a drag in combination with the raging development and progress in the field of web development.

Then what is the cause of such a large number (about 560 thousand active installations - as of July 2021) of websites still operating on Drupal 7 and of the many years of support from the developers provided for such an old version of software (we'd like to remind you that Drupal 9 released in June 2020 is currently the default version)? It's all the result of how great a revolution Drupal 8 was and what great changes have been made to the very logic that underlies the entire system. The introduction of Symfony as the base framework for Drupal was a double-edged sword. Although it actually brought only good changes, it led to practically no compatibility with the previous versions. Upgrading from Drupal 7 to 8 couldn’t be done automatically, and sometimes even required rewriting the entire page from scratch. As you can imagine, this could be very problematic for systems maintained over the years, not to mention the cost that such a change could generate.

Today, however, we are already richer with years of experience. Upgrading from 7 to 8 doesn't have to be as titanic a job as it initially was. There are many tools on the market that can help us with the migration and make it easier.

Drupal 8 EOL - What’s next?

Let another fact be evidence for the popularity of Drupal 7: the official support for Drupal 8, its older brother, ends on 2 November 2021 – a year earlier. The reason for this decision is primarily that updating Drupal 8 to 9 is much simpler and often doesn't require any additional work from us. Hence, moving our website from version 7 to 8 is the first step to updating to the latest version that's being currently developed. Drupal 9 in relation to 8 is simply an evolution, not a revolution of the ideas behind the premiere of Drupal 8. For more information on this topic, you can visit the official page of version 9 and our post on the transition to Drupal 9.

End of life of Drupal 7 will be in November 2022, and of Drupal 8 in November 2021


Drupal 7 EOL - professional help

As we've already established that the transition to the latest version of Drupal is actually a necessity, and with the transfer of the planned Drupal 7 support end date, we've gained some additional time, I'll introduce you to this process. I'll try to distinguish two possible paths here: for those less knowledgeable on the subject and for the advanced users who want to learn about our methodology.

Transition from Drupal 7 to 8 for beginners

As already mentioned, the updating process isn't automatic here and requires at least basic technical knowledge and experience in carrying out similar migrations. If you don't feel up to it, we recommend that you contact the professional Drupal support team for help. Using the services of specialists experienced in this type of migration can significantly shorten the entire process, as well as dispel any doubts related to it.

Transition from Drupal 7 to 8 for advanced

Now we'll show you, based on our experience, how to handle such a process. First of all, it'll be easier for us to migrate the page to version 8, and after that – to version 9. We should avoid large jumps (i.e. from Drupal 7 to 9), because they may cause more needless chaos than necessary.

  1. Let's start by reviewing the available modules and making sure that all the ones we have we’re actually using. It's also important to first make sure that we understand the functionalities of the page in order to be able to fully translate them into the new Drupal version.
  2. Changing the version is a good time to clean up and redesign the layout of our page, which may be outdated.
  3. Custom modules need to be rewritten. There is no other option here but to simply rewrite the modules, following the new method of implementing them.
  4. As is the case with modules, rewriting the custom themes is also necessary. The introduction to the Twig template engine is a big change, and translating the old templates into this solution is fully obligatory.
  5. Drupal 8 has changed the way data is stored in the database, as well as its structure, so data migration is a must. Such modules as Migrate, Migrate Drupal, Migrate Upgrade and Migrate Plus will help us with this.
  6. THE MOST IMPORTANT POINT: backup, backup, backup! Before making any changes (let alone as crucial as this one), it's necessary to create a backup. It'll save you trouble in the event of an unforeseen failure during the migration. It seems trivial, but this issue is often underestimated.
  7. It's worth ensuring that our Drupal is updated to the latest possible version of Drupal 7. This should minimize any difficulties in transferring the configuration.

If we manage to migrate the website to Drupal 8, upgrading it to version 9 itself shouldn't cause any major problems. First of all, we need to replace the obsolete methods in our code with new code or just get rid of them. Drupal-check is one of the tools that can help us find such a code.

Sep 02 2021
Sep 02

Drupal 6 just might live forever.

This isn't so much an announcement as it is a reminder: if you know of any sites out there running Drupal 6, they probably want to make sure we keep supporting it!

Drupal 6 Long-Term Support (D6LTS) until at least February, 24th 2023!

Why February 24th, 2023?

Well, we've been using the February 24th date, because Drupal 6 orginally reached it's End-of-Life on February 24th, 2016, and we've been taking it one year at a time.

Drupal 7's community support End-of-Life will be in November 2022. We know that D7ES will have a long life ahead of it as there are still hundreds of thousands of important sites running it. Similarly, we see no reason to stop our Drupal 6 support any time soon.

There's still TONS to do Drupal 6

While it can be a little hard to predict the challenges that Drupal 6 site owners will face in the future, don't worry. If the past is any indicator, I'm sure there will be plenty to do!

What are the "Thoughts" on Drupal 7?

Recently, we've been really planning and working towards developing what's needed for Drupal 7's End-of-Life and the Drupal 7 Extended Support (D7ES) program.

We still don't know the full details of our offering, but we can say this:

  • It will be very similar to our D6LTS offer
  • We want to be able to support even more sites!
  • We want our service to be even more valuable to site owners!
  • We want to offer plans for sites of all types, sizes, and needs! 
  • We'll be providing Drupal 7 support until at least November 2025.

We're hoping to have the first bits of this ready to announce soon enough that you can start making your long term Drupal 7 plans.

Contact Us About Your Drupal 6 or Drupal 7 Site Now!

Sep 02 2021
Sep 02

Drupal 8 has lot of inbuilt functionality within it, one of the main important features is Configuration Synchronization. It will help us to migrate full setup properly on site deployment. But the main problem is that, According to the Drupal 8 CMI documentation,

The Configuration Manager module in Drupal 8 provides a user interface for importing and exporting configuration changes between a Drupal installation in different environments, such as Development, Staging and Production, so you can make and verify your changes with a comfortable distance from your live environment.

The same idea appears in this article,

Perhaps the most important concept to understand is that the configuration system is designed to optimize the process of moving configuration between instances of the same site. It is not intended to allow exporting the configuration from one site to another. In order to move configuration data, the site and import files must have matching values for UUID in the system.site configuration item. In other words, additional environments should initially be set up as clones of the site. We did not, for instance, hope to facilitate exporting configuration from whitehouse.gov and importing it into harvard.edu.

So Still we hardly depends on the Features module, But we can use the CMI (Configuration management Interface between two different sites with simple hacking solution.

The CMI works with based on the site UUID, If the sites have different UUID then, it won’t work, So changing destination site’s UUID with Source site’s UUID would solve the problem.

Just follow the below steps to use CMI between two different sites,

1. Export Configuration from your source site (Site A)

2. Extract the file, Open the system.site.yml file and get the Source site (Site A) UUID

3. Run the drush command in your destination site (Site B)

drush config-set "system.site" uuid "Your Source Site UUID here"

4. After that, try as usual Import Process in destination site (Site B)

It will accept the Site A configuration in Site B. So we can migrate all datas into our another site.

FYI : I am not sure, It is a effective / Proper way to do it.. If there is any problem with this method please mentioned in the comment.

Sep 02 2021
Sep 02

Twig can be extended in many ways; you can add extra tags, filters, tests, operators, global variables, and functions. You can even extend the parser itself with node visitors. In this blog,

I am going to show you how to create new custom twig filters in drupal. For example we are going to create a filter to remove numbers from string, will explain with hello_world module.

Create hello_world folder in modules/custom/ folder with the following files,

1. hello_world.info.yml // It would contains normal module .info.yml file values, Check here for more details

2. hello_world.services.yml // It would contain following lines,

    arguments: ['@renderer']
    class: Drupal\hello_world\TwigExtension\RemoveNumbers
      - { name: twig.extension }

3. src/TwigExtension/RemoveNumbers.php It would contain followings in that,

namespace Drupal\hello_world\TwigExtension;

class RemoveNumbers extends \Twig_Extension {    

   * Generates a list of all Twig filters that this extension defines.
  public function getFilters() {
    return [
      new \Twig_SimpleFilter('removenum', array($this, 'removeNumbers')),

   * Gets a unique identifier for this Twig extension.
  public function getName() {
    return 'hello_world.twig_extension';

   * Replaces all numbers from the string.
  public static function removeNumbers($string) {
    return preg_replace('#[0-9]*#', '', $string);


Enable the hello_world module and clear the cache, then you could use the “ removenum “ filters in your twig file,

{{ twig-value-with-numbers | removenum }}

It would remove the all numbers from the string, enjoy with your custom filters !

Download the hello_world module here

Sep 02 2021
Sep 02

One of the most favourite and  valuable features in drupal is multisite configuration, Drupal 8 provide simple way to create multisite it reduced lots of works. The following steps shows to configure multisite in drupal 8,

  • Should have more than one domain and databases, I am going to use the domain (www.domain1.com, www.domain2.com) and databases (domain1, domain2).
  • Create two folders in drupal-8/sites/ folder with domain1, domain2 name, the folder path would be like this drupal-8/sites/domain1/ and drupal-8/sites/domain2/
  • Create files/ folder in both the folder (drupal-8/sites/domain1/files)
  • Copy the default.settings.php file and paste it into the both folder then rename it as settings.php ( drupal-8/sites/domain1/settings.php, drupal-8/sites/domain1/settings.php)
  • Edit the settings.php file for domain1 to adding the database,
$databases['default']['default'] = array (
  'database' => 'domain1', // Change value to domain1 for www.domain.com and domain2 for www.domain2.com.
  'username' => 'root',
  'password' => 'root',
  'prefix' => '',
  'host' => 'localhost',
  'port' => '3306',
  'namespace' => 'Drupal\\Core\\Database\\Driver\\mysql',
  'driver' => 'mysql',
  • Copy the drupal-8/sites/example.sites.php file and paste in on the same location then change the file name to sites.php (drupal-8/sites/sites.php)
  • Add the following line in the bottom of the drupal-8/sites/sites.php file
$sites = array(
 'domain1' => 'domain1.com', // Folder name => Domain name.
 'domain2' => 'domain2.com',

Thats all, both domain would works well with the different db with a single instance.

Sep 01 2021
Sep 01
  • 02 September 2021
  • Anca Verniceanu

DrupalCon Europe 2021 is less than two months away – and we can already feel the enthusiasm rising.The conference is packed with value from start to finish: innovative topics; inspiring speakers from all corners of the tech world and in-depth workshops.

On top of a diverse range of sessions at DrupalCon Europe, there are two workshops on creating great user experiences with Drupal and building a website with low code. A single DrupalCon ticket gives you access to all this and you will have the chance to do this among other developers, designers, editors, content strategists, marketers, end-users or leaders from the Drupal community.

Apply for offered tickets

This year, Liip wants to make DrupalCon even more widely available and accessible by offering free tickets. At Liip we always strive to help level the playing field for women and minority groups, who have been underrepresented in the tech industry for far too long. That is why we are thrilled to announce that we are sponsoring Grants and Scholarships that will help cover costs for many to attend this event.

Eligibility criteria

Participants must meet the following background requirements:

  • be a member of an underrepresented group in tech — this includes, but is not limited to people of colour, LGBTQIA+ people, women, disabled people or be unable to attend without financial assistance
  • be unable to get funding from the companies they work for
  • be 18 years of age or older
  • agree to follow DrupalCon code of conduct

First-time attendees might be given priority, and you can even apply if you already bought a ticket, but you feel you qualify to receive a scholarship.

What you will learn

If you’re chosen for a scholarship and get a free ticket for DrupalCon 2021, you will have the chance to:

  • gain knowledge and skills
  • expand your network
  • learn from companies that leverage technology transformation opportunities within their industries
  • share your thoughts, opinions and perspectives with other people from the Drupal community
  • help drive Drupal’s continued evolution and success by actively engaging in the program at DrupalCon

How to apply

Submit your application by 20th of September 2021.
We hope to see you there and remember - when you win, we all win!

Anca Verniceanu

Frontend Developer

  • Topics
  • Tags
Sep 01 2021
Sep 01

Interactive websites help in engaging more users. For example, watching a popup video, solving a puzzle or quiz, or viewing compelling infographics can make users spend more time on your website. In addition, these kinds of interactive things help users remember your company name and contact you back. In this article, let’s explore the elements that help in making interactive website design & what are the benefits of having that.

Businesses are always looking for newer avenues for growth and increasingly focus on their website to reach out to their audience. Therefore, there is an inherent need to ensure that the website breaks the clutter and helps in having an improved interaction with the visitors. It will negatively impact visitors if they have static content before them and cannot interact with your website.

You must provide a personalized experience for your audience, and one of the best ways to achieve this is by making the website more interactive. Studies show that interactive content provides two times greater engagement than static content. (Source: HubSpot) An interactive website design can automate each visitor's experience and use specially crafted content to create a customized experience.

What are interactive websites?

These websites allow better interactions with the visitors, and they can actively communicate with the elements and the content on the website. For example, it could enable the users to leave comments, initiate a chat with them, or suggest preferences that can alter their experience while they are on the website.

The business must think strategically about what the visitors will be looking for on the website. You must utilize historical preferences and analytics and understand the right website features that can help better engage with the website visitors.

Benefits of an Interactive Website Design

There must be a robust communication platform and provide an excellent user experience. Companies can also receive feedback from the audience by engaging with their clients online. Let us know the benefits that businesses have through an interactive web design.

Create a Unique Customer Experience

The website visitors will look forward to a self-service feature that will allow them to receive responses to their queries. This feature can help you provide visitors with a fantastic experience as they interact with your website. It also allows the users to be in charge and feel empowered as they can search based on the location chosen, ask a question, and respond to or vote to an inquiry that relates to them.

Enhanced Conversion Rates

As the visitors interact more with the website, it increases a sense of trust. For example, if the website contains the logo colours, the trust factor gets raised, and the visitors tend to interact more. As the trust increases, they are more likely to become a paying customer. Moreover, as the visitors increase the dwell time on the website, the bounce rate also decreases.

The Content Looks Smart

When you create interactive web pages, they will have designs that can draw the visitor's attention. For example, interactive infographics and animation can ensure better engagement with the visitors. You can also use a rating system that will allow the content to engage with the users. Accordions can also help to show your content better without cluttering the web page.

Improves SEO and Search Rankings

When you make an interactive website, it will bring in more visitors. Hence, you will readily receive requests from other entities to link to your website. These backlinks form an integral part of the SEO process, and they can ensure an increase in search rankings. Interactive websites also see a surge in visibility, enhancing search engines' perception of your website. An improved user experience can even ensure your website to be on the first page during search rankings.

Interactive Features for your Website

You must have come across the interactive web design of renowned brands. They provide the ideal visual experience, and you can implement these features on your website. Let us discuss some of the ideas that you can implement too.


The web chat feature will allow the users to ask any additional queries after going through the FAQ section. They can directly connect to your customer support team and initiate an online chat. It can provide the ideal interaction needed by the users. You can also utilize a chatbot that can respond to pre-configured questions.

The Hover Selector

It is an essential website feature that selects the element once you hover the cursor over it. Web designers can utilize various ways to ensure that the visitors consume the content. For example, they can apply varying styles or use dynamic and colourful states or animation to make it interactive.

User-Generated Content

You can allow users to comment on various sections of the website. The comments will enable you to find out what you must do to generate newer and better forms of content that appeal to users. You can allow social sharing of specific pages on the website or enable users to share your blogs on their personal social media channels. Having a community or forum on the site is another way of encouraging interaction.

Using Forms and Ratings

You can induce feedback from the visitors on different sections of the website. It is necessary to receive their opinion that can be useful for making appropriate changes. It helps to identify any issues in your operations or the website too. Creating a survey is another way of inducing visitor contribution. You can also use the rating feature to generate participation from visitors and is a necessity for e-commerce websites.

Other Ways to Make your Website Interactive

You can make the content creative by adding interactive infographics and videos at appropriate places on the website. You can also create surveys to extract the required information from visitors that can help you in future decision-making. Using the benefits of interactive newsletters and slideshows can ensure repeat visits from users. Data visualizations and diagnostic tools can also help in e-commerce sites.

Using Drupal for Interactive Websites

Several renowned brands choose Drupal for their website development, as it helps create beautifully designed interactive websites. Drupal has a ready-to-use module to make an interactive website. We will discuss some of the elements that can help in having interactive Drupal website designs.

Social Media Sharing

Social sharing buttons allow users to share content on their personal social media pages readily. The AddToAny Share Buttons Module can provide handy social media sharing buttons and readily integrates with your website. It can integrate with Google Analytics too.

Allowing Users to Comment

You can allow users to comment on your website to ensure more interaction with them. The Comment module enables this feature, and the admins receive a notification for all new comments.

Creating Forms and Surveys

Using forms and surveys on the website can also lead to more interaction with the visitors. You can use the Webform module to create forms that collect the required data and forward it to any downstream application.

Using Slideshows on the Website

One of the best ways to ensure an interactive website is to have slideshows. The Views Slideshow module can help to create a slideshow of any user-defined content.

Creating Carousels and Videos

Using videos and carousels on the website can help your showcase your expertise effectively to the visitors. Media and Media Library modules allow web developers to embed these interactive media types on the website easily.


Companies are continuously looking for ways to break the clutter and effectively reach out to their audience. Therefore, they must have an interactive website design that can induce more visitor participation. It will also lead to increased conversions and revenues.

The website must make users confident about your brand, and it requires a well-defined strategy from you. You must utilize historical data and come up with adequate features that can make the website interactive. You can use various Drupal modules for this purpose. Be in touch with our Drupal experts.

Sep 01 2021
Sep 01

More so than ever before, the public sector is relying on websites to handle a depth and breadth of heavy lifting -- serving as a central information hub, providing a venue for taking care of official business, advancing civic pride, alerting citizens to weather and public health emergencies, and a lot more. 

Covid-19 sharpened the focus on the importance of government websites being able to step up and multi-task. That trend is shows no signs of reversing.

Essential objectives for government sites share much in common with private sector sites -- easy navigation, robust search capabilities, and a consistent application of design elements -- but in the current environment, government websites present distinct challenges and opportunities.

Drupal for Government

Leveraging the power of Drupal to design and develop expectation-exceeding websites for public sector clients at every level, we at Promet Source have honed a distinct expertise in the build of government sites that can function on many levels.

The process begins with a true understanding of the evolving role of public sector websites and the value of an open source CMS, followed by a  commitment to diligent discovery and active listening to the needs to stakeholders. 

Here are the top five factors that we’ve identified as the essential differentiators between government and private sector sites.

1. Public sector sites need to serve every demographic group.

While the targeted niche for a private sector site often encompasses a wide spectrum, government sites, have an inherent need to serve everyone. Creating web experiences that appeal to and accommodate the user journeys and needs of every age group, education level, income level, and comfort zone with technology, as well as people with disabilities, requires a significant balancing act. 

An in-depth discovery process is required to set the stage for a successful outcome. Adept information architecture skills also very much come into play in the process of creating a user experience that streamlines navigation and simplifies access to a wide and disparate range of information and resources for the full spectrum of users.

And easy navigation is just the start. Public sector sites also need to be engaging, reassuring, familiar, service oriented, and always aim for a subtle "WOW!-that-was-easy" factor.

Southern District of New York website

Southern District of New York websiteThe Southern District of New York's redesigned site focuses on the needs of a wide range and disparate range of of personas including staff, jurors, attorneys, judges, the local and national media, as well as individuals caught up in the court system.    


2. Community building is a core objective.

In many respects, government sites are now serving as a virtual town square --  the place where connections are made, information is exchanged, essential tasks are completed, and messages concerning what sets the community apart and what it stands for are reinforced. 

While private sector sites tend are likely to have one, clearly defined and singularly focused mission, the success of government sites hinges on multiple factors. 
The design of a government website needs to account for the likelihood that it might be visited and viewed simply for purposes of checking in, and that the content and experience on the site will serve as a source of conversation. 

Marin County prevention and outreach websiteFriendly fonts and consistent reinforcement of key messaging drive home the high-stakes, communitywide mission of the Marin County, California Prevention and Outreach site.    


3. All constituents view themselves as stakeholders.

Whether searching for information about trash pickup schedules, looking into the city’s permitting process, learning about local government initiatives, paying bills, or a myriad of other tasks, expectations are high among all visitors that the site needs to work for them. The optimal UX on a government website offers immediate access to the most frequently sought topics, with robust search capabilities that easily lead to everything else. 

Beyond information gathering and essential task-related factors, the site needs to reflect the county or municipality its very best light, for both citizens and potential tourists. Just as citizens have high expectations that the grounds and interior of their city hall, county courthouse, or state capital will be well tended and impressive, expectations are high for a modern, easy to navigate, beautifully designed website that reinforces civic pride. 

Martin County Florida websiteCentral to Promet's redesign of the Martin County Florida website is a carousel of images on the home page that features the area's spectacular beauty and attractions for both residents and tourists.                                                                     

4. The need to offload a wide range of administrative tasks is paramount.

If there is one, overarching truth among all government entities in the current climate it's this: budgets are tight and everyone needs to find ways to do more with less. Multi-tasking websites are stepping in to fill that void, and their success in doing so hinges on the degree to which taking care of tasks online proves to be a value-added process and free of frustration.

Martin County Fla homepageKey to the success of the Martin County, Florida website, which was recently migrated to Drupal 9: Prominent access to most the frequently searched tasks within an aesthetically pleasing user experience.


5.  The content management system needs to enable easy updates along with a high degree of content editing flexibility. 

For a public sector website to serve as a single source of truth, site managers and content editors need to be able to make updates on the fly. Weather alerts or public health emergencies can emerge with no warning, and for a government site to be counted on as a provider of up-to-the-minute accuracy, site managers and content editors need to be able to easily make updates or add new pages. 

Simple and streamlined content editing capabilities contribute to a consistent and reliable user experience throughout the site and across all desktop and mobile platforms. Another factor fueling the need for simplified and more robust content editing experiences: the opportunity for continuous improvements and citizen-centric enhancements based on community  feedback and ongoing intelligence gathering. 

Check out the possibilities of Provus -- Promet's new drag-and-drop content editing platform.

Marin County covid site  Since the onset of the pandemic, daily alerts and updates have been the essential mission of Marin County, California's Health and Human Services Covid-19 site.  

The best state and local leaders are well aware that every positive web interaction represents an opportunity to serve citizens and fuel vast new possibilities for connection and operational efficiencies. Partnering with the public sector to create next-level web experiences that address the full spectrum of citizen needs and expectations is what we do here at Promet Source.

Interested in what we can do for you? Let’s talk!

Aug 31 2021
Aug 31


Warning: As of the date of this writing, this module is still in alpha release, but appears to work as needed. Exercise caution and conduct extra testing should you decide to move forward installing this module during it’s alpha release.

Credits & Thanks

Thank you to:

Security Review Module

The Security Review module automatically tests for many security problems in the configuration of your Drupal site.

The Security Review module reviews your basic security settings and tells you if there need to be any changes that will make your website more secure. More often than not, security breaches come from un-updated Core software or basic settings that are exploited and turned into a breach. If you close those holes, hackers often move on to an easier target.

Install and Enable the Security Review Module

  1. Install the Security Review module on your server. (See this section for more instructions on installing modules.)
  2. Go to the Extend page: Click Manage > Extend (Coffee: “extend”) or visit https://yourdrupalsite.dev/admin/modules in your browser.

    drupal security review module installation

  3. Select the checkbox next to “Security Review” and click the Install button at the bottom of the page.

If necessary, give yourself permissions to use the Security Review module.

  1. Click Manage > People > Permissions (Coffee: “perm”) or visit https://yourDrupalsite.devadmin/people/permissions .

    drupal security review module permissions screen

  2. Select the appropriate check-boxes for  
    • “Access security review pages”
    • “Run security review checks”
  3. Click the Save permissions button at the bottom of the page.

Configure the Security Review module

  1. Go to the Security Review module admin page by clicking Manage > Reports > Security Review (Coffee: “security”) or visit https://yourdrupalsite.dev/admin/config/security-review in your browser.
  2. DO NOT CLICK the Run Checklist button. Instead, go to the Settings tab.

    drupal security review module configuration

  3. Set any untrusted roles. The default selections are for typical site visitors. Your site may need to add more.
  4. Under Advanced, you can skip any tests that aren’t appropriate for your site. If you are unsure, don’t skip any of the tests.
  5. Click the Save configuration button at the bottom of the page.

Using the Security Review module

  1. Go to the Security Review module admin page by clicking Manage > Reports > Security Review (Coffee: “security”) or visit https://yourdrupalsite.dev/admin/reports/security-review in your browser.
  2. Expand the RUN section.

    expand the run checklist section

  3. Click the Run checklist button.
  4. The Security Review module will run. It can take several minutes before it will present its results:

    drupal security review module test results

  5. As you can see, the Security Review module shows where your site might be vulnerable to attack.

You’ll want to work with your developers to fix the items in red to harden your website against malicious attacks.

Did you like this walkthrough? Please tell your friends about it!

twiter social icon linkedin social icon pinterest social icon

Aug 31 2021
Aug 31

14 minute read Published: 31 Aug, 2021 Author: Matt Parker
Drupal Planet , Migrations

This is the fourth in a series of blog posts on writing migrations for contrib modules:

Stay tuned for more in this series!


While migrating off Drupal 7 Core is very easy, there are still many contrib modules without any migrations. Any sites built using a low-code approach likely use a lot of contrib modules, and are likely blocked from migrating because of contrib. But — as of this writing — Drupal 7 still makes up 60% of all Drupal sites, and time is running out to migrate them!

If we are to make Drupal the go-to technology for site builders, we need to remember that migrating contrib is part of the Site Builder experience too. If we make migrating easy, then fewer site builders will put off the upgrade or abandon Drupal. Plus, contributing to migrations gives us the opportunity to gain recognition in the Drupal community with contribution credits.

Problem / motivation

In my experience as a consultant, clients who are willing to be early adopters of Drupal 7 to 9 migrations tend to want to make a bunch of other changes to their site at the same time… so configuration has often been overlooked in favour of setting new config from scratch on the D9 site. But from an end-user-of-Drupal’s standpoint, when the budget is tight, and/or Drupal 7 already functions the way you want it, it makes more sense to spend your time and money on verifying the site’s content, and updating the website’s theme!

As a Site Builder migrating a site from Drupal 7 to Drupal 9, I want as much of my Drupal 7 configuration to be migrated as possible, so that I can spend my time on the theme and content of the site.

Proposed resolution

Define a migration for simple configuration from Drupal 7 to Drupal 9.

As mentioned briefly in the last post, migrations are defined by YAML files inside a module’s migrations/ directory that look something like…

label: A Human-Friendly Name
migration tags:
  - Drupal 7
  - A Migration Tag
  plugin: # a @MigrateSource plugin id
  # some config for that @MigrateSource plugin
  # some process config
  plugin: # a @MigrateDestination plugin id
  # some config for that @MigrateDestination plugin

As you can probably guess, id, label, and migration tags are metadata.

Each migration definition includes a source plugin and its configuration, which states where to find data in the Drupal 7 source database. Each migration also defines a destination plugin and its configuration, which tells Drupal 9 where to store the migrated data. Each migration also contains a number of process instructions, which describe how to build the destination data, usually by taking data out of the source.

Steps to complete

Before we can write a simple config migration, we need to understand how config is stored in both systems; and do a bit of planning.

How Drupal 9 config works

In Drupal 9, the standard way to handle configuration is to store it as configuration entities, using the configuration management API.

Most configuration migrations into D9 use the config destination plugin, which uses the configuration management API to write the data. You configure the config destination plugin by specifying the machine name of the configuration entity that you want to build from the migrated data. If we look at the example migration we wrote tests for in the last blog post (i.e.: migrating config for the Environment Indicator module), you can see in its destination section…

  plugin: config
  config_name: environment_indicator.settings

… that the migration is going to be building the config object named environment_indicator.settings.

Note that each migration has one destination plugin; and the config destination plugin only lets you specify one config entity. To start a configuration migration, I usually look at the Drupal 9 module’s code for configuration objects. If there is more than one, I start with the one containing general configuration settings.

Once I’ve chosen a destination configuration object to focus on, I look at its definition in the module’s config/schema/MODULE_NAME.schema.yml file and where the config is being used (because the schema file isn’t always kept up-to-date). I start an inventory of the fields in that config object, their data type, and their default values from config/install/*.yml. A spreadsheet is a great tool for this inventory (just be aware that it can be helpful to show the spreadsheet to the community).

How Drupal 7 config works

In Drupal 7, the standard way to handle configuration was to store it in Drupal 7’s variable table in the database; and interact with it using the variable_get(), variable_set() and variable_del() functions.

My next step in writing a configuration migration is to search the D7 module’s code for the string variable_, examine the different variable names, and update my inventory with the D7 variable names and data types (to determine a variable’s data type, you may have to look at how the D7 code uses it). Some modules construct their variable names by concatenating strings and variables, so one string match (for variable_) may correspond with a handful of possible variables. If the way that variable names are constructed is particularly convoluted, it can be helpful to install the module on your D7 site, configure it, and see which variables are added to the variable table in the database.

When writing our migration definition for Drupal 7 variables, we can use the variable source plugin to pull data from the D7 variables table. You configure the variable source plugin by specifying a bunch of variable names to read data from; and optionally, specify which D7 module you’re migrating from (which is useful when you’re migrating config from a bunch of D7 modules into one D9 module).

If we look at the example migration we wrote tests for in the last blog post, you can see in its source section…

  plugin: variable
    - environment_indicator_integration
    - environment_indicator_favicon_overlay
  source_module: environment_indicator

… that the migration is going to copy data out of the environment_indicator_integration and environment_indicator_favicon_overlay variables.

Mapping out the migration

At this point, your inventory should contain the names, data-types, and default values for a bunch of D9 config object fields; plus the names and data-types for a bunch of D7 variables.

The next step is to process the inventory: for each D9 config object field, see if you can find a corresponding D7 variable, and mark the relationship in the inventory. It is always worth comparing how a config variable is used in both versions of the module, just in case it is unrelated but happened to be given a similar name. You should expect to find D7 config which does not have corresponding config in D9 and vice-versa. If you see D9 config that is related to the D7 config, but isn’t an exact copy (e.g.: a single value in D7 is the first value in an array in D9), add a note… we’ll talk about this shortly.

When you are done, your inventory might look like this…

D9 field D9 field data type D9 field default value ← How to process ← D7 variable D7 data type Notes toolbar_integration array [] ← (copy) ← environment_indicator_integration array (n/a) favicon boolean FALSE ← (copy) ← environment_indicator_favicon_overlay boolean (n/a)

At this point, you have enough information to start writing the migration test, which we covered in the previous blog post.

Migration process configuration

Now that we know how to migrate the data, we can write the process part of the migration configuration. Each instruction in the process section is a mapping (i.e.: hash, dictionary, object) whose name is the destination field. Inside the mapping is a list of migrate process plugins, to be run in order from first to last. The value after the final process plugin has run gets inserted into the destination field.

To get data from the source, you use the get migrate process plugin, which you configure by specifying which source fields to use…

  toolbar_integration:  # i.e.: the destination field in the 'environment_indicator.settings' config object
    - plugin: get
        - environment_indicator_integration  # i.e.: the source field
    - plugin: get
        - environment_indicator_favicon_overlay

… this configuration copies the data in the environment_indicator_favicon_overlay variable from D7, performs no other processing on it (i.e.: because there are no other instructions), and inserts it into the favicon field in the environment_indicator.settings config object.

Since copying data from a source field to a destination field without any processing is so common, there is a short-hand for this particular case. For example,

    - plugin: get
        - environment_indicator_favicon_overlay

… is equivalent to…

  favicon: environment_indicator_favicon_overlay

After converting the plugin: get lines to the shorthand, your migration config should look identical to the sample one that I gave in the previous blog post. If you replace migration given last time, with the one you just finished building (don’t forget to set the migration id — it must match the filename and be in the $this->executeMigrations(['...']); line in your test). You can verify this is the case by running the test again.

Multiple process plugins

If you do need to modify the D7 data before it gets saved to D9, it is possible to add additional process plugins. For example, the following configuration would get the data stored in the source’s my_d7_label field, URL-encode it, convert that URL-encoded data to a machine name, then store the resulting data to dest_field

    - plugin: get
        - my_d7_label
    - plugin: urlencode
    - plugin: machine_name

… put another way, given the data A name in source field my_d7_label, the data written to destination field dest_field would be a_20name (i.e.: A name -> A%20name -> a_20name).

If you are performing other processing steps, Core and many Contrib process plugins will allow you to take a shortcut by replacing the stand-alone get step by specifying a source in the first processing step. For example,

    - plugin: get
        - my_d7_label
    - plugin: urlencode
    - plugin: machine_name

… is equivalent to…

    - plugin: urlencode
      source: my_d7_label
    - plugin: machine_name

… but you may find it easier to keep the stand-alone get step until you’ve completed the whole migration and you are certain that it works.

When you write tests for a migration that involves process steps which modify data, the data you add in your test fixtures will be different from the data you verify at the end of the test — explicitly calling this out in a comment can be helpful to other people reading the test (or yourself 6 months later, when you’ve forgotten why).

Default values

Once a Drupal 7 module has been ported to D9 for the first time, that module’s D7 and D9 codebases diverge. Features added to the D9 version aren’t always backported to the D7 version for various reasons. As a result, when preparing your inventory, it’s not unusual to find that the D9 config object has fields for configuration which doesn’t exist in D7 (note the converse — where D7 variables have no D9 equivalent — is possible too, albeit less common).

When you’re writing a migration for the first time, it’s easy to focus on the config that you can migrate from D7, and ignore the D9 config which has no D7 equivalent. But if you don’t specify a value for those fields, the config destination plugin will set them to NULL when it constructs the config object from the migrated data.

But, many modules assume that those configuration object fields will be set to their default configuration (i.e.: from config/install/*.yml) — not NULL — which can lead to bugs, errors, warnings, and crashes later on.

The solution is to specify default values for that configuration in the process section of the migration definition, using the default_value process plugin.

For example:

    - plugin: default_value
      default_value: 'some_default_value'

When you specify default values, you should still test them, by verifying them when you verify the migrated data. I tend to separate these into their own section with a comment, so that I don’t get confused about why those verification lines don’t have a corresponding fixture…

// Verify the fixtures data is now present in the destination site.
$this->assertSame(['toolbar' => 'toolbar'], $this->config('environment_indicator.settings')->get('toolbar_integration'));
$this->assertSame(TRUE, $this->config('environment_indicator.settings')->get('favicon'));

// Verify the settings with no source-site equivalent are set to their default values in the destination site.
$this->assertSame('some_default_value', $this->config('environment_indicator.settings')->get('d9_only_feature');

Putting it all together

  1. Make sure your Drupal 9 environment is set up as described in the last blog post:

    1. Clone Drupal core, run composer install, set up the site.
    2. Find a migration issue and module to work on.
    3. Clone the module to modules/, and switch to the branch in the migration issue’s Version field if necessary.
    4. If the migration issue is using an issue fork, then switch to the issue fork using the instructions in the issue.
    5. If the migration issue is using patches, download the patch, apply it to a branch named after the issue ID and comment number the patch was uploaded to (we’ll call this $FIRST_BRANCH below).
    6. If the migration issue is using patches, then create a second branch named after the issue ID and number of comments in the issue plus 1; and apply the patch, but don’t commit it yet.
  2. Create the migration inventory.

  3. Write the migration test.

  4. Write the migration itself, running tests frequently.

  5. Spin up your D7 site, install the D7 version of the module, and run a manual test, as we did in part 1 of this series.

    The automated tests only test for very specific problems on a simulated “clean” environment — which make them great for catching regressions — but not very good for catching problems you weren’t specifically testing for (that is to say, things likely to crop up in the real world).

    Note that Drupal 9 core’s Migrate Drupal UI module has no way of knowing if you’ve written all the migrations that you intended to write for this module. So, the module you’ve written the migration for will still show up in the list of “Modules that will not be upgraded” for now — we’ll fix that in the next blog post. Don’t worry though, your migration will still run.

  6. When you’re satisfied, stage all the changes to the module (i.e.: git add .), and commit your changes. In the commit message, describe what you did. The commit message will be visible to other members of the community.

  7. If the migration issue is using an issue fork, then push your changes to the issue fork, and leave a comment in the issue describing what you did.

  8. If the migration issue is using patches, then:

    1. Generate the patch with git format-patch 8.x-2.x (where 8.x-2.x is the branch specified in the “Version” field of the issue with the patch).

      Generating a patch in this way way adds some metadata which will help avoid merge conflicts in the future.

      The patch will appear in the current directory, and will be named something like 0001-YOUR-COMMIT-MESSAGE.patch.

    2. Rename the patch according to Drupal.org’s conventions for naming patches.

      I like to move the patch somewhere that I can easily find it (e.g.: my Desktop folder) at the same time that I’m renaming it.

    3. Generate an interdiff between your current patch and the previous one with git diff $FIRST_BRANCH > interdiff.txt (where $FIRST_BRANCH is the branch with the previous patch applied and committed).

      I like to move the interdiff somewhere that I can easily find it (e.g.: my Desktop folder).

    4. Start a new comment, upload the patch and interdiff, and describe what you did in the Comment.

      If you set the issue status to “Needs review”, then automated tests will run on your patch — but once they pass, change the issue status back to “Needs work”, because your migration won’t be finished until you’ve verified there’s nothing else to migrate, and indicated that to the Migrate Drupal UI module.

If you’ve been following along with our example to migrate configuration for the Environment Indicator module, please be aware that there’s already a migration to do that in issue #3198995 — so please do not create a new issue, and please do not leave patches in that issue.

Next steps

At this point, you should have all the tools that you need to contribute patches which migrate simple configuration from the Drupal 7 version of a module to the Drupal 9 version of the module, so try it out!

Next, we will talk about how to tell Drupal core’s Migrate Drupal UI module that you’ve written all the migrations that you intended to write, which will move the module from “Modules that will not be upgraded” to “Modules that will be upgraded” in the migration wizard.

We’ll also talk about how to migrate more complex configuration and content in future posts in this series.

The article Easy commit credits with migrations, part 4: Migrating D7 variables first appeared on the Consensus Enterprises blog.

We've disabled blog comments to prevent spam, but if you have questions or comments about this post, get in touch!

Aug 30 2021
Aug 30

open waters podcast logo

In this episode, we're joined by Damien McKenna to talk about open source security and how that has changed over the years in Drupal core as well as in newer versions of Drupal. Damien directs internal initiatives that strengthen Mediacurrent’s commitment to open-source principles, collaboration, and sharing knowledge to strengthen the Drupal community and is regularly ranked as one of the ten most active contributors on drupal.org.

Episode Transcript

Mark Shropshire: Hi, I'm Mark Shropshire and with me is my cohost Mario Hernandez. We are very excited about this episode of the Open Waters podcast as we welcome Damien McKenna, a prolific Drupal contributor and community leader. We will be talking about open source security, specifically the ins and outs of Drupal security.

Mario Hernandez: Thanks, Shrop. Thank you very much, everyone, for joining us and a special thanks to Damien for joining us today to talk about security and contribution to the Drupal project. So Damien, before we get started into the technical aspects of your role, why don't you tell us a little bit about your role on Mediacurrent and your involvement in open source?

Damien McKenna: Thank you for having me. So I've been involved in Drupal since 2007, but open source as a whole, since around about 2000. I got into it because I had been building my own websites that expanded into building custom content management systems, and I realized I couldn't be the only person who wanted to have a simple CMS to manage their site's content or their clients' content. Discovered hey, there's a whole bunch of people who were uploading complete open source, complete PHP projects, as they were at the time to the net on SourceForge. I can just download it and customize it how I need.

Over the years, I saw a number of patterns emerge with open source communities. A big one was that for any given software project, if it didn't have a security team put together fairly early on, they would need one fairly soon. I saw so many projects that didn't have decent security practices and they eventually ran into a major security problem and had to scramble together the processes to deal with it properly. So I've been very glad that Drupal started their security team fairly early on, and it has been continuing ever since. So at Mediacurrent, I juggle both being a backend developer and project lead along with I lead, cat herd, on some internal initiatives around open source offer and contributing. We try to have a contrib first process so that we are contributing back improvements and things to open source communities and software when it's suitable rather than leading projects to have to maintain more and more custom code and documentation and things.

Mario: I'm gonna go with a follow-up question on that because that's very important what you just said there, Damien, the contribute first. So does that mean when you are tasked with analyzing the project that you about to work on, do you figure out ways in which maybe through this project you can contribute to the Drupal project or the open source in general? Or how does that work?

Damien: Exactly. So there are lots of different situations where it comes up. One example was a few years ago, one of our clients needed to have, requested documentation on how to set up their site to be able to pull in tweets from their Twitter account. And it was just when Twitter had changed the API process. So you used to be able to just pull an RSS feed of the tweets and they changed it to needing to set up a developer account and this custom application in their system.

And it was a bit elaborate and you had to do it from the account that was pulling the tweets because of security best practices. You didn't want to be sharing around these passwords for everybody to log into your Twitter account and accidentally post some screenshot of a picture of a meal out or being with some friends accidentally to a business account. So we put together documentation on how to go through the steps with screenshots and everything, but instead of putting it into a document and sending that to them, we uploaded it to the documentation section for the project that was being used to pull down the tweets so that everybody could then have the same documentation. It was the same amount of work, it was just putting it in one place versus another. So the client appreciated it, they had all of the details they needed, and then everybody else in the world who ran into the same situation then could benefit from the same work.

Shrop: Yeah. That, that's, that's a fantastic example. I mean, I know you have a lot of examples of contrib first, Damien and, personally you're a mentor to me and I appreciate all the guidance you've given me over the years and continue to on how to work in open source overall, but also in the Drupal community. And so I just want to say that I appreciate you and everybody else that does that for the community. It's, it's really great. So I want to jump a little bit into your involvement with the Drupal security team and I think that's an interesting aspect here, since we're talking about open source security today, what's it like being on the Drupal security team and then from a day-to-day standpoint? I know there's lots of things that you have to embargo til advisories come out, but you know what you know, what's it like day day-to-day, what's it look like?

Damien: Sure. So we have different processes that we've, for the most part, documented on drupal.org/security-team. There's lots of details in there, but we have a team of, I forget if it's 20 or 30 so odd people, and one step, I guess, an initial starting point is that we take turns being the initial point of contact. And as it happens, I'm on duty for the next two weeks, so timely. What that means is when somebody opens a security issue for a project, module, theme, or even Drupal core, that we're the first person to respond to that, to review what is submitted, and try and do a little bit of analysis on maybe the person just had one of the settings misconfigured. Maybe they have the PHP module enabled and they're inadvertently letting anybody write PHP code on their website.

Not that that has ever happened, but we do an initial bit of triage on the issues that are opened and then get the maintainers involved, presuming that it requires it, presuming it's a legitimate issue. And then try to guide the conversation between the maintainers and the person who reported the issue and potentially anybody else who's pulled into the conversation. So we might have an issue that is focused on the control module, but it might say affect core or affect somebody in the backdrop community as well, because there's a lot of overlap between the two. Occasionally there might be an identical issue for a similar module, and we try to get conversation focused on moving towards a solid, reliable fix, and then work with the maintainers to prep for release. We also have a mailing list where people can post questions to.

And that is often used as a step towards then having a proper issue in our security issue queue. So then it's, whoever's on duty then is the first person to respond to questions when they come in.

Shrop: How many of those do you think you get in a given week?

Damien: On average, not too many new ones each week. One thing that I found is that sometimes you'll have, especially in the contrib world, somebody will spot...Hey, there's this one situation where this module leaves a security vulnerability open or vector open, and they'll go and check some other modules that have, say, similar functionality or some similar approaches and then they'll, they might discover, say five modules have basically the same bug. But that doesn't happen very often.
Mario: What would you say is the most common security and the Drupal open-source work?

Damien: So the most common one is cross-site scripting, and this is going back to, at least a few years ago, there was an article published on Wiley by Greg Knaddison who wrote the book Cracking Drupal, and he went through and cataloged at all and cross-site scripting was the most common by a good margin where basically the output from a field or some data input was not being properly filtered during display, o that would leave it open for somebody to, say, throw in some JavaScript that would then get executed when the page was viewed. And so that one comes up quite often, and there are some relatively simple means of fixing those bugs. Biggest issue I found is forgetting where in your code something might be filtered already by the time you get it at this one piece.

So sometimes you've got a settings form and it might be available to people who aren't administrators, and you might forget to filter the output because somebody who's an administrator to the site is kind of assumed that they're not going to cause problems for that site. Generally, as a company, employees, don't go bananas and start throwing filing cabinets around. Likewise, they tend not to start throwing in a really bad JavaScript into a site for the purposes of stealing data, et cetera. It's technically possible, I'm sure it has happened, but tends not to happen. So when you're writing code or writing code for a site or for a project, or for a module, you might forget in this one situation, I'm outputting a variable or a configuration object or something and you might forget to filter that one time because when you're testing it, you never try throwing in JavaScript because what silly person would do that? But from the point of view of trying to keep it secure, you need to cover for the situations where somebody might want to do that.

Shrop: If you can execute JavaScript on a site, it's pretty powerful.

Damien: Yes. It's not as bad these days, because Drupal Core and eight and nine don't have the PHP module in core anymore. It was a lot more dangerous when the PHP module was in core because there were so many situations where people inadvertently had that available to all text fields including, say, a comment box for submitting a comment to the webmaster or owners. Yeah.

Shrop: Oh, wow. Yeah, you can think of all kinds of terrible situations that could come with that. Like just reading the settings file in PHP or something. Well switching gears just a bit, because I'm always interested in this and, as you know, in our teams at Mediacurrent, we, we have discussions, we have a security channel in Slack where we discuss when a security advisory comes out, we're always wanting to read it and dissect it as a team and figure out like, all right, what are our next steps for those? Are there mitigations and things like that? I'd love to hear from your standpoint, Damien, in your expertise around this, tell us a bit about those Drupal security advisories and the details they contain. And I mean, just curious about, you know, that coverage for that. I know it's well-documented but there is a lot of information in these advisories, right?

Damien: So there's always a balance between giving enough information and giving too much because you don't want to give people who want to write scripts to attack sites step-by-step instructions on how to do that. You just want to kind of give enough clues that people who are maintaining sites can tell whether or not this is going to affect them right now, and that they need to update right now ahead of anything else they're doing versus, say, it can be just included in the next scheduled deployment.

That could be a week or three from when it comes out. The security advisories will try to give some at least hints on what causes the vulnerability and then, if there are any available, some details on how it can be mitigated. So sometimes it'll be the security problem only happens if you turn off these options or if the person does not have a particular permission. So we'll indicate in the advisory any workarounds that might exist. Oftentimes there won't be obvious workarounds that are feasible, so the only step is to just update the module or theme or whatever it is, or core. We used to do one security advisory per project per week. So per week that there was a security update. So if there were multiple vulnerabilities, they would all be lumped into one security advisory. That policy was changed so that every individual security issue gets its own advisory. And that was to fit with industry standards because Drupal was, I think, just about the only major project still doing it that way.

Shrop: But from my standpoint, it's made it easier for me to comprehend what's going on. I can, you know, read one focus on it. All right. How does that apply mitigations? Are there any, and then you just move on to the next one. And so that's been great from my standpoint.

Mario: Switching gears a little bit here, Damien. So we know that with the release schedule that Drupal has in place, you know, there's a lot of benefits and people have seen things improve, you know, once the new release schedule was implemented. But can you tell us how these release schedule has helped with security, with the Drupal project?
Damien: The schedule has really helped from the point of view of having a plan or a schedule ahead of time that, you know on certain days of the month or certain months of the year, you're going to have security updates available.

Damien: So every Wednesday, starting by the simple thing of all of the security releases are done on Wednesdays. Almost always. There can be some occasional out of schedule updates when there's, say, a third-party library or something that has an update, and we have to scramble to do a core update on a different day, but almost always they're on Wednesdays. And then the core updates are done on one day and contrib updates. So one day a month, there's a window for core to have security updates, and if there isn't one on that day, then there won't be that month. Again, unless there's some or some other issue with a third-party library. And so site maintainers or site owners have a bit of relief knowing that there isn't, almost isn't, going to be a major security release dropping any time of the week, any time of the day, so they can rest easy and just go about their normal business the rest of the week, the rest of the month, and just be able to plan Wednesday afternoon, timezone depending, they will have to do some security updates.

Mario: Good. So what's the story with the Drupal eight reaching end of life? What's, what's going on there?

Damien: Well, it's a standard thing that, or it always has been a standard thing that when a new major release of Drupal core comes out, that the previous release goes into kind of a security updates only mode and then the version before that is marked as end of life so that there won't be any more security updates on that, and pretty much at that point, the community stops maintaining core and contributed modules and themes for that version. In practice, (it) historically meant when triple seven came out, that Drupal five was no longer given security updates and support. When Drupal eight came out, I think it was like eight years after Drupal seven, sorry, after Drupal six had been released, they gave and, if I remember correctly, they gave an extra six months of support just to help bridge the gap of time for sites to upgrade because the development cycle from seven to eight had been so long.

But then, when Drupal nine came out, Drupal seven was still around and still had support. When Drupal 9 came out, the majority of Drupal sites were still on Drupal 7. I forget if it was like two thirds or so of the sites in the world that were on Drupal were still using Drupal seven. So we couldn't just say no Drupal seven is not going to have anymore support, io it was given extra support. Then the plan is that Drupal Ten is going to be released next year, and so there's the knock on effect of you need time to upgrade from core version to core version. And so Drupal eight will be, we'll reach end of life this year. The nice thing is that upgrading from eight to nine is a very, very simple process, especially in comparison to previous sites or previous versions.

We've done some upgrades where a site was fully up to date on contrib modules and was able to be upgraded to from eight to nine with just a few hours of work, and most of that was just poking at Composer to get the right combination of dependencies.

Mario: You're saying that Drupal seven's end of life is actually going to happen after Drupal eight's end of life, yes?

Damien: Yes. So Drupal eight's end of life is tied to the dependencies it has, and its dependencies will run out this year. So I think, it's the big dependency that is causing it is Composer.

Shrop: I think Symphony symphony is part of it, too.

Damien: Composer, symphony. Yes.

Mario: So these end of life decisions are made mainly based on those dependencies, in the case of Drupal seven, it was probably because of the, the adoption that Drupal seven has had gotten, yeah?

Damien: The reason for continuing to support Drupal seven was because of the volume of sites out there that had not upgraded yet and because there wasn't the technical requirement. The dependencies for Drupal seven were still continuing for longer. Drupal seven had fewer third-party dependencies than Drupal eight. So it's easier to say, yes, we're just going to continue it.

Mario: And the future that as the dependencies get shorter and shorter, right, that the actual analyze for future versions may even become shorter than what they are now, perhaps, especially if the upgrade path is such, that is seamless there becomes time where it's just a matter of upgrade and the next installing the next update. And now you're in the next version.

Damien: Yeah. So, keeping a site up to date with the latest version of core, for the major release that you're using, and then keeping all of the contrib module updates, will ultimately mean that it doesn't matter if it's six months or three years between major versions, if it's up to date and you keep it current, it should be a relatively straightforward process. So Drupal eight will hit its end of life this November. Drupal seven has an extra year of support to November '22. So there will be more time for sites to finish upgrading to Drupal nine at that point.

Shrop: I'm glad you mentioned that. They'll just, that'll be the recommended path, just to go straight to nine. You, you won't even have to go through eight at that point, or actually even today, you'd want to go, I think (Drupal) ten is in June, June next year. Yeah. So, so it's moving fast, but it, and I'm glad you mentioned that, Damien, that the upgrade paths are smoother, and that doesn't mean a complex site could have some complications and if you haven't kept things up to date, but from any of us who've been in the community a long time, it, you really don't have to approach it like we're going to build a new site and then migrate all the content. Now it's like actually true upgrades and there's migration paths and it's really great.

Damien: Yeah. So it's more of a traditional once you get onto Drupal eight, plus it's more of an upgrade rather than a rebuild. That's the last major upgrade. Yeah.

Shrop: So get up, get on the new Drupal train then, and I think train is a good visual representation that the community's used to illustrate the end of life for some of these, the train tracks end at a certain point, you want to be on the train track that keeps moving forward. Damien, what kinds of Drupal security resources do you think folks listening should know about?

Damien: So the most important one, I would say, is the security advisory newsletter that everybody can subscribe to off of their profile on Drupal.org. There's just a nice, if I remember correctly, a nice checkbox for that. The security advisories are also available through an RSS feed, and they're also published on Twitter through the website. There are separate feeds for core, contrib, and public service announcements.

So depending on how you like to get your security updates, do all three. Then there's also, as mentioned before, documentation on the security team's processes, and under the Drupal eight documentation, there are pages that describe best practices for writing secure code. So you can avoid security problems while you're building the site rather than dealing with them later. There are a number of books out there, most notably the Cracking Drupal book by Greg Knaddison mentioned earlier. It was written before Drupal eight came out, so it's a bit out of date, but the general practices are still reasonable. And for every function it mentions, you can find the equivalent Drupal eight or nine replacement through documentation online.

Shrop: Well, Damien, we really appreciate your your time on the podcast today and for coming on and talking about, you know, specifically Drupal security, but also, you know, a lot of these concepts, like you were mentioning about Greg's Cracking Drupal book, you know, security is evergreen, it does change over time, there's maybe new things, of course, we learn about securing our systems, but some of those old things are still out there like cross-site scripting. They just are probably going to be for a long time.

Mario: They don't go away.

Shrop: Yeah, exactly.

Mario: Well, Damien, thanks again for joining us today and sharing with us your expertise when it comes to security and the Drupal project. I also personally want to thank you for always being available and helping us with any security or contrib questions that we have. You recently helped me contribute to a project, and that was pretty rewarding to be able to do that.

Damien: You're very welcome.

Shrop: Thanks for listening. You can find us at mediacurrent.com/podcast and subscribe with your favorite podcast app. If you enjoyed this episode, share it with your friends and tag @Mediacurrent on Twitter. For more resources on open source technology, web design, and web strategy. Visit us at mediacurrent.com.



Aug 30 2021
Aug 30

As customer experience and expectations evolve alongside the growing digitalization, digital personalization has transformed from a nice-to-have feature into an essential element of positive digital experiences.

From targeted ads to strategies like account-based marketing, personalization pervades every step of our digital journeys. However, as demand for personalized experiences grows, so does users’ awareness of how their privacy is treated online, which is being accompanied by a surge in important updates to privacy regulations worldwide.

In this peculiar landscape, it thus becomes essential to provide heartfelt personalized experiences, while at the same time taking care to respect your customers’ privacy and avoid strategies that come off as creepy. This article will take a look at how to achieve this balance by going through some essential dos and don'ts of personalization.  

Doing it right

First we’ll look at some tips and examples of personalization done right. Remember that, since personalization is all about maintaining balance, some of these approaches can actually have detrimental effects if you overdo them.

Use first names and personal pronouns

This is the number one rule of personalization which predates data-driven and/or highly automated digital approaches. Using your customer’s first name is the quickest way to establish a personal connection. 

Where it makes sense, you should also opt for the use of personal pronouns over words like “customers” (e.g. instead of “all our customers get free delivery” say “you’ll get free delivery”).

Depending on your business/industry, you may want to be more formal and use the person’s last name together with a title such as Mr/Ms/Mrs. However, this can pose challenges when you’re not aware of their status or preferred gender, or an appropriate title doesn’t exist for the gender that they identify with.

One thing to note is that, with the rise of highly personalized experiences, this has now become an essential part of personalization that all customers expect. You’ll need to do some extra work to differentiate your brand from all the others and truly resonate with the customer.

Another important thing to keep in mind: don’t use a customer’s / prospect’s name if it’s not clear or logical how you know it. On a similar note, don’t overuse their name, as this may come off as very disingenuous, especially when combined with some other “creepier” personalization tactics which we’ll discuss in the other part of this article.

Provide personalized content based on user preferences

These types of digital experiences are extremely popular and are a great example of the value of personalization. This is any type of platform that offers content recommendations based on previously accessed content and/or preferences set on first interaction. 

The best known examples are streaming services, such as YouTube, Netflix and Spotify, and e-commerce websites such as Amazon. Platforms such as Netflix and music streaming services go even further, by allowing users to create their own playlists rather than just rely on recommendations made by algorithms which are purely data-based.

Social media platforms also offer a lot of personalization (i.e. personalized feeds), but in the past years, digital users have become more aware of how these platforms (mis)treat their data and are increasingly seen as creepy. We provide more detailed insights on these topics in our podcast episode with Josh Forte of Comporium.

One of the best things about this type of personalization is that it’s almost entirely based on first-party data, and data which is most often willingly shared by the user since it is completely transparent how it will be used and how they’ll benefit from it.

Offer self-personalization features/promotions

A neat feature of user-centered design is the rise of services that allow users/customers to personalize their own experiences how they see fit. This can include customizing accessibility features of a website via the Civic accessibility toolbar, which can be especially useful in case of temporary disabilities where you might want to adjust your settings.

On the other, far end of the spectrum, we’re seeing the ability to personalize the actual product you buy, through a kind of combination of physical and digital personalization. 

Great examples of this are personalized children’s books designed by the parents themselves via a website, similarly designed gifts, e.g. for staff or business partners, or even custom-built products such as a computer or a musical instrument with custom features or components which the customer can select and combine by choice.

Be mindful of the customer’s context

Perhaps the most important piece of advice when it comes to personalization is to always be mindful of the context. With such an abundance of data collected on each individual, you can’t make the excuse of not knowing basic information about them, especially if it’s obvious that you have really specific data about them.

Use the data you obtain on your customers for good. For example, if you know that a customer has recently lost a parent, don’t advertise Mother’s/Father’s Day related products to them, or Valentine’s Day products to a customer who has just gone through a breakup.

Oh, and, don’t show them location-based offers and promotions for locations that they aren’t in or close to. Especially during a lockdown!

… without being creepy or annoying

In this section we’ll focus on what to avoid when personalizing digital experiences and round everything off with an excellent example which really underlines how things are never black and white in this field, and how valuable personalization can be when it’s properly balanced.

Be tactful with targeting

Targeting users with ads based on products they’ve purchased is all well and good, but tread lightly and remember to maintain balance. The customer likely doesn’t want to see an ad for the exact same product that they’ve just purchased; try targeting them with related or complementary products instead.

This similarly holds true for products that are once-in-a-lifetime or -decade purchases - why would you be inclined to buy a boat after you’ve just bought a boat? (well, ok, maybe if you run a FTSE 100 company, but in that case, chances are you’re not often casually browsing the web to pass the time)

Family Guy mystery box joke

Avoid spamming

Spamming customers with ads and promotions can have the adverse effect of turning them away rather than incentivizing a purchase. This includes taking advantage of the customer’s good favor with something like excessive notification prompts - if they’re already viewing your site and checking out your offering, why risk turning them off by overdoing it?

Avoid dark patterns

Granted, this falls more into general design tips, but it’s still relevant to personalization as these types of UX design patterns frequently make use of common user data such as first name and location. 

Dark patterns break the illusion of data usage being customer-centric and make obvious the fact that its use is tailored to the best interests of the brand, which may make customers reluctant to purchase from or even ​​altogether interact with that brand.

Don’t over collect data

Of course it’s great to have as much data as possible, but you shouldn’t collect data you won’t ever need. In the past few years, consumers have become more aware of how their data is obtained and handled, and realizing that you over collect data may lead them to mistrust your brand, similar to the effect of dark patterns. 

This includes making it too obvious that what you’re doing is disingenuous (much like overusing first names), which results in very blatant and often exaggerated personalization - a common example would be messaging and targeting someone for years after they briefly interacted with your brand once.

Don’t intrude

If your prospect doesn’t reply, don’t take that as incentive to flood them with even more messages, especially if they’re of the intrusive type, e.g. “you haven’t replied in X” or “you better hurry, this super cool offer expires in Y”.

That said, there have been cases where a brand’s customer-centricity combined with persistence actually saved lives. For example, Domino’s has recently gained the reputation of not complying with accessibility standards, but that makes us forget about more positive stories related to the brand, such as the time when their staff saved a regular customer’s life when they were concerned after he hadn’t ordered from them in a while.

This is a perfect example of the importance of getting the balance right with personalization. If they had decided to mind their own business in the fear of not coming off as creepy, their customer wouldn’t have made it. 


Ant balancing on a bough

As we’ve just demonstrated, personalization is an extremely nuanced endeavor and there’s often a thin line between user-friendliness and creepiness. Whether you’re tackling personalization in a B2C or a B2B context, you’ll need to make sure you maintain that balance. 

Hopefully, this article has given you a better understanding of the best practices and customer preferences when it comes to personalization in an always-on but privacy-first digital environment. 

Personalization has become such a key element of digital strategy that you need to make sure you’re doing it right. But, at the end of the day, we’re all digital users ourselves , so if you ever get stuck, just ask yourself what kind of personalized experiences you enjoy the most, and let that serve as your guide.

Aug 27 2021
Aug 27

Whether you’re launching a completely new Drupal website or it’s time to consider redesigning an outdated website, the prospect of finding the right web design agency can feel like a daunting process. However, to meet your business goals and users’ needs, choosing the right firm is an important step.

Drupal excels at providing an easy content authoring experience for complex websites. You’ll want to make the most of its scalability and flexibility by working with web designers and developers that understand Drupal design. Here are some key aspects to keep in mind when thinking about your Drupal design process, looking for a Drupal web design agency, and making sure you can recognize red flags.

What to know about Drupal design

It's not (quite) a blank slate for designers

It’s true that Drupal is highly flexible. You can customize almost everything on your Drupal website, from layouts and colors to content organization and integrations. However, it’s important to keep in mind that as a content management system (CMS), Drupal relies on some standard “building blocks” to allow for quick and consistent content authoring. Every Drupal website has a Theme, or a collection of files that define the presentation of your website. In addition to standard assets like CSS and Javascript files, some of these are Drupal-specific files. For instance, Drupal regions must be added to a theme to control where the content is displayed and how the page is marked up in HTML. It’s necessary for Drupal web designers to understand the basic mechanics of a Drupal website and understand how design concepts will translate into Drupal development.

Design is component based

If you’re following recognized best practices for scalable web design and development, you’ll want to think about your Drupal design in terms of components rather than just pages. In practice, component-based design (also called Atomic Design) means that designs are broken down into smaller component parts that can be combined and rearranged in a number of ways to create different page templates. For example, your smallest components may include buttons, labels, and input boxes. These components always look the same, but they can be re-used and rearranged to create search bars, sign-up forms, or calls to action. These elements can then be combined with others to create larger elements such as headers or modals. 

While component-based design is popular across the web, it’s especially important for Drupal websites in order to take advantage of the flexibility and scalability Drupal offers while maintaining consistency and easy content authoring across a complex website. Drupal 8 has modules such as Layout Builder (included with the Drupal Core distribution) and Paragraphs that make implementing component-based design much easier than it’s been before.

A button component placed in an example designA button component placed in an example designIn component-based design, smaller component parts are combined and rearranged to create larger elements and templates that can be reused in a number of ways across a website.

Your information architecture matters

When you think of a website design, visual elements like colors, images, and typography probably come to mind. These visual components are undoubtedly important, but it’s likely that the information architecture underlying the visual design is just as important—if not more important—to helping users find content and maintaining an attractive, consistent, and user-friendly website. Some ways that information architecture is manifested include site maps, hierarchies and categorizations (i.e. taxonomies), navigation, and metadata.

Choosing the right Drupal web design agency

Now that you know the basics of what designing a Drupal website entails, how do you find the right agency for the job?

Look for Drupal design examples

Often, the most sure-fire way to see whether an agency has the Drupal design experience you’re looking for is to check out the other work they’ve done. Think about the different features of your web design project that are the highest priority or may be unique to your website and make sure the agency you hire has a track record of success on similar projects. For instance, if you’re redesigning a website for a university office, you may look for companies that have previously designed higher education websites. Or if your website needs a reservation system, check if the agency you choose has experience integrating websites with reservation software and constituent relationship manager (CRM)s. Of course, you’ll want to ensure the examples you see are from Drupal websites!

Blue design elements used throughout the University of New England's websiteBlue design elements used throughout the University of New England's websiteDrupal is a common platform for university websites. Redfin has designed and maintained a number of higher education sites, including the University of New England.

Ask about the design process

If you’re unsure about an agency’s design process or it’s not clear in their proposal, it’s more than okay to ask! The agency you choose should have an established “Discovery” phase devoted to understanding your business goals and your users. This might involve creating user personas or defining the key tasks you expect users to be able to accomplish on your website. You may also want to gain clarity about what design deliverables they’ll provide. Depending on the size and scope of your project, this might involve sitemaps, user journeys, wireframes, or design mocks, for instance. Most importantly, ensure that the design process is user-centered.
These days, it’s a good sign if an agency follows an agile approach to design—meaning work is conducted iteratively in two week increments called sprints. The Agile methodology allows stakeholders to provide more feedback and re-examine goals as the project moves along. You can also ask about how designers and developers at the agency work together. A good rapport and established workflow between designers and developers goes a long way toward ensuring your final product looks like the mocks a designer shows you.

Check out their involvement in the Drupal community

The best way to tell whether an agency has real Drupal credentials is to take a look at their involvement in the Drupal community. If they’ve contributed code to Drupal modules or have played a part in organizing Drupal events, it’s likely they’ve committed to keeping up with best practices for designing Drupal websites. At Redfin Solutions, for instance, we regularly sponsor Design 4 Drupal, Boston, an annual conference devoted to design, UX, and front-end development for Drupal websites.

Design 4 Drupal, Boston 2019 attendees in a lecture hallDesign 4 Drupal, Boston 2019 attendees in a lecture hallThe Redfin team (bottom right) at the Design 4 Drupal conference in 2019. Redfin sponsors the conference annually.

Assess their communication style

Remember, you’re going to be working closely with the web design agency you choose. Beyond technical skills, it’s important that a web design agency prioritizes communication skills and customer service. Even the most genius tech wizards are only as good as their ability to communicate with you and listen. After all, it is your website.

Red flags: what to look out for

Don’t get caught off guard when it’s time to launch your website. Keep these red flags in mind when you’re choosing an agency to ensure a successful project.

Avoid designers who don't know Drupal

There are many great web designers out there that aren’t familiar with Drupal. You should avoid them if you’re building a Drupal website. This isn’t because their designs won’t look great on Drupal—it’s because there’s a good chance they won’t know how to implement them in a Drupal environment. This applies to any software or content management system. Choosing a web design agency that specializes in the platforms that your website uses will ensure you get the most out of the technology you’ve got.

Beware an inadequate discovery phase

In an attempt to provide you with the lowest quote possible, a design agency might nix or skimp on the discovery phase. But without this essential first step in the process, an agency can’t possibly build a user experience that delights your users and helps you achieve your business’s specific goals. When it comes to Drupal design, context is everything. Make sure the agency you choose for your project takes the time to understand the environment in which you operate rather than just churning out websites factory style.

Steer clear of agencies that don't mention accessibility

If a proposal from a web design agency doesn’t mention how they’re addressing web accessibility or usability, you should consider this a red flag. Following accessibility standards in design and development allows users with disabilities, such as visual impairment or limited mobility, to access your content—and helps everyone find the information they’re looking for. Depending on your website’s domain, it may even be legally required that your website meet WCAG criteria. When it comes to accessibility, there are no shortcuts.


Keep these tips in mind when you’re ready to find the right Drupal agency for you and your website. To learn more about user-centered web design for Drupal websites, visit our blog or contact us to see how Redfin can help!

Aug 26 2021
Aug 26

To date, speed has taken a backseat when it comes to websites. But today, there’s no denying it– fast websites are effective websites. When a website provides users with underwhelming performance, everything from SEO rankings to conversion rates, ecommerce sales, and general user experience takes a hit. So — how do you get the faster site you need?

You optimize your site for speed and performance.

That’s a very simple answer to a pretty complicated question, of course. Getting your website to a high-performance tier and keeping it there requires a lot of work. Specifically, it requires monitoring that site on an ongoing basis — and that the data collected is gathered under consistent testing conditions.

This work is inarguably worth doing, but starting the work may seem daunting. Use this guide as a launching point, and begin collecting and monitoring the data necessary to achieve exceptional website performance.

Successful Website Performance Monitoring Requires the Right Tool and the Right Method

When you start digging through website analytics and aren’t happy with what you see, you’ll be anxious to make some changes. It’s important not to rush into website speed optimization without the right tool in hand, though.

There are a few different methods of testing website performance. One is to take a snapshot of how a site performs at any given moment. A tool like Google’s PageSpeed Insights (PSI) is fine for that. However, certain inconsistencies in the tool’s functionality, such as actual server location, mean that it’s not very useful for long-term monitoring. Too many variables exist for meaningful data comparison over time.

Other tools, such as Calibre or SpeedCurve, are much more useful for continuous website performance monitoring. They eliminate inconsistencies with server location and certain network conditions. They also work best for those companies fully committed both to ongoing website performance monitoring and site speed optimization efforts. Not everyone is ready to make that commitment — paying for a service, dedicating time and resources to gathering and reviewing data, and then actually optimizing for speed.

A DIY Approach for Starting Out with Ongoing Performance Monitoring

If you’re ready to start continuously monitoring website performance — and you want more than one-off test results without committing to a more advanced service — consider our recommended DIY approach. Note– this method requires a good practical knowledge of spreadsheets.

Choosing the Right Tool for Getting Started with Website Performance Monitoring

One benefit of using PageSpeed Insights and getting that one-off performance evaluation report is the fact that it’s free to use. It’s not the only free tool out there, though. To get up and running with website performance monitoring and speed optimization, we recommend using webpagetest.org (WPT). WPT is also a free tool, but offers the type of control you simply don’t get with a one-off solution like PSI (which, to be clear, does have its uses — just not for ongoing performance monitoring and testing).

Test Your Site While Maintaining Control

Control in this context means eliminating the types of variables that certain tools introduce during testing — and which can mislead you when comparing data from different tests. To present meaningful data for evaluating ongoing website optimization efforts, a good DIY tool must allow you to:

  1. Decide where requests originate from.
  2. Choose the network conditions under which your request is handled.
  3. Select which browsers you want to test for.

Without this type of control ruling out the unpredictable conditions of one-off testing tools, it’s not possible to make meaningful comparisons of data over time. Additionally, you should absolutely look for a tool that produces a Lighthouse report. In fact, if webpagetest.org did not provide a Lighthouse report in its testing, we’d look for an alternative to recommend. These metrics are that important.

Running Your Own Tests

To keep things simple for the purposes of this article, let’s see what it looks like to run the simplest test for our ChromaticHQ.com homepage. We’ll select the Simple Testing tab (direct link to Simple Testing), enter our URL, and enable Run Lighthouse Audit. Notice that Test Configuration is left as the default (Mobile - Fast 3G); more on this later. This configuration will run three performance test runs against the URL that you’ve provided. The data for all three tests will be available once the test is completed, but by default, it will show you the data for the median run (that is, not the best nor the worst of the three, but the one in the middle; that’s the one we want).

Here’s what our configuration looks like on WPT:

Screen capture of the main WebPageTest interface, depicting a primary textfield to enter a testing URL

Once we’ve filled out this simple form, we can click the Start Test button on the right, which will submit our test request and bring us to this page:

A screen capture of the WebPageTest

Keep that page open for a bit and you will eventually see that your tests are running:

A screen capture of the WebPageTest interface, showing the interstitial

And, after a few minutes, your tests will be ready:

A screen capture showing a WebPageTest result, with scores across multiple metrics.

Congratulations! You’ve taken the first step in your performance monitoring journey.

Before we move on to the next step, you should do the following:

  1. Make note of the First Byte metric. The table under the Performance Results (Median Run - SpeedIndex) heading has a First Byte column. Write down the value recorded under that column (0.837s in the above screenshot).
  2. Open your Lighthouse Performance report. You can do this by clicking on the first box near the top right that has the label Lighthouse Perf below it. That link points to the Lighthouse Performance report for the median run by default.

Capturing Results and Visualize Progress with a Performance Tracking Spreadsheet

Once you have opened your Lighthouse Performance report, you’ll be ready to move on to the next step: adding them to a spreadsheet to compare test results over time. Anyone can do this, but it does take a bit of time and effort to set up. Luckily, we’ve created a boilerplate spreadsheet to get you started.

We based this spreadsheet on the tools we at Chromatic have used internally to help inform our performance efforts for our own clients and agency partners. Using this tool, you’ll be able to easily enter your test result data, visualize your progress, and focus on the metrics that will help your team succeed.

The tool is complete with sample anonymized data, production and staging comparisons (should you want to test both), multiple pages, and configurable goals. It’s packed with enough features to kickstart your long-term performance monitoring strategy.

Aug 26 2021
Aug 26

On our theme BizReview and Listiry, now available in Drupal 9, we have to solve the common problem with displaying nodes on maps.

Here are what we have used in our themes and have verified it is working. Please see the result as below:

Demo of maps on Drupal

Now please follow our tutorial on how to display maps on Drupal with Geofield, Address and Geocoder modules:

1. Install Drupal and Geofield

Install Drupal core:

composer create-project drupal/recommended-project my_site_name_dir

cd my_site_name_dir

Install geofield and geofield_map

composer require drupal/geofield drupal/geofield_map

Enable them all.

2. Create content types and fields

Now please create a new content type, "Listing" for example, and add a new field of type Geofield.

Go to Manage form display, and set the geofield's widget to Geofield Map

Set Geofield's manage form display to Geofield Map

Go to Manage display, and set the geofield's display to Geofield Google Map

Now you can create a testing node, enter the latitude and longitude as below:

Lat: 40.703081
Long: -73.935658

Save it and you can view the newly created node like this.

Demo of maps on a Drupal node

3. Autocomplete address:

As you can see, we can't just enter coordinates data (latitudes and longitudes) everytime we create nodes. How can we know the coordinates of an address?

The user friendly solution is when we type an address, it will automatically translate it to coordinates.

And that's when we need to use Google Place APIs in order to achieve that.

You need to register a free Google APIs key, please follow the guide here: https://developers.google.com/maps/gmp-get-started#enable-api-sdk

Enable Place APIs on Google Maps APIs

Note: you need to enable Geocoding, Maps and Place APIs on your Google Cloud Console.

When you enter a valid key at /admin/config/system/geofield_map_settings, please go to Manage form display and enable Address Geocoding of geofield.

enable Address Geocoding of geofield

Then you can start to enter addresses and they will be converted to coordinates automatically.

Address autocomplete on Drupal

The address info you type in, is only shown on the node edit form. So if you want to store it to display on the node page, please do the following:

Create a new field of type plain text, field_geoaddress for example.

On Manage form display, edit the setting of geofield, and set Geoaddress Field to field_geoaddress, select the option to hide it from the node form.

Set geoaddress for Geofield

The new field_geoaddress will keep the address you type in, so you can display it as you wish.

4. A complete Address field

If you want a complete address field with Street, Neigbour, City, State, Country fields ... you will need the Address module.

Install and enable Address module:

composer require drupal/address

Now create a new field of type Address on your content type. Then you can add complete address info on your nodes.

Address module on Drupal

5. Address to Geofield:

How can we automatically convert the address field to coordinates on Geofield? We need Geocoder:

Install the module:

composer require drupal/geocoder

Install Google Maps and Arcgis PHP package:

composer require geocoder-php/google-maps-provider geocoder-php/arcgis-online-provider

Tip: the "geocoder-php/arcgis-online-provider" is free (no API Key required), it is a good testing provider.
"geocoder-php/google-maps-provider" is good if you have an API key.

Enable all modules and submodules.

Config provider: /admin/config/system/geocoder/geocoder-provider, please add Google Maps and Arcgis Online Provider as the providers.

Config Geocoder providers

After that, please go to Manage fields, edit the geofield node and set it to geocode from the existing address field.

Config Geocoder for Geofield

When you are done with it, everytime you create a node with address info, Geocoder will automatically convert it to coordinates so it can be displayed on maps.

Have fun!

Aug 26 2021
Aug 26

Ok, sounds weird, but it’s true.

Imagine for a moment using Next.js as the decoupled front-end of your Drupal site. Imagine it worked well and was transparent to your content editors. Use the power of Drupal, with built-in JSON API’s to feed all the content you can think of to the front-end. Use Next.js to build out hyper-performing front-end experiences. This approach opens up new possibilities for your developers and your website to deliver content quickly, securely, and across multiple platforms.

Chapter Three is excited to introduce our open-source integration of Next.js and Drupal: https://next-drupal.org

Peanut Butter and Jelly Sandwich Photo credit: Max Pixel

Next.js for Drupal, or Next-Drupal provides a path to replace your Drupal front-end with Next.js while retaining key Drupal editing features: the best of both worlds.

  • Instant preview within Drupal. Content editors want to see the work they do when they publish it, not five or ten minutes later. We provide an instant preview of your Next.js site within the editing workflow. Your editors will love this! 

  • Keep your favorite Drupal editing features. Menu items, views, search, translations, revision previews, draft content, and content moderation are all supported! You do not have to give up your editing experience when you use Next-Drupal.

  • Familiar content architecture. Create custom content architecture schemas using Drupal fields, but leave the myriad of modules and clunky twig template engines behind.  Your developers will LOVE this!

  • Gated content. Our solution is fully integrated with Roles, Permissions, and the user login system. You can use the Drupal login system to provide gated content on your Next.js front-end.

  • Multisite and Multiple Views. Hosting many sites within one Drupal installation has been upgraded. Using our solution, you can host as many sites as you want. You can push to multiple Next.js front-ends, including digital displays beyond the traditional browser. Do you have a pile of Drupal 7 areas that need a modern solution? You have found it. Build your content platform now.

The age of monolithic software that does everything is getting old. PHP and Mysql are not the sexy new technologies they once were. Bottom line:

  • Drupal is an amazing content management platform
  • Next.js is an amazing front-end
  • We combined them.

The result is the best Peanut Butter and Jelly Sandwich a technology could possibly deliver! Let’s build your project using Drupal and Next.js!

Aug 25 2021
Aug 25

Lynette has been part of the Drupal community since Drupalcon Brussels in 2006. She comes from a technical support background, from front-line to developer liaison, giving her a strong understanding of the user experience. She took the next step by writing the majority of Drupal's Building Blocks, focused on some of the most popular Drupal modules at the time. From there, she moved on to working as a professional technical writer, spending seven years at Acquia, working with nearly every product offering. As a writer, her mantra is "Make your documentation so good your users never need to call you."

Lynette lives in San Jose, California where she is a knitter, occasionally a brewer, a newly-minted 3D printing enthusiast, and has too many other hobbies. She also homeschools her two children, and has three house cats, two porch cats, and two rabbits.

Aug 25 2021
Aug 25

With the Drupal 8 end of life in a little over two months and Drupal 10's release next year, this is the time of transitions again at Drupal. However, while Drupal 7 to 8 (or 9) was a big move, the transitions from 8 to 9 and 9 to 10 are much smaller and mostly automated.

Drupal 10 is planned to be released in June, August or December 2022 and the tools are getting ready to support that. The two key tools will be the same as the previous upgrade: Upgrade Status and Drupal Rector.

Matt Glaman has been doing amazing work recently in the underlying components of both tools. Thanks to his work on updating phpstan-drupal for Drupal 10 support, Upgrade Status checks deprecated API uses on Drupal 9 too. Since my last update on that, I added reporting of deprecated modules and new system requirements as well.

Ryan Aslett at the Drupal Association built the project analysis job on top of Upgrade Status and that is run on Drupal 9 projects now as well. So we have an idea of the extent of work that will need to be done for Drupal 10 compatibility. I've updated the dev.acquia.com deprecation dashboard to show Drupal 10 results. While projects should not be expected to be Drupal 10 ready at this time, the dashboard helps us prioritise work on certain parts of the tooling to help the ecosystem upgrade.

To support that, Palantir.net has been sponsoring Matt Glaman to also bring Drupal Rector up to date for Drupal 10 readiness. The results are already outstanding! Today, of the 22204 Drupal deprecated API uses identified in Drupal 9 compatible projects. These are green and purple on the chart below. Drupal Rector has automations to fix 95% of them (green). There are a further 5391 non-Drupal deprecated API uses (yellow) including Symfony and PHPUnit deprecated APIs. Those themselves have third party rectors, so the coverage will further improve by including those. That is in the works.

Image showing the current state of Drupal 10 readiness of Drupal 9 compatible contributed projects

The drupal.org Project Update Bot resolves rectorable deprecated API uses (green) and info/composer issues (blue) when posting patches, so this means that it will be able to resolve most deprecated APIs in its suggested fixes already and we expect it will improve more with third party rectors added.

Drupal 10 itself is a moving target, the branch will be open around October/November so the above does not mean that the tools are complete, but we are significantly further ahead this time compared to the Drupal 8 to 9 transition, making the upgrade to Drupal 10 smoother for everyone.

With the Drupal 8 release, we decided upgrades must be easier going forward and thanks to the fantastic work of contributors and sponsors, we are doing it again.

Aug 25 2021
Aug 25

A few core modules are being deprecated in Drupal 9 for removal in Drupal 10. There are a variety of reasons for their removal, but in each case we think moving to a contributed project would serve users better.

To support the continuous upgrade path and provide stability for Drupal 9 users moving to Drupal 10, we are looking for potential maintainers and co-maintainers to keep security support and ensure stability of the codebases moving out from core. The initial scope of maintaining these projects is to keep the Drupal 9 core-compatible branches intact and provide security support. It would be nice if the new maintainers also improve the projects further but that is not part of the initial scope.

QuickEdit module is being moved to a contributed project and is seeking maintainers.

Lee Rowlands stepped up to maintain Forum and HAL modules moving to contributed projects, but co-maintainers would be welcome. Lee Rowlands and Andrey Postnikov plan to maintain Aggregator as a contributed project.

Additionally there is discussion about removing the RDF module too, feedback welcome. This is not yet at a stage where we need maintainers, although it may be there in the future.

Aug 25 2021
Aug 25

With the rise in technology usage, companies are in a never-ending battle to make their website stand out online. Creating and/or updating a company website may not be the easiest task to accomplish, but it’s necessary in order to scale your business. Let’s take a peek at the top 5 ways to make your website get more traffic and conversions.

5 Ways to Make a Head-Turning Website 

Did you know that over 50% of customers expect any brand or business to have an online presence where they can access their services? This is why producing engaging digital marketing collateral and creating an unmatched brand experience is not only expected but necessary to thrive online. The best way to do this is by creating a website that your customers are excited to check out. Where should you start? Here’s how you can build a head-turning website in 2021. 

1. Tell a Story

Although product/service specifications are nice to incorporate on your site, your features shouldn’t be your only focus to draw new customers in. You should also consider telling a compelling story at the right time.  

Customers love a great story. Why? It makes them feel connected to your business, and creating a connection with your customers leads to more sales for your business in the long run. 

Have writer’s block? Here are some things to ask yourself in order to help you in the story creation process: 

  • Who are we?
  • How did we get our start? 
  • Who do we help? 
  • Why us? 
  • What pain points do our customers generally have before choosing to do business with us? 

After you ask yourself these things, you can begin writing your first draft of your company story. The more eyes you can have on this draft the better. Your story will be one of the key drivers that brings your business more leads and draw in a community of customers who are thrilled to do business with you over and over again. 

2. Give Social Proof

What are the odds that you would buy from a business you had never heard of before? To top it off, they also don’t have any reviews. Chances are you wouldn’t.

Social proof, in essence, is a customer testimonial that you display on your website out of the intention of helping your website users trust you more  — even if they haven’t ever heard of you before! Social proof is proof that you  are who you say you are and that you have satisfied customers who are willing to back that statement up. 

You can create social proof on your website in the form of a customer quote or customer testimonial video to get your audience to want to do business with you. Some of the most popular places to add social proof on your site include the home page or on a landing page because those are the places where customers are more likely to convert on your site. 

3. Use High-Quality Imagery

One of the most popular ways to get your business to stand out digitally is by incorporating high-quality imagery throughout your site. You can use imagery to convey information in a way that words can't, and it's a proven method for getting visitors to click through to your site. Some places where your website could use images include:

  • Your Website Header
  • Blog Posts
  • Product/Service Pages
  • Your Different Home Page Sections
  • The About Us Page

Not sure where you can get copyright-free images to use on your site? Some of our favorite places to get free stock imagery include Unsplash, Pexels, and Pixabay. (You can thank us later.)

4. Write Website Copy with SEO in Mind

You won’t stand out online if you don’t follow Search Engine Optimization (SEO) best practices. There are no ifs, ands, and buts about it. 

What is SEO? SEO is a marketing tactic used by businesses to boost their website visibility in search engines like Google. They do this by creating website copy and blog posts with user search intent in mind.

Woah. Woah. Woah! What does that even mean? Let’s look at an example. 
If you have an ice cream shop in the city of Charlotte, you may want to use keywords like “ice cream shop Charlotte” or “the best ice cream shop in Charlotte, NC” throughout your website copy or blog posts to make your website easier to find online. To ensure that you are using the right keywords, you can perform keywords research to make sure that your content is right on track to get discovered through SEO. 

Don’t worry if you don't have the experience to write SEO friendly content — you can always rely on services like Grammarly, BestWritingService or TrustMyPaper to write the content for you.

5. Embed Video Content On Your Site

Content is king, and video content is on the rise. With popular platforms like TikTok and Instagram Reels stealing the scene for video content, it’s more important now than ever before that you include video content on your site too. It makes understanding your business that much easier for your end customers. 

A lot of businesses house video content on their site under their resource tab on their “video library” page. In addition to having a video library, we will advise that you add video content on all of your other pages as well. That way if your website users prefer to consume content via video, you have a way for them to easily watch your video content in just a few clicks. 

Fun Fact: By 2022, online videos will make up more than 82% of all consumer internet traffic. This is 15x higher than it was in 2017!

Develop the Perfect Website for Your Business

It’s 2021. Your customers expect a phenomenal user experience and brand experience on your site, and now is the time to find new ways to make your website stand out (even if you are in an over-saturated market). 

Need a web developer to level up your website? Connect with us to work with a website team you can trust. 

Author bio

Ryan Gould, Vice President of Strategy and Marketing Services at Elevation Marketing

LinkedIn contact: linkedin.com/in/rygould

From legacy Fortune 100 institutions to inventive start-ups, Ryan brings extensive experience with a wide range of B2B clients. He skillfully architects and manages the delivery of integrated marketing programs, and believes strongly in strategy, not just tactics, that effectively aligns sales and marketing teams within organizations.

Ryan is known for taking complex marketing and business challenges and developing solutions that simplify processes while driving customer outcomes and business value. He also thrives on guiding Elevation teams toward execution of strategies that help companies succeed in new verticals, while staying true to core values and brand integrity.


About Drupal Sun

Drupal Sun is an Evolving Web project. It allows you to:

  • Do full-text search on all the articles in Drupal Planet (thanks to Apache Solr)
  • Facet based on tags, author, or feed
  • Flip through articles quickly (with j/k or arrow keys) to find what you're interested in
  • View the entire article text inline, or in the context of the site where it was created

See the blog post at Evolving Web

Evolving Web