Upgrade Your Drupal Skills

We trained 1,000+ Drupal Developers over the last decade.

See Advanced Courses NAH, I know Enough
Sep 16 2021
Sep 16

If you’re a Drupal professional, Drush needs no introduction. But if you’re just starting out as a Drupal developer or keen on learning about Drupal, you should know that Drush is something you just CANNOT ignore. Short for “Drupal + Shell”, Drush is a Command Line Interface (CLI) tool made exclusively for Drupal. With Drush, you can set up new Drupal websites quickly and easily work with the Drupal installations. It helps you streamline your development and administrative tasks thus improving your productivity.

Drush 9 and Drush 10 core comes shipped with tons of helpful commands that helps you interact with themes, modules, profiles, etc. Some useful commands include – SQL commands, exporting or importing configurations, updates, migrations, cron or clear cache, and much more. It is also extremely extensible, in that you can create your own custom commands. In this article, you will find more information about how to create custom Drush 9 and 10 commands in an easy step-by-step process. 

Note: Drupal 8.4 and higher support Drush 9, while Drupal 8.8 and above support Drush 10.

Custom Drush Command

Drush and Drupal Console

Although Drush and Drupal Console are both super useful CLI tools that make developers’ work easier, they are often used in different scenarios. With Drupal Console being the most recent addition to the Drupal world, it is a very useful tool for new developers to cope up with Drupal’s infamous learning curve. However, our take would be to use both Drush and Drupal Console as when put together they can do so much more in speeding up development and boosting productivity. 

While Drupal Console lets you create custom modules, services, entities, boilerplate content, debugging and more, Drush lets you perform more basic but foundational tasks. These tasks include installing Drupal, interacting with the installation, exporting and importing configurations, download and update contributed modules, Caching, update the database, run cron jobs and much more. For more details on each of their features, please refer to this guide.

When would we need to Create Custom Drush commands?

Although there are many Drush 9 commands that are ready to use for various functionalities, there are always times when they’re not adequate. We create custom Drush commands for many database related processes like entity field value updates, DB updates, importing or exporting data to and from Drupal, and other bulk processes. Also, when we have secure methods to be called, we can opt for Drush command implementation. 

How to Create a Custom Drush Command

The previous versions of Drush the implementation of Drush custom code followed different models. It was based on the hook_drush_command() and made use of .inc files.

In Drush 9, we will no longer use the .inc files or the hook_drush_command(). Drush commands will now be based on Annotated command format. This changed the fundamental structure of custom Drush commands.

Step 1: Create a module

Create a .info.yml file


Step 2: Create a service using services.yml

Create a .services.yml file

Services YML


Step 3: Create a Drush service class

Now let’s extend the DrushCommands base class.

Use Drush

Path to the class file should be: 

Batch Command

Under this class, each method can be a command function if it is properly annotated.

Step 4: Create annotated methods

Print Info

Here are a few of the common annotated commands:


Step 5: Clear cache

Now let’s clear the cache to flush all caches with this command:

drush cr

Start using the new custom command you just created:

drush custom-message 
Custom Message

Note: Multiple options added, as options is an array value.

Sep 16 2021
Sep 16

The Discover Drupal 2021 recently began the next phase of their journey. This year we have eight students. After completing their prerequisite course in July, they have all started the course for their chosen pathway.  Each month we introduce a student, and this month, we welcome Abokar Botan!

Abokar was referred to the program by Genesys Works and is entirely new to Drupal. He currently resides in Minnesota.

Tell us a little about you. What are your hobbies and interests? My name is Abokar. I am majoring in computer science. One of my hobbies is coding. My interest is to become a Software Engineer.

What is your ultimate goal in learning Drupal? My ultimate goal is to learn front-end development.

What are you most excited about regarding this program? My most exciting thing in this program is having a mentor who listens to all your ideas and gives you great advice.

If you see Abokar online in Drupal Slack or at any upcoming Drupal events, please give him a warm welcome. His Slack user name is Abokar Botan.

Thank you to our Partners and Sponsors

We want to thank our founding partner, Kanopi Studios and especially Allison Manley for her hard work and dedication to the program. We also want to thank our platinum sponsors: Lullabot and Elevated Third for the financial support that has been instrumental in launching this program. Finally thank you to our excellent training partners, Drupal Easy, Evolving Web, Mediacurrent, and Drupalize.me.

If you’d like more information about the program or would like to become a supporting donor, please reach out to us a [email protected]

Sep 16 2021
Sep 16

Our normally scheduled call to chat about all things Drupal and nonprofits will happen TODAY, Thursday, September 16 at 1pm ET / 10am PT. (Convert to your local time zone.)

This month we'll be chatting about the Project Browser Initiative and anything else that might be on your minds at the intersection of Drupal and nonprofits. 

All nonprofit Drupal devs and users, regardless of experience level, are always welcome on this call.

Feel free to share your thoughts and discussion points ahead of time in our collaborative Google doc: https://nten.org/drupal/notes

This free call is sponsored by NTEN.org and open to everyone.

View notes of previous months' calls.

Sep 16 2021
Sep 16

The Drupal system can be classified as one of the safest CMSs on the market. It has a refined structure and a wide range of functions. In this text, we'll take a look at Drupal 8 first. We'll remind you when it was released and what changes it brought when compared to the previous versions. Next, we'll take a closer look at Drupal 9 and then compare both versions.

Drupal releases

Drupal 8 was released on 19 November 2015. Compared to the previous version, that is – Drupal 7, there were as many as 200 new built-in functions, the multilingualism of the platform was improved and, for example, the new page editor and the version for mobile pages were introduced (as a built-in function – no additional domain for the mobile version is required). In terms of differences from the previous version, we can also add the fact that Drupal 8 uses object-oriented programming, instead of the procedural approach used in the previous version. The new version of Drupal uses a different theme engine – Twig, which is based on PHP. This makes it easier for programmers creating new themes because of the simpler syntax.

Another additional feature in Drupal 8 is the ability to edit the content directly from the site's user interface. It's also worth mentioning that the newer version of Drupal has access to the views directly from several administration screens. There's no need to spend additional time on it anymore, as was the case with Drupal 7. Looking from the perspective of a person viewing the page, we can also notice that the page loading speed has significantly increased thanks to entity caching. In addition, the previously viewed content doesn't need to be reloaded because it remains in the system cache. Also, the JavaScript code isn't loaded until it's necessary. After updating Drupal to version 8, you should also pay attention to the new types of fields that can significantly simplify the work for programmers.

What's the difference between Drupal 8 and Drupal 9?

Drupal 9 was released on 3 June 2020. It was built on version 8, so the changelog is shorter and the update from version 8 to 9 is simpler. The most important differences are the removal of almost all deprecated functions. In version 9, they've been replaced by other ones, and those that remained will be removed in the next installment of Drupal. A list of deprecated functions is available at Drupal.org.

Also new in version 9 is the next version of Symfony. Drupal 8 used version 3, but now it's version 4. Additionally, the Twig theme engine version has been updated – has been changed from version 1 to 2. Another difference between Drupal 8 vs 9 is the fact that most of the jQuery UI library dependencies have been removed. In the case of performing tests, in the new version, we rely on the PHPUnit solution (previously, the SimpleTest framework could be used).

The next thing that was almost completely removed in Drupal 9 is the Simple Annotation Parser from Doctrine. However, the required elements were incorporated into the Drupal 9 core. We also need to pay attention to the Apache version, because in the case of Drupal 8 version 2.x was enough, but currently, Drupal 9 requires a min. version of 2.4.7. The situation is similar with PHP – this time a min. version of 7.3 is required, but version 7.4 and 8.0 are also supported (applies to Drupal 9.1.0). In terms of the database and the use of MySQL/Percona, Drupal 9 requires a min. version of 5.7.8; Drupal 8 worked with version 5.5.3. The same goes for using MariaDB and SQLite. These need to be min. versions of 10.3.7 and 3.26 respectively. The previous version of Drupal used version 5.5.20 for MariaDB and 3.6.8+ for SQLite.


According to the above description of the differences between Drupal 8 vs 9, we can certainly say that the newer CMS release is much better in terms of speed. Using a min. PHP version of 7.3 improved the page loading speed. We can see an example on the PHP Benchmarks page, where all PHP versions are listed – from 5.6 to 8.0. At the very first glance, we can already see that between Drupal 8 and 9 there was an increase in performance of over 10%. This is the perfect reason to consider an upgrade, as each new version of PHP causes an even bigger leap in performance.

The situation is similar with Symfony. Version 3 has been used so far, but Drupal 9 needs the newer, fourth version of the framework. Thanks to it, we can significantly reduce the working time the developers need to create a new module or improve an existing one. The results of comparing Symfony versions from 2 to 5 can be checked on the already mentioned PHP Benchmarks page.

Comparison of the Symfony versions on the PHP Benchmarks website


Another point that we can refer to in the context of the performance comparison is the Twig version used. In the case of Drupal 9, the theme engine is about 15% faster than the one used in Drupal 8.

Performance comparison of the different versions of the Twig template engine used in Drupal


You may also be interested in: Why Drupal Is The Best Headless CMS?

Drupal 8 to Drupal 9 – upgrade

Upgrading Drupal 8 to Drupal 9 is much simpler and less time-consuming compared to the transition from version 7 to version 8. First, we need to verify that we are using the latest version of Drupal 8. It should also be noted that soon (November 2021) support for the older, eighth version of the described CMS will end, so soon we should carefully think over the update process and prepare for updating Drupal.

Once we are sure that we have the latest version of Drupal 8, we can start by updating all modules and skins. In this case, we also need to have their latest versions. At this step, we'll see that most of the modules already support Drupal 9. Next, it's worth using the tool provided by the authors of this CMS to prepare a checklist of things that need to be prepared, so that the update goes smoothly and without complications.

One of the last steps will be to check whether the server on which we plan to install Drupal 9 meets the requirements for PHP, Apache, and database engine versions. We've described the required versions in the previous paragraphs. At this point, we're one step away from using Drupal 9. It only takes a few clicks and some time to go through the entire update process.

Drupal 8 vs Drupal 9 – summary

Due to the upcoming end of support for Drupal 8, the significant increase in system performance, and the relatively simple means of updating to the latest version, we recommend that you complete this process as soon as possible. Thanks to this, you'll avoid any problems after support has ended and complications in the event of updating "real quick" in an environment that's not adapted to this. It's worth planning this process from start to finish and enjoy the much greater transparency of the code and the new possibilities offered by Drupal 9.

If you don't know how to properly update to the latest version, our experienced Drupal support team will be happy to help you.

Sep 15 2021
Sep 15

Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass.

Sites that do not have the JSON:API module enabled are not affected.

This advisory is not covered by Drupal Steward.

Sep 15 2021
Sep 15

The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data.

Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed.

This advisory is not covered by Drupal Steward.

Sep 15 2021
Sep 15

Drupal's JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the site.

This vulnerability is mitigated by three factors:

  1. The JSON:API or REST File upload modules must be enabled on the site.
  2. An attacker must have access to a file upload via JSON:API or REST.
  3. The site must employ a file validation module.

This advisory is not covered by Drupal Steward.

Also see GraphQL - Moderately critical - Access bypass - SA-CONTRIB-2021-029 which addresses a similar vulnerability for that module.

Sep 15 2021
Sep 15

The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues.

Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed. Removing the "access in-place editing" permission from untrusted users will not fully mitigate the vulnerability.

This advisory is not covered by Drupal Steward.

Sep 15 2021
Sep 15

The Drupal core Media module allows embedding internal and external media in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is accessed by a trusted user with permission to embed media. In some cases, this could lead to cross-site scripting.

This advisory is not covered by Drupal Steward.

Also see Entity Embed - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2021-028 which addresses a similar vulnerability for that module.

Updated 18:15 UTC to clarify text.

Sep 15 2021
Sep 15

Lynette has been part of the Drupal community since Drupalcon Brussels in 2006. She comes from a technical support background, from front-line to developer liaison, giving her a strong understanding of the user experience. She took the next step by writing the majority of Drupal's Building Blocks, focused on some of the most popular Drupal modules at the time. From there, she moved on to working as a professional technical writer, spending seven years at Acquia, working with nearly every product offering. As a writer, her mantra is "Make your documentation so good your users never need to call you."

Lynette lives in San Jose, California where she is a knitter, occasionally a brewer, a newly-minted 3D printing enthusiast, and has too many other hobbies. She also homeschools her two children, and has three house cats, two porch cats, and two rabbits.

Sep 15 2021
Sep 15

When writing a hook implementation, for example of hook_cron, there's often a tendency to write purely procedural code, like this:

function my_module_cron() {
  $entity_type_manager = \Drupal::entityTypeManager();
  $node_storage = $entity_type_manager->getStorage('node');
  // More code goes here.

If you've got one or two easily understandable lines of code, fine, but frequently you'll end up with a little mini-application jammed into a hook implementation and it can be very easy to end up with something that's not particularly readable, let alone maintainable.

In several articles I've read they mention that you 'cannot' use Object-Oriented Programming code in a hook, and while sort of technically true, there's several easy ways to get back into the OOP world from a Drupal hook:

Static method

This is sort of one for people who simply don't feel right unless they are programming in a class because it doesn't bring all that many advantages over just writing your code in a function, but your hook implementation could look like this:

function my_module_cron() {

And then you'd have a simple class in src\Utility\MagicalCronApplication.php:

namespace Drupal\my_module\Utility;

class MagicalCronApplication {

  public static function run() {
    $entity_type_manager = \Drupal::entityTypeManager();
    $node_storage = $entity_type_manager->getStorage('node');
    // More code goes here.

So that gets you into an OOP landscape, but it's a static method, so not all that different from the function implementing the hook, we can do better.

Create an instance

We could do a little refactor and make it so that our hook implementation instantiates a class and then calls a simple method on it, this would help our code look a little more familiar and indeed allow breaking up our little application into more methods to aid readability.

function my_module_cron() {
  $instance = new \Drupal\my_module\Utility\MagicalCronApplication();

And then you'd have a simple class in src\Utility\MagicalCronApplication.php:

namespace Drupal\my_module\Utility;

class MagicalCronApplication {

   * The node storage instance.
   * @var \Drupal\Core\Entity\EntityStorageInterface
  protected $nodeStorage;

  public function __construct() {
    $entity_type_manager = \Drupal::entityTypeManager();
    $this->nodeStorage = $entity_type_manager->getStorage('node');

  public function runApplication() {
    // More code goes here.

We've got more code than ever before, but it's going to be simpler to split up our mini-application and tightly couple the methods together into a single class now.

We could also go a bit further and use the dependency injection pattern to get:

function my_module_cron() {
  $instance = new \Drupal\my_module\Utility\MagicalCronApplication(\Drupal::entityTypeManager());

And in src\Utility\MagicalCronApplication.php:

namespace Drupal\my_module\Utility;

use Drupal\Core\Entity\EntityTypeManagerInterface;

class MagicalCronApplication {

   * The node storage instance.
   * @var \Drupal\Core\Entity\EntityStorageInterface
  protected $nodeStorage;

  public function __construct(EntityTypeManagerInterface $entity_type_manager) {
    $this->nodeStorage = $entity_type_manager->getStorage('node');

  public function runApplication() {
    // More code goes here.

Class resolver

Dependency injection is a lovely programming pattern that allows nice things like easily passing in mocked objects and if nothing else explicitly listing out our code dependencies. But if you don't have a Dependency Injection Container around, it can make instantiating classes pretty tricky/verbose, thankfully Drupal does and it has also has a super nifty class that'll help us access services in the container too. (Technically this is dependency container injection into a factory method, but hey!)

So we can rework our code to be like this:

function my_module_cron() {

And in src\Utility\MagicalCronApplication.php:

namespace Drupal\my_module\Utility;

use Drupal\Core\Entity\EntityTypeManagerInterface;
use Drupal\Core\DependencyInjection\ContainerInjectionInterface;
use Symfony\Component\DependencyInjection\ContainerInterface;

class MagicalCronApplication implements ContainerInjectionInterface {

   * The node storage instance.
   * @var \Drupal\Core\Entity\EntityStorageInterface
  protected $nodeStorage;

  public function __construct(EntityTypeManagerInterface $entity_type_manager) {
    $this->nodeStorage = $entity_type_manager->getStorage('node');

  public static function create(ContainerInterface $container) {
    return new static(

  public function runApplication() {
    // More code goes here.

Now we can write code that's much more familiar to the rest of Drupal and much more importantly we can copy/paste code from other classes as we need without having to think too much or doing various gymnastics to get the services we need, we can just add them nicely to the constructor and factory and we're away!

This approach also allows calling this code from multiple places much more easily, say if you want to provide a Drush command that calls this code or even a button in the web UI that runs the exact same code. These things are now super simple.

Bonus: If we happen to not actually need any services from the container, then we can actually drop the create factory method and the implements and the class resolver will basically call new for us, but the day we do want those things we can pop them back and we don't have to go around worrying that usages of our class will break.

We could stop there...and we probably should...but.

A service

We're now not actually that far away from creating a full-blown service, which essentially is only different from the last example in that the class is also made available in the dependency injection container for other code to use too.

For that we could declare our service in a my_module.services.yml file like so:

    class: Drupal\my_module\Utility\MagicalCronApplication
    arguments: ['@entity_type.manager']

And then our hook becomes:

function my_module_cron() {

We can then drop the factory static method from our class:

namespace Drupal\my_module\Utility;

use Drupal\Core\Entity\EntityTypeManagerInterface;

class MagicalCronApplication {

   * The node storage instance.
   * @var \Drupal\Core\Entity\EntityStorageInterface
  protected $nodeStorage;

  public function __construct(EntityTypeManagerInterface $entity_type_manager) {
    $this->nodeStorage = $entity_type_manager->getStorage('node');

  public function runApplication() {
    // More code goes here.

Aside from probably now being really badly named, a service allows some other fun things, like other code could swap out the actual class instantiated when the service is requested. If you did really want to do something like that I'd argue that you can actually swap out the hook implementation itself using a module_implements_alter hook implementation instead, which is probably clearer as to what's going on (it's still not very clear, obviously).

If you are declaring a service you should probably also give the class an interface and because you are advertising to the world that they can call your code you should expect that to happen. You might now have to think about what issues you might cause if you change that code in the future. You might end up supporting an entire ecosystem of modules off of your service, that's a lot of potential code to break.

It's possible that a hybrid approach might be appropriate, whereby you declare some service that contains small, useful functions that other code from other modules might want to call, but that you keep your hook implementations either simply calling the methods on those simple services or where a little bit more logic is required: having a tightly coupled utility class, like in the 'Class resolver' example, that can do the work in a more OOP way.

Wrapping up

I'd argue that unless your hook implementation is no more than two or three lines, you might as well spin up a quick utility class and use the class resolver to instantiate the class. The future you will be grateful that you put in the extra minute to make your codebase more consistent, more copy/pasteable, and more flexible.

Additionally, if your utility class ends up with a lot of useful code in it I'd strongly consider refactoring it into a service so that other code can use your useful code too, but probably don't reach for the services.yml every time you need instantiate an object. But equally, you can use Object-Oriented Programming to implement a hook, almost.

Photo by James Harrison on Unsplash

Sep 15 2021
Sep 15

E-commerce websites are increasingly using the newest technologies to enhance their outreach and customer service. They can offer unique and better features for their audience that improves the visitor experience on the website.

Drupal has been the CMS of choice for large-scale websites. It provides newer features for e-commerce businesses and allows their customers to have a better experience shopping online. In addition, you can use a Drupal eCommerce module that will help you engage more with the visitors and ensure more conversions through your website.

Fully Open-Source

One of the critical aspects of any CMS is that the vital features usually come in a paid version. However, Drupal is open-source in the true sense, and all the released modules are readily available to everyone. Therefore, you need not be worried about the security aspect too! Drupal also has a widespread community whose members can help you with any issue that may arise.

Drupal for eCommerce has thousands of contributed modules that allow you to customise the e-commerce site for the needed features. As it is open-source, developers can use it at any time without the need for a license. There are frequent updates to Drupal, and the latest version has deprecated the sections that are not required anymore. Web developers can choose a Drupal eCommerce module that can allow you to add customised features on the fly. 

Several Functionalities

One of the reasons Drupal is popular for heavier websites is its outstanding features for eCommerce businesses. Developers can quickly develop feature-rich websites as several features come embedded as modules and allow faster deployment. You can utilise several modules to add features to the website easily. You can also have the benefits of event calendars, photos and videos. The multi-user functionality also ensures that it is the ideal CMS for enterprise clients.

For example, a global e-commerce website must support critical features like multi-language, multi-currency and different tax calculations. You can have these features on your Drupal e-commerce website and more! Drupal Commerce provides adequate features that cover the product catalogue to shopping cart lifecycle. It can also support custom workflows and different order types, stock management, multiple store options, etc. Furthermore, you can undertake Drupal eCommerce development and take advantage of videos, event calendars, communities and forums, etc., on the website.


We have seen that Drupal can improve search rankings through its dedicated modules. Drupal eCommerce development ensures that you have a content-driven website and maintain it without too many hassles. There are no restrictions on customisation too. It is easy to design a multi-lingual online store within a short time. You can also manage your products easily. Operating a blog is smooth and without any problems. 

Drupal's strength is its ability to create structured content and content editing modules. You can organise the products on the website and quickly add, remove, or tag the products from the lists. There are several grids and tables to display the products. Drupal can also ensure that visitors engage more with your website and customise the interface to fit your needs. By using Drupal for eCommerce, you can create and edit content faster, making it easier for developers.

Data Security

As the number of successful data breaches increases, one of the prime considerations when deciding on the CMS is data security. Drupal is known to be secure, and it has been one of its prime considerations since its beginning. As e-commerce websites store a vast amount of their customers' data and financial details, security is of paramount importance. Drupal has a dedicated team that monitors the security aspect and assesses any vulnerabilities to the modules. 

It has specific modules to ensure password security, multiple-level database encryption, and authorised access controls. Security Kit is among the best eCommerce modules and mitigates the risk of web application vulnerabilities, while the Password Policy module can enforce password restrictions by defining policies. It also supports the use of Captchas and the two-factor authentication mechanism for added security. The Automated Logout module logs out users after a pre-set time interval.

drupal password security

Also check out our article to know why Drupal is Best CMS for Website Development.

Supports Easy Integrations

The website should integrate several third-party applications to benefit your customers. It will also help your business with analytics to provide better services. Integration with Drupal websites is easy, and you can readily interface with other applications using a Drupal eCommerce module. It will help interact with customer service management software, payment gateways, live chat, email marketing software, etc. The Google Analytics module ensures that your web admin can view web analytics through few clicks. You can also readily interface your website with your social media channels.

It has modern APIs that allows you to interface readily with other applications. For example, the Commerce API and Commerce Cart API modules can allow enhanced features in Drupal Commerce. It enables you to work with several tools, applications, mobile apps that can use its e-commerce capabilities. You can also use the Commerce Stripe module that interfaces Drupal Commerce with Stripe. It allows customers to make payments without leaving the website.

Robust e-Commerce Workflows

Choosing Drupal Commerce keeps your website with some of the best brands globally. Using Drupal for your online shop also allows you to create enticing landing pages and blogs as well. You can also envisage robust workflows and improve conversions on your e-commerce store. Drupal can help build a simple e-commerce store or a complex online marketplace covering products across multiple categories.

The Commerce Simple Stock module helps to manage stock easily and has advanced features that improve customer satisfaction. You can use the Commerce Product Add-on module to increase the chances of the customer buying other products during the purchase process. The Commerce Shipping module provides a shipping rate calculation system, and the Customer Invoice module helps by providing flexible invoicing capabilities.

select order type workflow

Improved Performance

Using Drupal ensures an enhanced performance level for your website. One of the critical parameters to measure it is by taking care of faster page load time for the site. Drupal has assured this through various modules. For example, Blazy helps load web pages faster, and the CDN module establishes rapid integration with a content delivery network. Your website is also mobile-ready, and you can create scenarios to understand what content will be preferred by users on their mobile devices.

SEO is also a burden for heavy websites. Using the Drupal eCommerce module for SEO helps to improve search rankings. A specialised SEO Checklist module can ensure that your site is adhering to the SEO best practices. The Metatag module helps web developers to provide structured data automatically. AN XML Sitemap module can create the sitemap of the website adhering to sitemaps.org specifications. Finally, the Pathauto module can ensure that the URLs are friendly to search engines.


The eCommerce industry faces intense competition. Therefore, there is a need to design a feature-rich website that can induce improved interaction with customers. Drupal can help as it has modules that can cater to a customised website for e-commerce brands. In addition, it provides a flexible website and features that can ensure increased revenues. You should partner with a skilled Drupal eCommerce agency to design an effective website for your online store.

Sep 14 2021
Sep 14

Too many design handoffs are treated like a relay race. The designers hand off the baton to the developers and then go home because they consider their part of the race done. This can create uncertainty, which means developers have to make assumptions about how things should work and look. 

Many of these assumptions will be inaccurate, leading to frustration, mismatched expectations, and wasted time. The bigger the project, the more these problems manifest.

But design handoffs shouldn’t be like relay races. In fact, they shouldn’t really be “handoffs.” The very name suggests that the designers should now be “hands-off.”

DesignOps depends on a healthy workflow between designers and developers. How they work together cannot be an afterthought. It is one of the foundational requirements for a successful web project.

How do we ensure the process is painless? Let’s go over some pain points developers experience, and then we’ll discuss solutions along with the two things that support these solutions: documentation and communication.

Front-end pain points

These pain points all have one big thing in common: they introduce uncertainty. When developers have to guess anything about intention or desired outcome, it causes delays. First, they need to decide what to do. Second, what they decide might be inadequate or wrong.

Lack of consistency

Lack of consistency is the biggest pain point. This is where a component in the design mocks has multiple versions in various mocks or doesn’t match the documentation. Take font size, for example. Lots of things go through a developer’s mind when they come across this mismatch:

  • Is it a mistake? Everyone is human.
  • Is it a pattern? Should it be extracted to a mixin or utility class that has this additional option?
  • Should a one-off be created? Just override it this one time.
  • Should the design be modified to fit the documentation or vice versa?

Common places where inconsistencies crop up: 

  • Typography — if the heading in the newsletter component is very similar to the heading in the card component — should they be the same or different?
  • Spacing — the horizontal gutter in the carousel component is 21px. Should we normalize this to 20px? What about the spacing below the menu, which is 18px. Should this be normalized? Should it be abstracted to a variable?
  • Inconsistencies between mobile and desktop mockups — the button is offset from the form element by 25px at desktop and by 20px at mobile. Is this is a mistake? If so, which value should be chosen?

These seem like small problems, but like a pebble in your shoe, they can cause inordinate discomfort. As they multiply, they can act as a ball and chain and slow down the entire development process.

Design mocks have optimal content

Sometimes, design mocks create this utopian vision where everyone’s name is a similar length. They make assumptions about the content and might not account for the variety of life. In the real world, lots of stuff can get thrown at a website.

For example, what should happen if the text is longer than that shown in the mock?

What might go through a developer's mind when the content breaks out of its prescribed bounds?

  • Should this conform to the grid? Can it wrap?
  • Should the CMS enforce a character limit?
  • Should it be clamp with JavaScript? Add an ellipsis?

There might not be a right or wrong answer. But what if there is a similar component that a different developer is working on, and they choose a different answer? It might cause discrepancies in the design.

Or worse, what if this is ignored and it gets all the way to production?

Multiple, and sometimes unknown, font providers 

Fonts can come from a lot of different places. A design mock might dictate several different fonts, and for each one, a responsible developer will ask these questions:

  • What license do we have for this font? 
  • Is there a cost to use this font, and do we pass that cost on to the client?
  • How can this font be hosted? Is there a CSS file, or is there a way we can host the files ourselves?

All of these affect font optimizations and performance. Having to hunt down the answers to these questions over and over again can waste a lot of time.

Lack of documentation

When someone is presented with just “mockups,” that’s a lot of information at once that might not have context. It can feel like you are drowning. Where do you start?

This might not be a big deal if you are creating a single landing page. But what if you are implementing an entire design system for CMS with hundreds of components? Things get complex very quickly.

When presented with a complex design that has no documentation, responsible developers will need to create the documentation themselves.

 This means:

  • An inventory of all the components.
  • An inventory of all typography styles.
  • An inventory of spacing. Is there a grid? If so, what should it look like?

Which means spreadsheets. Lots of spreadsheets.

This takes time. And if you really hate spreadsheets, it takes blood, sweat, and tears. Factor in 2-3 days for small sites and 1-2 weeks for larger sites. Inevitably, it won’t be right the first time, which means later refactoring.

Documentation is not optional, especially if you are part of a larger front-end developer team. But even if you are solo, you need to create it to validate assumptions, communicate properly with designers, and have something to pass off if/when you roll off the project.

Mocks that do not meet WCAG AA accessibility guidelines

Lullabot creates accessible websites, but there are situations where we work with designers who give us mockups that do not meet WCAG AA guidelines.

  • The color palette doesn’t have sufficient contrast between text and background color. 
    • WCAG AA guidelines state that text must have a 4.5:1 contrast ratio or be larger than 19px and bold with a 3:1 contrast ratio. 
    • Icons, button borders, etc., must have a 3:1 contrast ratio.
  • Links that are only indicated by the color. Best accessibility practices dictate that links should also have a non-color indicator for people that are color blind or have other visual impairments.
  • Focus states that only change color. Once again, we need to think of how color-blind people will use the website.

Solutions - easing the pain

Creating consistency

This starts with team size. The larger the team, the more opportunity for inconsistency to creep in. Every little change has to be communicated to every other member of the design team. We have found that 1-2 dedicated designers are good for medium-sized projects when creating a design system. It allows faster workflows, communication, and iterations.

If a team cannot be fed by two pizzas, then that team is too large.

Jeff Bezos

What are ways a design team can work in order to create consistency?

Naming systems

Designers have to name many things: typography, colors, components that appear in the design itself, and more. This is the first step toward clear communication. 

The naming system should be clear for everyone on the team, from the designers to the developers to the project managers to the stakeholders. Ideally, this naming system is part of, or helps define, a ubiquitous language. When you call something a “hero,” does everyone understand what that is?

This means designers cannot be the final arbiter of what things are named. A naming system is about communicating properly, and creating a naming system should involve communication with the larger team. Be sure to involve a front-end developer because they might want to extend the system into the CSS.

Creating a naming system should start before the visual design itself. You don’t want to be renaming things at the last minute.

Naming things is hard. It can help to have some guidelines to start the conversation. You might try BEM naming, which names things based on where they are and what they do. For example, btn-primary-blue.

Grid systems - consistency in spacing

These should also be started before the visual design. These define your horizontal spacing (columns) and vertical rhythm (rows). Overall, you are defining the rhythm and proportion for your design, which helps implementation and answers many questions before they need to be asked.

As part of the grid system, you’ll also want to define the width and max-width. How far will the grid extend before it stops extending? How will it change at certain breakpoints?

Type systems

Set up your basic styles before starting the visual design. This means styles that you know you are going to use, like body copy and headers. These are easy to update as the project continues, so don’t assume they are set in stone. It will evolve as the design evolves.

But you need someplace to start.

For help with setting up a type system, use Modular Scale. It allows you to start with a base font and create a ratio for how it increases and decreases. This scale also helps determine line heights.

Creating components/symbols, styles, and shared libraries

Now that you have these systems set up, you need a way to share them. All UX programs (Figma, Sketch, Adobe, etc.) have a similar way to share these things, though they might use different terminology. Figma, for example, uses the term components. Sketch and Adobe use symbols.

Components and symbols are reusable elements. You can create an element and add it to a symbol/component library, which other members of your team can access. These can be dragged and dropped onto a page.

These become the central source of truth. If you need navigation on your mockup, grab it from the component library and place it on the page. They can be changed all at once, no matter how many places they appear. You can also create overrides if there is a one-off need. For example, maybe the hero for the About page doesn’t need a CTA.

Here is a video showing the creation of a one-off using Figma, pulling in different components.

Styles are combinations of colors and typography that can be reused. Front-end developers can access a style library and see all the typography being used.

Shared libraries can be shared across documents. Brining in a library brings in all components, styles, colors, typography. These can be accessed by other designers and developers.

Figma allows revision notifications after a library is updated. After updates are published, anyone using the library can pull in the update. This makes it easy to keep things consistent from page to page, document to document. The following video shows the sharing of a library and then pushing a revision.


Style guide

The main deliverable for documentation is a style guide. It should be seen as the holy design bible for the design system. Style guides can range in complexity, from intricate to simplistic. It can be hosted as an interactive website, or it could be a Google doc. 

What should be in a style guide?

  • Grid system and spacing
  • Colors
  • Type system
  • Design principles, resources, and personas that we gathered during the discovery phase

The last item is important if you are handing the style guide off to a client who may be extending the design system in the future. You can browse an example style guide here.


Patterns are different ways components can look on a page—variations based on context. For example, a Hero component could have 4 different color options.

  • Colors
  • Existence (or number) of CTAs
  • Typography

This video shows the different patterns of a hero component.


Show how the navigation should work or what hover effect should take place for a button. The best way to do this is to create a prototype. If you are not handy with code, find examples on Codepen that match what you want to do.

You can also create basic prototypes in Invision/Figma, and for functionality that cannot be modeled, leave detailed comments.

The more traditional way to document functionality is with a functionality spec document. The design is marked with numbers, and each number has a corresponding row in a spreadsheet. These still work, and you can see an example below.


Learn and know accessibility, including WCAG AA criteria and best practices.

For designers, accessibility shouldn’t be an afterthought.  It should be worked into the overall design process from the very beginning. This will help save time and rework later down the line and make developers and stakeholders happy. 

All user interfaces, marketing websites, components, etc., should be inclusive and able to be used by everyone. 

Not sure where to start? First, review the WCAG Guidelines.

There’s a lot to learn, and bookmarking them can be a handy way to quickly bring them up if you need to check the accessibility guidelines of something you’re designing. There are also browser plugins and design tools that can help guide you throughout the design process. Below are just a few that we’ve used in the past.

  • Contrast - MacOS app that checks WCAG color ratios
  • Stark - Figma and Sketch plugin for WCAG ratios and color blindness simulation
  • AXE: Browser plugin that tests for accessibility

If you’re working on a complex component and not sure the best way to make it more accessible, collaborate with a front-end or back-end developer on the team to brainstorm ideas. They can often help prototype an idea to be tested for accessibility and give feedback throughout the process. 


Traditional design handoffs, especially when working with an external design agency, can be like throwing a package over the fence and walking off. Communication is vital. It is the lifeblood of any successful design handoff.

Documentation is necessary but usually not sufficient. Even with great documentation, questions arise, and clarifications are needed. Documentation makes future communication easier and more efficient. Don’t expect it to eliminate it.

Communication needs to happen during the design process and during the development process. 

Have regular check-ins to make sure things make sense or if things are doable. Bringing developers in during design reviews - even during the wireframe process - will make the eventual handoff much smoother. Be open to more questions as they pop up. 

When to push back

It’s important to know when developers should push back against design decisions, or at least get more clarity on the “why.” 

Some examples that should trigger some additional communication:

  • Accessibility (especially in regards to contrast ratio)
  • Similar components - can we have just one component instead?
  • Similar functionality can be provided in Drupal with almost no effort, and it gets us 80% there. Is doing something custom worth the cost or compromise?
  • Minor design element that may impact the timeline. It doesn’t impact core functionality but could involve a lot of development hours.

All of these are opportunities to improve the design and increase the chances of a successful project.


Accomplishing successful design handoffs is not a technology problem but a process and people problem. But there are tools that can help.

We’ve already talked about taking advantage of all the capabilities of UX tools like Figma, Invision, and Adobe. These allow front-end developers to access design values: color, type, spacing, etc. 

And they don’t have to use the program something was designed in.

There are also services that allow design/developer collaboration across any design platform, like Zeplin, Zeroheight, and avocode. Zeroheight works great for smaller projects where a pattern library isn't being created.

For documentation, we use two tools based on how the documentation will be used.

  • Dropbox Paper - Used for more informal documentation. Copying and pasting CSS values, for example.
  • Google Docs - Used for formal documentation like official style guides that clients will see.


Design handoffs don’t have to be painful. They don’t have to be where communication breaks down. Instead, they can be opportunities to foster better relationships between design and development, which leads to an improved final product.

No DesignOps process is complete without a healthy workflow between designers and developers. Ensure consistency, maintain good documentation, and keep communication lines open and flexible.

If you have any questions about design systems and how our designers and developers work together, please reach out.

Sep 14 2021
Sep 14

Every year the technology trends keep on changing and every year it keeps on astounding us. And I believe it is these technological advancements that keep the world moving, and standstill isn’t something that any of us would like or even prefer.    

Today, I want to talk about one such technological advancement that has appeased the web developers, marketers and stakeholders beyond their expectations. And that is the headless architecture for web development

So, what is headless architecture?

Traditionally, when a website is built using content management systems, it is entirely encompassed within that CMS. That one software is the entire world of the website, it controls the presentation layer and the UI as well as manages content at the backend, there isn’t anything else for it. However, the headless solution can offer a website the chance to dip its toes into newer and more modern technologies. 

With the headless approaches, a website essentially separates its frontend from the backend. While the backend functionality is dependent on the CMS at work, the frontend could be any technology available to the developer. JavaScript and Static Site Generators are what are often chosen, with React, Angular, Vue, Gatsby and Metalsmith amongst the frontrunners. 

So, how does the site function with this separation of powers?

An application programming interface or an API to be short helps in that. It transmits information to and from both the ends, kind of like a middleman in sales. Because of the API, the content can be distributed on multiple channels with ease, making content creators extremely happy, an advantage the monolithic architecture does not offer. 

The architectural design of the headless solution is explained in a diagram.

The headless or decoupled architecture is known for the freedom it gives to the developers, making it a trend that has been increasingly gaining grounds and that is what we are going to be analysing today. The reasons, the statistics, the headless domains, the constraints and of course, we can’t ignore Drupal. Let’s see the headless architecture trends in 2021

Has headless architecture become the next big thing in web development?

For me, the answer to that question is a big fat yes. And I have three words to justify my stance and those are superior digital experiences. Headless architectures have the potential to create digital experiences that are far more superior than a standalone, monolithic approach could ever conceive to build. It might seem a little unfair to say that the monolithic architecture is inept at what it does, that is certainly not the case, it's just that the headless architecture has a lot more to offer. For further understanding, read more about headless architecture and monolithic architectures and when to move from monolithic to headless architecture.

Now, let’s take a closer look at the paramount reasons for the significant state the headless architecture has found itself to be in 2021. When you ask yourself ‘Are headless CMS worth it,’ it’s these reasons that would give you an answer.

Headless for limitless technologies and limitless possibilities 

The prime reason for the elevated position of headless architecture is owed to the limitless technologies it allows the adapter to adopt. Headless has become the synonym for technological advancement in web development. A traditional CMS in the monolithic sense would always come with boundations, there would come a point where its abilities can no longer be extended, however, in the headless setup that point is quite far-fetched. More on whether choosing a headless CMS is right or not here.

You can use any technology you want and any feature you may want can be added to your project. 

What is the result?

An enhanced digital experience for your users. Here is what the WP engine’s 2021 survey found out. 

Almost 92% of the survey respondents believed that the headless architecture led to an enhanced digital experience for the users because of its content experience it provided.

You cannot deny the advantage the use of other technologies can give you. 

  • You get the best content experience that is omnichannel, you can reuse it on multiple platforms without it being scattered on multiple siloes; 
  • You get better aesthetics, better accessibility and better user experience for your project; 
  • You get better security as the codebase is less bulky because of the separation of concerns; 
  • You get more productivity out of your developers because they are going to be using technologies that they like and are comfortable with; 
  • You get independent marketers who do not have to rely on developers for simple tasks like creating and updating landing pages: 
  • You get to future proof your project because you aren’t going to be relying on one software that has the chance of becoming obsolete after some time.

Apart from these, you do get plenty of other benefits too, faster performance, faster innovation, faster marketing and a faster and seamless connection between all your digital touchpoints. And you can achieve all of this using React or Angular or Vue or a static site generator, that is your choice completely.

Headless for keeping users satiated 

So far, we’ve gathered that headless architecture is equipped with an exponential amount of possibilities to be created from an exponential number of technological choices.

As a result, web experiences are being able to provide solutions that were never before achieved through the monolithic architecture. Consequently, organisations are able to achieve their strategic goals through headless and become utterly satiated with their developments. 

The leadership in an organisation has become more likely to choose a headless approach and recommend it to its tech providers in the hopes of capitalising on the many choices the approach comes with. This incidentally keeps everyone satiated, including the stakeholders, the development and marketing team and the targeted audience and consumers.

Headless for all the right reasons 

According to a report by Kentico Kontent, here is the perception of the headless architecture straight from its users. 

The perception of headless architecture is shown with respect to different areas.Source: Kentico Kontent

Majority of the users, including the developers and the marketers, consider the headless approach to provide a considerable number of benefits, which makes us believe that this is a trend that is only going to boom in the near future.

Headless for better investment 

2.6 million USD

That is a substantial amount and that is the average investment organisations are making on headless technologies. 

Is it a better investment choice?

The preceding three points would be a clear indication of an affirmation of this question. Yes, the investment can seem a bit daunting, but it comes with its fair share of benefits that account to one satisfying outcome and that is better ROIs.

Okay, you tell me; 

Would better performance not bring in more rewards?
Would an agile workflow not lead to more productivity and better solutions?
Would a robust digital experience not be equivalent to happier consumers?

If yes, then the headless architecture is truly the next big thing in the world of web development and any other architecture would seem a little pale compared to it.

What do the numbers say about headless architecture?

The numbers are in favour of technology today and they definitely favour the headless approach. 

According to OC&C Strategy Consultants

  • 55% of US households will own a smart device; 
  • And the IoT market is expected to be valued at 520 billion USD by this year.

This is proof that technology is going to boom in the near future. As for the headless trend, here is a projection that shows tremendous growth.

The projected growth in the headless market is shown through a line graph.

With a CAGR of 22.6%, the headless architecture is bound to have an illustrious future. 

Now, let’s take a look at the usage of headless architecture and the interest it has garnered by enterprise organisations in 2019 in comparison with 2021.

The usage statistics of the headless architecture are shown.

What is also important to note is that now organisations have started associating digital experiences with business success. And since we have established a direct relationship between enhanced digital experiences and headless technologies, you can probably guess what the path to business success will entail. 

Referring to the WP engine report again, 

A vast majority of organisations, 92% of them, believe digital experiences become more powerful with headless technologies.

Now, you tell me, don’t you think the headless approach is only going to advance in the future? If you ask me, I certainly do.

What technological aspects are being capitalised with the headless architecture?

We’ve talked about how the headless architecture is being perceived in the present and looked at statistics that only show a growing trend. Now, let’s look at the technologies that are being capitalised to make this approach reach its true potential; it’s important because it's these technologies that encompass the majority of the benefits of headless architecture. 

JavaScript and all its virtues 

You can’t talk about headless architecture and not mention JavaScript. Ever since its release in 1995, it has evolved a great deal and become frontend developers’ holy grail, with two-thirds of them swearing by it. 

Here is a graph showing the popularity of JS frameworks over the years. 

The position of various JS frameworks is shown over the years.Source: State of JavaScript 2020

Can’t forget JAMstack 

The mention of JavaScript brings us to JAMstack, that is JavaScript, API and Markup. It is an architecture that stands on pre-rendering and decoupling. Websites built on it are considerably faster, more secure and more scalable. With JS in play, the frontend is bound to offer more to the developers, thus enhancing their productivity and workflow. 

Focus on individual components while development

Next technicality often seen in the headless world is pertinent to the development of individual components. There are two variations in this.

Micro-frontend architecture 

This is a solution that works marvelously with the monolithic structure by breaking it down into individual components that essentially become independent applications. Although they are separate, the codebase remains the same. 

Component-driven development architecture

This is somewhat similar to the previous one. However, it emphasises on the principle of modularity. This means that the developed components have the benefit of being reused and composed.

Both of these architectures come with similar advantages; 

  • The development takes place faster with team focusing on only one feature or component working simultaneously; 
  • The integration goes smoothly; 
  • The code can be maintained with much more ease; 
  • The task of scaling the project becomes pretty straightforward;
  • And the chances of errors reduce drastically, making testing and updates a breeze.

To know more, read about designing component-based systems, a quick look at the world of web components and the principles of atomic design methodology.

The new API solution: GraphQL 

Going headless mandates an API, and RESTful APIs were the only resort. However, now GraphQL is seen to be taking over. Being a query language, it enhances the data retrieval process to be much more accurate by reducing the number of requests sent to the server. 

  • GraphQL has smaller payloads; 
  • It has a single graph for retrieving queries; 
  • It can efficiently handle errors; 
  • And most importantly, it has a stringent type interface that magnifies performance.

Owing to these reasons, it is considered to be the superior sibling of RESTful API. And major brands like Facebook, Lyft and even Audi are leveraging it. More on different web services implementations available here.

Progressiveness in app development 

By progressiveness, I mean the Progressive Web Applications or PWAs. These are a cross-breed of mobile applications and traditional websites, meaning they leverage the browser APIs and its features as well as a conventional progressive enhancement strategy. The result is a project that performs impeccably well, loading in mere seconds, across multiple devices. Their reliance on HTTP protocols also make them pretty secure.

What is more intriguing about this trend is the fact that these PWAs perform even when there is poor or no connectivity. Thus, equipping businesses to target a demographic that was often overlooked.

The headless trend is growing, but not fast enough, why?

The usage statistics of the headless architecture are shown.

The image above mentions the percentage of people using and not using the headless architecture. And if I’m being honest the numbers are a bit disappointing when you look at the true potential of the approach. 

So, why is that the case?

Let’s find out. 

The marketers’ and content editors’ underwhelming experiences 

One of the promises that the headless architecture often makes is that it eases the work of both the marketers and the content editors. While that may be true to some degree, it isn’t the complete truth. 

The Kentico Kontent survey’s respondents gave the most precise answer that hit on point when they highlighted the demerits as below.

A survey's respondents highlight how much they prefer the headless architecture.Source: Kentico Kontent

If we consider these findings, three out of the top four challenges stated there are related to just that. Dependency on web developers and lack of marketing capabilities are proof enough. 

So, why aren’t the marketers and content editors not satisfied?

The major problem is related to control. The marketers and content editors do not have enough control over the visual layer as the presentation and content workflows are built from scratch by the developers. The access to the editorial interface isn’t as streamlined as the traditional setup.

I truly wondered as to why this was a problem. 

The answer lies in the universal nature of the headless content. Let me explain it. For a website or a mobile application, features like in-place editing and the famous drag-and-drop layout work pretty well. However, when you consider a smartwatch or say a voice assistant, can the same features be a possibility? 

Hence, the marketers and the editors have to compromise a little for the greater good, there is just no way around it. More on when and how to use headless CMS here.

The overwhelming concerns that won’t leave us alone

The headless architecture is still a novel concept for many of us. And like anything else that is new, there is some apprehension associated with it. You can say that it is because you would be parting with the out-of-the-box features that the monolithic structure may offer.

Monitoring and reporting; 
And CRM; 

These are genuine concerns regarding the headless approach since it would be you and your front-end developers who would be responsible for them, and not your CMS or its community support. And that is as intimidating as it is overwhelming. You would entrust your site’s entire front-end to your developers, there is bound to be some risk, so trust me I get the apprehension.

Of course, you can hire an agency to help you out with the right security API so that there aren’t any flaws and only be overwhelmed with the impressiveness of your site. More on the right skills you need to successfully deliver a headless project here.

The perception of the stakeholders

Finally, it is time to discuss the stakeholders and the role they play in holding back the headless architecture. 

If you ask a stakeholder in an organisation to give his take on this approach, you would probably not get a straight answer. When we understand their perception, you can’t really blame them for their opinion. 

For one, that person relies on his website for his livelihood and he wouldn't want to risk it. Therefore, he might not want to adopt the headless architecture before others because he isn’t familiar with the territory. Secondly, the website may have all the necessary features that it needs to satisfy its consumer base, at least in the present, through the traditional setup. 

Yes, technology might change in the future, the consumer needs would too, but where is it written that only headless architecture can fulfil those needs. The headless approach does have a lot to offer, but so does the conventional CMS. So, why risk it?

Where does Drupal fit in the headless movement of 2021?

I couldn’t write a blog about the headless approach and not mention Headless Drupal architecture, that would not be ideal at all as I personally feel that Drupal is one of the best headless CMS in 2021. So, let’s understand the role of Drupal and all of its offerings in the headless realm.

Drupal has an impressive headless architecture that allows its users to work with the most advantageous technologies today. It offers three ways to approach the headless architecture.

  • You can choose to fully decouple Drupal, this would completely separate your frontend from the backend, you’ll be free to build your presentation layer outside of Drupal, while the CMS would only act as a content repository.
  • You can choose decoupled Drupal for static sites with JAMstack at work and static site generators. More on leveraging static site generators and CMS here.
  • Finally, you can opt for progressively decoupled Drupal, wherein you can use other frontend technologies without losing Drupal’s functionality on the same end, the backend would only be empowered by the CMS.

Choosing between the three and the monolithic architecture can be a tricky choice, here is what Dries Buytaert had to offer in easing the choice. 

The decoupled Drupal architecture is explained.Source: Dri.es

To know more, read about the different options of decoupling CMS and best frontend technologies for your headless CMS development.

If you are familiar with Drupal, you may be familiar with all of what I have just mentioned. So, what is new? 

The answer is Decoupled Menus. The DrupalCon Global 2020 brought along the initiative of decoupled menus in Drupal

What is the Decoupled Menus Initiative about?

When you go the decoupled or headless route, you are going to be using JavaScript. Along with that you are going to have to create a custom code from scratch to make that feature using Drupal and JavaScript. 

The decoupled menus will come quite handy here. They are like pre-formed packages of JavaScript configurations that simply need to be implemented to make a headless feature work. These configurable menus can be placed in any JavaScript application and would be managed by Drupal with its community support.

You can also refer to them, if you do not want to use them as is, the documentation, packaging and security would be available to you for reference or implementation.

The decoupled menus are Drupal’s way of evolving itself and adapting into the headless world. It is evolving and making the headless architecture and Drupal combination seem less cumbersome. 

You may ask how? 

Aside from the obvious, there are a few reasons. Drupal architecture isn’t handling the work necessary for JavaScript packages, with decoupled menus, the bundling, testing and shipping via GitLab would be constantly updated. On top of this, the security issues pertaining to JS and the documentation for consumption of menus would be defined and updated. 

All of this means that a non-developer or content creator would get an intuitive UI that would allow him to configure the menus and turn them on or off with a few clicks and certainly without a developer. 

Here is a demo of the decoupled menus feature.

[embedded content]

In essence, this is a feature that would lay the groundwork for code for JavaScript frameworks like React and Vue, so that the workload that comes with headless architecture is lessened. You will get a React based display link on your ecommerce site without having to do all the work to get it. 
To emphasize more upon the milestone which this initiative has achieved, take a look at the Decoupled Menus Initiative Keynote followed by an interesting Q & A session through the help of this video at DrupalCon North America 2021.

[embedded content]


[embedded content]

Concluding with the Future of Headless

Everything in this blog, the hesitation towards decoupled CMS aside, points to a clear and concise conclusion and that is the fact that the headless architecture will continue to expand in the coming years and may even overcome the resistance, making it future proof. 

New technologies would be looked into as part and parcel of the headless CMS, making the expectations seem rather high. Augmented reality, virtual reality, digital displays and kiosks, digital and voice assistants would not be a distant and rather tedious goal to achieve. 

According to the WP engine I’ve quoted a few times now, these advancements and inclination towards headless technologies would somehow vary depending upon geographic regions. Even the major tech hubs like the USA, the UK and Australia experience a variation in the expectation regarding headless. While e-commerce is a priority for the US and Australia, the UK focuses on websites and PWAs as their future expectations from the headless approach. 

Despite the differences, the world of headless is gaining traction and it is going to keep growing in the future as well, that is an irrefutable fact, if there was any. So, is headless CMS the future? It indeed is.

Let me end this blog with an interesting discussion on the state of headless through this YouTube video, enjoy!

[embedded content]

Sep 14 2021
Sep 14

If you thought DrupalCon was just for developers, you couldn’t be more wrong! The Agency and Business track is now a mainstay of the DrupalCon schedule and this year it is packed with great content for agency leaders, project managers and business owners. We have assembled some itineraries to get you started on your DrupalCon experience.

Agency Owners

Start your DrupalCon on Monday afternoon with the Drupal Steward Q&A and find out how to update sites on your own terms for greater peace of mind. Next up on Tuesday morning is a session about starting small as a way of developing new service offerings for your agency. Then on Wednesday afternoon, you can learn about recruiting Drupal talent in a highly competitive jobs market. Round off your DrupalCon on Thursday morning hearing about strategies for you to improve the performance of your agency and enhance your sales efforts.

Project Managers

Like all great project managers, you want to plan your time to get the most out of your DrupalCon experience. How about starting off on Monday with a session advocating the case for ‘no estimation’. Then take a 15 minute break before learning about how support and kanban can work together to deliver both maintenance and continuous improvement. Another 15 minute break and then hear how to use discovery as the basis for successful projects. Finally, on Tuesday, the session about exploratory testing and the impact it can have on quality will provide a different perspective on delivering great digital products.

Business Leaders

Regardless of whether you are a leader within a client side organization or a digital agency, there is plenty to challenge and inform at DrupalCon. On Tuesday morning, learn about how to onboard new colleagues to create a happy, stable and high performance team. Then, on Wednesday morning, hear about using internships to help your organization whilst also contributing to the Drupal project. After a short break, head over to find out about LocalGov Drupal and how it is using a distributed governance model to transform digital delivery in local government organizations. On Thursday, take a deeper dive behind the DXP buzzwords to explore why open DXP is the future

Create your own itinerary now to ensure you get the maximum benefit from the knowledge and insight of the many experts who are presenting sessions at this year's DrupalCon Europe.

Sep 14 2021
Sep 14

It is that time of year again where the Drupal Association Board looks to fill the At-Large member seat that becomes available every year.

This year, we send our thanks to Leslie Glynn, who will be stepping down as an At-Large board member after serving her two years. Last year, Pedro Cambra was elected to the board, who has one more year to serve - and we are sure will be happy to welcome the next person onto the board!

Important Dates

The canonical list of dates, including times, is detailed at “Election 2021: Dates and Candidates” but the next important dates are:

Self nominations open: NOW!!

Self nomination close: 27th September, 1900 UTC

What does the Drupal Association Board do?

The Board of Directors of the Drupal Association is responsible for financial oversight and setting the strategic direction for serving the Drupal Association’s mission, which we achieve through Drupal.org and DrupalCon. Our mission is to unite a global open source community to build, secure, and promote Drupal.

Who can run?

The only requirement for nominees is that you must be a member of the Drupal Association.

How do I run?

Candidates are highly encouraged to:

  1. Watch the latest CommunityUpdate Video
  2. Read about the board and elections, including the video about the elections this year
  3. Read the Board Member Agreement

Then visit the Election 2021: Dates & Candidates page to self-nominate. The first step is to fill in a form, nominating yourself. Drupal Association staff will create you a candidate page and make you the author so you can continue to add content here during the election and answer any question posed by the electorate as comments on the page.

Who can vote?

All individual members of the Drupal Association may vote in the election.

If you are not currently a member, please ensure you have renewed your membership before voting opens, on 4th October. The Drupal Association recognizes there should be no barrier to membership so a zero-cost option is available on the individual membership signup form.

How do I vote?

The Drupal Association Board Elections are moving to the free and open source Helios Voting service for 2020 and beyond. All Drupal Association individual members will receive their unique voting links via email, sent to the primary email address in their Drupal.org profile when voting opens. Follow the instructions in that email to vote.

Elected board member special responsibilities

As detailed in a previous blog post, the elected members of the Drupal Association Board have a further responsibility that makes their understanding of issues related to diversity & inclusion even more important; they provide a review panel for our Community Working Group. This is a huge important role in our global community.

What should I do now?

Self-nomination is open! Please do read further:

Then consider if the person who should be standing for election is you. (It probably is!)

To submit your nomination, fill out the nomination form.

On 4th October, get ready to read through the candidate profiles and prepare to cast your ballot!

Sep 14 2021
Sep 14

11 minute read Published: 14 Sep, 2021 Author: Matt Parker
Drupal Planet , Migrations

This is the sixth in a series of blog posts on writing migrations for contrib modules:

Stay tuned for more in this series!


While migrating off Drupal 7 Core is very easy, there are still many contrib modules without any migrations. Any sites built using a low-code approach likely use a lot of contrib modules, and are likely blocked from migrating because of contrib. But — as of this writing — Drupal 7 still makes up 60% of all Drupal sites, and time is running out to migrate them!

If we are to make Drupal the go-to technology for site builders, we need to remember that migrating contrib is part of the Site Builder experience too. If we make migrating easy, then fewer site builders will put off the upgrade or abandon Drupal. Plus, contributing to migrations gives us the opportunity to gain recognition in the Drupal community with contribution credits.

Problem / motivation

In D7, some modules define their own database table to store data in (if the D7 module implemented hook_schema(), then there’s a pretty good chance it defines its own database table).

In order to fully finish writing migrations for contrib modules that define custom tables, we need to know how to migrate data out of those custom tables.

For example, Environment Indicator version 7.x-2.x stores data about each of its environments in a table named environment_indicator_environment, which has the following structure:

Column name Type Options Notes machine varchar Length: 32, Unique constraint Environment ID name varchar Length: 255 Environment label envid serial Unsigned, Not null, Primary key Internal ID regexurl varchar Length: 255 Regular expression pattern to run on the URL to determine if a user is on the environment settings text Size: big, Serialized data

… while the 4.x version of Environment Indicator (for D9) stores this data as configuration entities.

We need to migrate data out of the D7 custom table and into the D9 config entities.

Proposed resolution

You may be wondering “What is a configuration entity? I thought nodes, taxonomy terms and user accounts were entities?” Nodes, taxonomy terms, and/or user accounts group data with fields and are now called content entities. Similarly, a configuration entity in D9 groups configuration data with fields. But unlike content entities (whose IDs are usually numbers, e.g.: node 1, etc.), configuration entity IDs are usually machine names (e.g.: production, etc.). Also, while a content entity’s field names usually begin with field_; a configuration entity’s fields usually do not. Due to the similarities between content and configuration entities, they share a lot of code in D9; including the migrate destination plugin entity, which we will use.

But what about migrating out of a custom table? The plugin in the list of core source classes that looks the closest to what we want to do is SqlBase… but SqlBase is marked as “abstract” (meaning that we cannot use it directly), because it’s query() function is abstract. In English, this means that the SqlBase class doesn’t know how to get the data that we want out of the custom table we want! We need to write our own custom Source plugin, which extends SqlBase, and implements its query() function.

Steps to complete

Let’s start by mapping the destination fields in the D9 configuration entity to the source fields in the D7 custom table, as we did for simple configuration:

D9 field D9 field data type D9 field default value ← How to process ← D7 variable D7 data type Notes machine string (none) ← (copy) ← machine string (n/a) description text '' (empty string) ← (use default value) ← (doesn’t exist) (n/a) (n/a) name string (none) ← (copy) ← name string (n/a) (n/a) (n/a) (n/a) ← (discard) ← envid integer Required in D7 url uri (none) ← (copy) ← regexurl string (n/a) fg_color string #D0D0D0 ← (copy) ← settings.text_color string CSS color bg_color string #0D0D0D ← (copy) ← settings.color string CSS color (n/a) (n/a) (n/a) ← (discard) ← settings.weight (doesn’t matter) (n/a) (n/a) (n/a) (n/a) ← (discard) ← settings.position (doesn’t matter) (n/a) (n/a) (n/a) (n/a) ← (discard) ← settings.fixed (doesn’t matter) (n/a)

Given this information, we can write a migration configuration at migrations/d7_environment_indicator_hostname_environments.yml:

id: d7_environment_indicator_hostname_environments
label: Environment indicator hostname environments
  - Drupal 7
  - Configuration
  plugin: d7_environment_indicator_hostname_environment
  machine: machine
  name: name
  url: regexurl
  fg_color: text_color
  bg_color: color
    - plugin: default_value
      default_value: ''
  plugin: 'entity:environment_indicator'

Note the custom source plugin, d7_environment_indicator_hostname_environment: this plugin doesn’t exist yet — we will write it shortly.

The migration’s process configuration should look familiar: we simply map source variables to destination variables; although you’ll notice we’re leaving out the settings. prefix that we used in the mapping table for D7’s settings.text_color and settings.color — because we are writing our own source plugin, we can name the data fields whatever we want.

Finally, we specify the destination plugin entity:environment_indicator. This is the entity migration destination plugin that we mentioned earlier; plus the destination entity ID environment_indicator. We get this ID from the entity type that we’re migrating into — in this case, the configuration entity defined in environment_indicator-4.x’s Drupal\environment_indicator\Entity\EnvironmentIndicator class.

Writing a test

Before we get too much further; we should write a test for the migration we just wrote. In tests/src/Kernel/Migrate/d7/MigrateHostnameEnvironmentsTest.php:

namespace Drupal\Tests\environment_indicator\Kernel\Migrate\d7;

use Drupal\Core\Database\Database;
use Drupal\environment_indicator\Entity\EnvironmentIndicator;
use Drupal\Tests\migrate_drupal\Kernel\d7\MigrateDrupal7TestBase;

 * Tests migration of environment_indicator hostname environments.
 * @group environment_indicator
class MigrateHostnameEnvironmentsTest extends MigrateDrupal7TestBase {

  /** {@inheritdoc} */
  protected static $modules = ['environment_indicator'];

  /** {@inheritdoc} */
  protected function setUp(): void {

    // Create the environment_indicator_environment table in the D7 database.
    // The schema definition here was copied from version 7.x-2.9.
    Database::getConnection('default', 'migrate')
      ->createTable('environment_indicator_environment', [
        'fields' => [
          'machine' => [
            'type' => 'varchar',
            'length' => '32',
            'description' => 'Unique ID for environments.',
          'name' => [
            'type' => 'varchar',
            'length' => '255',
            'description' => 'Name for the environments.',
          'envid' => [
            'type' => 'serial',
            'unsigned' => TRUE,
            'not null' => TRUE,
            'description' => 'Primary ID field for the table. Not used for anything except internal lookups.',
            'no export' => TRUE,
          'regexurl' => [
            'type' => 'varchar',
            'length' => '255',
            'description' => 'A regular expression to match against the url.',
          'settings' => [
            'type' => 'text',
            'size' => 'big',
            'serialize' => TRUE,
            'description' => 'Serialized array with the configuration for the environment.',
        'primary key' => ['envid'],
        'unique keys' => [
          'name' => ['machine'],

    $this->setUpD7EnableExtension('module', 'environment_indicator', 7202, 0);

  /** Simulate enabling an extension in the D7 database. */
  protected function setUpD7EnableExtension($type, $extensionName, $schemaVersion, $weight) {
    $extensionName = strval($extensionName);
    Database::getConnection('default', 'migrate')
        'filename' => sprintf('sites/all/modules/%s/%s.module', $extensionName, $extensionName),
        'name' => $extensionName,
        'type' => strval($type),
        'owner' => '',
        'status' => 1,
        'bootstrap' => 0,
        'schema_version' => intval($schemaVersion),
        'weight' => intval($weight),

  /** Tests migrating hostname environments. */
  public function testHostnameEnvironmentMigration() {
    // Fixtures we can verify.
    $machine = 'production';
    $name = 'Production';
    $url = 'https://prod.example.com';
    $bgColor = '#abc123';
    $fgColor = '#def456';

    // Fixtures that won't be migrated.
    $envid = 17;

    // Set up the D7 environment and run the migration.
    $this->setUpD7HostnameEnvironment($machine, $name, $envid, $url, $bgColor, $fgColor, 11, 'top', FALSE);

    // Load the D8 environment indicator and verify against the fixtures.
    $env = EnvironmentIndicator::load($machine);
    $this->assertInstanceOf('Drupal\environment_indicator\Entity\EnvironmentIndicator', $env);
    $this->assertSame($env->label(), $name);
    $this->assertSame($env->getUrl(), $url);
    $this->assertSame($env->getBgColor(), $bgColor);
    $this->assertSame($env->getFgColor(), $fgColor);

  /** Add a D7 hostname environment to be migrated. */
  protected function setUpD7HostnameEnvironment($machine, $name, $envid, $regexUrl, $bgColor, $textColor, $weight, $position, $fixed) {
    $this->assertIsString($machine, 'Machine name must be a string.');
    $this->assertIsString($name, 'Name must be a string.');
    $this->assertIsInt($envid, 'Envid must be an integer.');
    $this->assertIsString($regexUrl, 'RegexURL must be a string.');

    $settings = [
      'color' => strval($bgColor),
      'text_color' => strval($textColor),
      'weight' => strval($weight),
      'position' => strval($position),
      'fixed' => boolval($fixed),

    Database::getConnection('default', 'migrate')
      ->fields(['machine', 'name', 'envid', 'regexurl', 'settings'])
        'machine' => $machine,
        'name' => $name,
        'envid' => $envid,
        'regexurl' => $regexUrl,
        'settings' => serialize($settings),


You’ll notice a few new things in this test: firstly, we use Drupal’s Upsert query to insert or update a row in the database — using an upsert here makes sure that the row we’re testing matches what we expect, without having to check whether a row with the same key already exists. Although we’re not doing it here for clarity; this is useful when randomizing test fixture data. The equivalent raw SQL for Drupal’s Upsert varies based on your database backend — it becomes INSERT ... ON DUPLICATE KEY UPDATE in MySQL; and INSERT ... ON CONFLICT (...) DO UPDATE in PostgreSQL and SQLite.

Also new in this test is a setUp() function — if you recall from PHPUnit’s documentation on writing tests (which was extra reading in part 3 of this blog series), setUp() is run before every test function. In this case, we use it to set up a database schema which we copied from the 7.x-2.9 version of Environment Indicator, i.e.: the version that we’re migrating from. We also have to give the D7 module a row in D7’s system table (which we do in our test’s setUpD7EnableExtension() function).

The test itself (testHostnameEnvironmentMigration()) should look pretty familiar by now: we set up fixtures (using the setUpD7HostnameEnvironment() function to clean things up a bit), run the migration, and test that the fixture data was migrated to the destinations that we expected.

Writing a custom source plugin

Finally, we need to write a custom source plugin… in src/Plugin/migrate/source/d7/D7HostnameEnvironment.php:

namespace Drupal\environment_indicator\Plugin\migrate\source\d7;

use Drupal\migrate\Row;
use Drupal\migrate_drupal\Plugin\migrate\source\DrupalSqlBase;

 * Drupal 7 Environment Indicator Hostname Environment source from database.
 * @MigrateSource(
 *   id = "d7_environment_indicator_hostname_environment",
 *   source_module = "environment_indicator"
 * )
class D7HostnameEnvironment extends DrupalSqlBase {

  /** {@inheritdoc} */
  public function fields() {
    return [
      'machine' => $this->t('Unique ID for environments.'),
      'name' => $this->t('Name for the environments.'),
      'envid' => $this->t('Primary ID field for the table. Not used for anything except internal lookups.'),
      'regexurl' => $this->t('A regular expression to match against the url.'),
      'settings' => $this->t('Serialized array with the configuration for the environment.'),
      'text_color' => $this->t('The text color of the environment indicator.'),
      'color' => $this->t('The background color of the environment indicator.'),

  /** {@inheritdoc} */
  public function getIds() {
    $ids['envid']['type'] = 'integer';
    return $ids;

  /** {@inheritdoc} */
  public function query() {
    return $this->select('environment_indicator_environment', 'eie')
      ->fields('eie', [

  /** {@inheritdoc} */
  public function prepareRow(Row $row) {
    $settings = unserialize($row->getSourceProperty('settings'));

    $row->setSourceProperty('text_color', $settings['text_color']);
    $row->setSourceProperty('color', $settings['color']);

    return parent::prepareRow($row);


We declare the source plugin ID in the @MigrateSource annotation — this has to match the source plugin ID that we reference in the migration (migrations/d7_environment_indicator_hostname_environments.yml).

Our custom source plugin class extends DrupalSqlBase, which in turn extends the SqlBase class we found earlier when we were looking for source plugins (DrupalSqlBase adds a few Drupal-specific checks and logic).

In the fields() function, we declare which data fields we are going to pass from this custom source plugin to the process part of the migration (this is where we declare text_color and color without the settings prefix). We declare settings and envid even though our migration doesn’t use them, because we need to handle these fields internally in this class.

In the getIds() function, we return the field envid and its type. Drupal 9’s migration subsystem uses fields that you declare in getIds() to understand which data has been migrated, and which data still needs to be migrated (the data returned by this function is used when rolling-back and resuming migrations).

In the query() function, we return a simple Drupal Select query to get data out of the D7 table.

The prepareRow() function runs on each result from the query declared in query(). Here, we perform some post-processing, in this case, by unserializing the data in the settings column, and using it to populate the (unprefixed) text_color and color fields we declared in fields().

Next steps

When you’re writing a custom source plugin, it might be a good idea to make all of the D7 data fields available (provided that it doesn’t add too much additional complexity): another module might extend the one you’re working on, and might want to migrate data from the fields you decided to ignore.

For a more complete example, check out my patch to migrate configuration from environment_manager, which also includes a custom process plugin.

Starting next week, I’ll be taking a bit of a break from this blog series — new posts won’t be coming out as often — but I hope to eventually explore custom process and destination plugins, how to migrate content, and how to migrate data from custom field types defined by a module.

The article Easy commit credits with migrations, part 6: Migrating data from a custom table first appeared on the Consensus Enterprises blog.

We've disabled blog comments to prevent spam, but if you have questions or comments about this post, get in touch!

Sep 14 2021
Sep 14

Decoupling separates the system that stores the content from how that content is displayed on other independent systems. This can come with many benefits but also some downsides and tradeoffs. With progressive decoupling, you can get some of the benefits of decoupling while avoiding some of the downsides.

This is a re-post of the article on the Lullabot blog.

Slides available here.

Decoupling separates the system that stores the content from how that content is displayed on other independent systems. This can come with many benefits but also some downsides and tradeoffs.

With progressive decoupling, you can get some of the benefits of decoupling while avoiding some of the downsides.

There are several ways to decouple a website progressively, but this article makes the case that widgets provide the most flexibility.

What are widgets?

Widgets are stand-alone JavaScript (JS) applications that are framework-agnostic and are designed to be embedded and configured by CMS editors.

Widgets can be vanilla JS or use frameworks like Vue or React.

Why JS over server-generated HTML?

Better reactivity and interactivity

The pages can be static or served from cache (very fast), and JS can be sprinkled on top. The server can provide the unchanging parts, while the JS application adds interactivity.

This reduces the load on your servers while increasing website performance. You keep the benefits of built-in CMS performance tooling.

Distributed delivery

Different development teams can write software independently. They can publish software on the same platform without coordinating complex deployment efforts.

  • Teams write the JS code in isolation
  • The browser executes the JS
  • Different deployment pipelines and servers can be used.

Distributed example

One team works on the navigation, one team works on the main feature set, and one team works on a price calculator.

Biggest talent pool

According to extensive surveys, JS and TypeScript (a superset of JS) are the most commonly used languages, based on Stackoverflow’s yearly survey.

By building pages and experiences in JS, you can pull talent from a bigger pool. You have more options.

Better developer experience

Since JS is so popular, your developers can leverage many tools, services, and frameworks. Jest, Storybook, Husky, Gulp, for things like unit testing, component management, setting githooks, etc. Many services integrate with the technology.

Many platforms will give you better support, which leads to better workflows, which hopefully leads to better code—things like visual diffs, code quality analysis, and code deployment. Popularity leads to a flourishing ecosystem.

In addition, frameworks like Vue can take care of some of the rough edges.

Should we just build JS applications then?

Yes and no. We still care about the content. Content is the heart of the web. You can have a great user experience, but without content, your project is doomed to fail.

To manage content, you need a CMS. Especially if content is your product or is central to your business. A CMS provides many features that are hard to build from scratch.

  • Managing pages and setting up URLs
  • Users and access restrictions
  • SEO metadata
  • Media library
  • Security patches
  • Editorially controlled layouts
  • Moderation and previews

Why widgets?

We have a CMS. We know we want to use some JS. Why not put JS in our CMS templates?

This works. You can certainly go that route. But widgets have some advantages over JS in the template.

They require no CMS deployments

A developer creates a new widget in the registry, and it appears in the CMS editorial interface for embedding. No additional effort. Bug fixes and enhancements are also instantaneous.

Here is what a traditional deployment might look like:

JS Deploy 1

  1. Develop JS app
  2. Integrate it with a CMS template (and with the content model if you want the app to receive editorial input)
  3. Deploy both in conjunction since they are coupled together
  4. Editors can expose the JS app to end-users

Widgets allow you to skip the two middle steps. When you use the existing CMS integrations, development is only done in JS, and it can be deployed on its own. No need to call in a CMS developer to add new widgets or update existing widgets.

A widget deployment looks like this:

JS Deploy 2

Embedded and controlled by editors

JS developers can create flexible applications that allow for tweaked experiences and configuration. A single widget can act as multiple similar widgets.

JS developers define the input data they expect from editors, and the CMS creates a form for the editors to input that data. This allows many instances of the same type of widget to be embedded with different configurations: different content, color palettes, external integrations, etc.

The following example defines a customizable button that the editor can configure.

settingsSchema: {
  type: 'object',
  additionalProperties: false,
  properties: {
    fields: {
      type: 'object',
      properties: {
        'button-text': {
          type: 'string',
          title: 'Button text',
            'Some random string to be displayed.',
          examples: ['I am a button', 'Please, click me'],
title: 'Example Widget',
status: 'stable',

The CMS integration, which can be defined up-front, reads the definition and presents the proper form elements to the editor.

Customized button example

Embedded anywhere

Since widgets are not embedded at build time, but editorially, they can be placed anywhere. If the JS is in the template, you can’t choose, for example, to insert the JS app between two paragraphs of the body field. And changing the position would require a CMS deployment.

Body field insert

With widgets, editors can insert them anywhere.

  • Using layout building tools
  • Using WYSIWYG integrations
  • Using content modeling tools (entity reference field that points to a widget instance)
  • Using 3rd party JavaScript

WYSIWYG layout builder

And the same widget can work for any CMS. As long as the CMS subscribes to the registry and can read the schema, it can embed the JS application. When you change or fix something in the JS app, it is distributed to all CMSs. Widgets can also work in static HTML pages and Optimizely pages. Anywhere.

When are widgets a good fit?

Structured content is still the way to go. You don’t have to use widgets everywhere, but they are useful in several contexts.

  • Interacting with 3rd party APIs - reviews sites (g2crowd), commenting
  • Interactive tools - pricing calculators, checklists saving progress
  • Data visualizations - maps, charts of COVID data
  • Adding some pop to a page - you can do some things with JS that may be difficult to achieve when limited to HTML and CSS

How to get started

Create a widget

From a technical perspective, a widget is a function that takes a DOM id and renders JS in it. A widget can also receive arguments as HTML data.

Here is an example of rendering a React component:

  window.renderExampleWidget = function(instanceId) {
  const element = document.getElementById(instanceId);
  const title = element.getAttribute('data-button-text');
    <Widget title={title} />,

It is very easy to port existing components and re-use them.

Upload the app code

The code needs to live somewhere accessible to the internet (Github pages, Amazon s3 bucket, etc.). The CMS can use this to either download the files or serve them from there. We don’t want to bundle the files within the CMS because that introduces coupling again.

Publish the metadata

This is the tricky part. Without the metadata, this is just another JS application in some repo.

We need a registry, which is just a JSON document containing the metadata about all the available apps that can be downloaded from the internet. An array of objects. This includes the “directoryUrl,” which defines exactly where the files live. You can also see the “settingsSchema” property, which defines the shape of the input data this widget will accept.

    "repositoryUrl": "https://github.com/js-widgets/example-widget",
    "shortcode": "example-widget",
    "version": "v1.0.4",
    "title": "Example Widget"
    "description": "This is a widget example that showcases some of the features of the JS Widgets project."
    "directoryUrl": "https://static.mateuaguilo.com/widgets/sandbox/example-widget/v1",
    "files": [
    "availableTranslations": [
    "settingsSchema": {
      "type": "object",
      "additionalProperties": false,
      "properties": {
        "fields": {"type": "object"...}

This file will need to be uploaded somewhere that is accessible via HTTP.

The CMS pulls that JSON object and knows about all the widgets and where to grab their assets. You’ll start seeing widgets appear in your editorial tools.

Widget list

Ok…but where do I actually start?

There are lots of existing tooling and examples at https://github.com/js-widgets. It includes a registry boilerplate and catalog, widget examples, and CI/CD integration.

If you fork it, you’ll get a lot of nice things out of the box.

Stakeholder-ready catalog

The same registry that provides information to the CMS can provide information to a single-page application that is browsable and searchable. This requires zero effort. Everyone involved can see what is available: editors, developers, stakeholders, etc.

The catalog can also render a widget as a live sample, even if the widget requires editorial inputs. Examples utilize the “examples” key as shown in the widget definition above.

Widget catalog

Governance like you need it

All of this might seem like a governance nightmare. Do you really want JavaScript updated in a remote location and immediately deployed to your live site?

Of course not.

You decide what registries to accept into your CMS. You decide what widgets and updates go into your registry. You decide who has access to change those widgets and registries.

Production-ready dependencies

We want these widgets as light as possible. What if there was a way not to bundle big dependencies in every single JS app? We don’t want to download React for every widget, for example.

Shared dependencies are possible with this paradigm. Widgets can be configured to pull certain dependencies from the parent container. This requires some Webpack configuration and telling the CMS where to find the excluded libraries. Read the documentation for external dependencies here.


We hope this makes you excited to start taking advantage of widgets and progressive decoupling. For more videos on the specifics of setting this up, take a look at these additional videos:

Photo by Anne Nygård on Unsplash

Sep 11 2021
Sep 11

A frequent question in the Open Source CMS world is variation of: “Which is better, Drupal or WordPress?” 

Of course, there’s not a simple answer to the WordPress CMS vs. Drupal CMS debate. Many have a strong bias towards one content management system or the other, but often, staunch opinions on the subject are based on a few cursory facts or outdated information.

Both the WordPress CMS and the Drupal CMS have evolved a lot since their introductions in the early 2000s. In some ways, this evolution has brought them into closer alignment with each other, evidenced by developments such as the porting of WordPress’s Gutenberg content editor over to Drupal in 2018. In other ways, WordPress and Drupal evolutions have clarified distinctions. 

Generally speaking though, in the current environment, the majority of sites can be supported equally well by either option. 

Fierce Loyalists in Both Camps

That’s not to say that the WordPress vs. Drupal debate doesn’t still spark strong opinions. Both have their devotees. Promet Source has deep ties to Drupal, and over the past two years, we have broadened our perspectives and talent base to include WordPress advocates and experts. As such, we're well positioned to objectively cover the topic. 

Let's start with a few key stats and facts about Drupal and WordPress.

Drupal Advantages: The Internet's Heavy Lifter

A modular CMS written in PHP, Drupal enables developers to leverage a flexible taxonomy system that’s designed to organize complex content types, set highly customizable user permission levels, and ensure web accessibility compliance with enhanced testing and tracking capabilities.

Launched in 2000, Drupal now stands as the third most popular CMS in terms of market share.

Drupal’s enterprise-level trajectory was launched in November of 2015 with the release of Drupal 8, which resulted in a complete architectural overhaul and the creation of an enterprise-level CMS. Subsequent versions, such as the June 2020 release of Drupal 9, are now intended to be incremental, more of a point release than anything resembling the total CMS rewrite that occurred with the upgrade from Drupal 7 to Drupal 8. 

As of February 2020, there were an estimated 1.3 billion websites on the Internet and Drupal accounted for: 

  • Roughly 2 percent of total websites and
  • An estimated 3 percent of the CMS market, with 
  • 560,000 live, active Drupal sites.

                              Drupal Share of CMS Market

Drupal stats for 2020         Source:  Website Builder: 67 Amazing Drupal Statistics,  Jan 2020

For reasons that include core support for multilingual sites, Drupal is often the CMS of choice for government, higher ed, large enterprises, and health care institutions. The NASA site is on Drupal site, as is Portland State University, the U.S. District Court of the Southern District of New York, and Martin County Florida. The White House website was on Drupal during the Obama administration.

Drupal has a diverse and dedicated community of contributors, as evidenced by 42,650 free modules that are available for download. 

WordPress Advantages: A Pervasive Internet Presence

While websites with complex content models and data requirements gravitate towards Drupal, WordPress sites cover a wide spectrum of needs. WordPress accounts for roughly 60 percent of the total CMS market, primarily among small to mid-range sites, but a number of enterprise sites are on WordPress, as well. 

Originally developed as a blogging platform, WordPress has maintained its appeal for non-tech types with a low barrier to entry. While it’s possible to set up a WordPress site without development or coding expertise, experienced developers frequently work within WordPress and leverage their knowledge of HTML, CSS, and PHP to build sizable sites with a greater range of capabilities for business clients. 

Making steady inroads into the enterprise CMS space, WordPress is now the CMS for Time the New Yorker, and BBC America

Beyond the basics, WordPress offers thousands of plug-ins to expand functionality, outranking Drupal for ready-to-go themes that serve to fast-track development without the need for custom development work.

As of February 2020, of the 1.3 billion websites on the Internet. WordPress accounted for: 

  • More than 35 percent of total websites and
  • 61.7 percent of the CMS market, with 
  • 455 million websites currently on WordPress.

For more WordPress stats, check out this recent post in WPCity.

                              WordPress Share of CMS Market

WordPress stats 2020          Source:   Who is Hosting This?: 2020’s Most Surprising WordPress Statistics,  Feb, 2020

One conclusion to be drawn from WordPress’s impressive internet saturation: it’s a CMS that has proven to be the right fit for a wide range of different needs and has gotten many things right, from a wide ranging selection of plugins to an easy-to-use CMS. 

Convergence of Features

As more and more Drupal developers realize the advantages within Wordpress, and other user-friendly CMS platforms such as consumer-focused SquareSpace and WIX that offer an easier to use back end, we are seeing new frameworks and features being added to the default editor within Drupal. A multitude of no-code/low-code solutions, such as drag-and-drop functionality or component-based design, are finding their way into Drupal, due to the flexibility of the platform and providing marketers and content editors with greater flexibility and possibilities for making revisions to their sites. 

Core Distinctions

Both Drupal and WordPress offer a depth and breadth of add-ons that extend functionality. These are called “modules” in Drupal, and ”plugins” in WordPress. “Themes” that refer to a site’s aesthetics and user experience, such as design, layout, colors and navigation, is a term that applies to both Drupal and WordPress.

Unlike Drupal’s 2015 architectural realignment with the launch of the enterprise-ready Drupal 8, WordPress has never undergone that same kind of overhaul. The resulting difference is that expanded functionality for WordPress occurs at the theme/plugin layer. Much of Drupal’s functionality, on the other hand, is centralized within the ever-increasing core level, as the most frequently used and widely accepted Drupal modules are continuously incorporated into core. 

WordPress functionality relies heavily upon themes and plugins, and many contend that this represents a strength. WordPress modules tend to be more complete applications, and the vast WordPress collection of themes and plugins provides a high degree of flexibility. 

The flipside of this argument, and key factor that tends to fuel the appeal of Drupal for complex enterprise, higher ed, and government sites, is that there is an inherently a higher level of security and stability associated with working in core. Continued support for themes, plugins, or modules is not always guaranteed in either Drupal or WordPress, and their track record is not necessarily established.

Scalability vs. Complexity

WordPress has proven itself to be extremely scalable and the right fit for some notable sites such as time.com, which I mentioned earlier. The essential distinction which is often missed is not so much size or scalability, but complexity. Even though there are hundreds and hundreds of pages, on time.com, for example, the site consists primarily of articles. When a greater range of content types and complex data models are required, WordPress falls short and Drupal shines.

Acknowledging that both Drupal and WordPress are solid content management systems, and that there’s considerable overlap in the types of sites for which either would provide an excellent solution, Promet recently developed the following matrix in an effort to highlight the relative strengths of both options and open a dialog among our teams.

Here’s what we came up with relative to 10 key criteria.

                    Open Source CMS Comparison

Drupal vs WordPress  Open Source CMS Comparison

  1. Open Source. Yes. Both Drupal and WordPress are solid Open Source solutions with great track records. 
  2. Lamp Stack (PHP). Yes. Both use Lamp Stack PHP equally. Five stars for both.
  3. Enterprise Ready. Drupal: Yes. That’s where this CMS shines. WordPress: Yes and No. It’s applicable for some, not all, enterprise applications. 
  4. Dedicated Hosting Partners. Yes. Both Drupal and WordPress have dedicated hosting partners, allowing for proactive maintenance, as well as heightened security, speed, and reliability. 
  5. Available/Accessible to Novices. No for Drupal. Developing a Drupal site and understanding how to work within the Drupal interface requires distinct expertise and training. Yes for WordPress. A non-technical hobbyist or small business owner with a touch of know-how can find a theme that fits their needs and figure out how to build and manage a WordPress site, often within a few hours.
  6. Appropriate for a Brochure Site. No for Drupal. While it’s possible to create a straightforward brochure site on Drupal, there’s not much point in doing so when other, simpler options are available. Yes for WordPress. WordPress is ideal for a brochure and blog site. That’s what it was originally developed for. 
  7. Has a Complex Content Model. Yes for Drupal. Complex taxonomy content models are where Drupal thrives. Not so much for WordPress, which best serves sites that don’t require the organization of high levels of complexity. 
  8. Works for a Tight Budget. (under $10,000). No for Drupal. The flipside of Drupal’s ability to navigate complexity tends to be the requirement of considerable developer legwork and ramping up. Yes for WordPress. WordPress offers a greater range of out-of-the box solutions and, depending on requirements, it’s quite possible to build a respectable Drupal site for under $10,000. 
  9. Design Theme Availability. Drupal: Somewhat. Drupal has a limited number of design themes that are ready out of the box. Promet has created a Drupal theme as part its upcoming launch of a component-based, drag-and-drop capability for Drupal. WordPress: Yes. WordPress has an extensive and robust design theme capability
  10. Community. Drupal: Absolutely. Drupal has a great professional community of dedicated developers, who regularly gather for training and information exchange (now virtually) at events, camps, and meetups all over the world. This is less the case for WordPress. While there are many professional WordPress developers, the WordPress community is more diverse and less cohesive. 


Tracking the Evolution

Among those of us whose history in the CMS trenches dates back many years, it’s been very interesting to witness the evolutions of both Drupal and WordPress. At one time, Drupal and WordPress accounted for the vast majority of the open source CMS world. Together, they still account for a whopping 65 percent of the CMS market, but newcomers such as Wix and Squarespace are gaining ground among their respective niches, and GoDaddy has also just introduced a drag-and-drop CMS. At the same time, multiple closed-source website creations options have emerged that weren’t around as recently as a few years ago. 

To an increasing degree, Drupal and WordPress are viewed less as competitors, and more so as members of the same family.

One big indicator of this trend: in May of 2020, Drupaldelphia, the annual camp held in Philadelphia for Drupal developers, site-builders, content administrators, and designers, was renamed CMS Philly. The event was largely dominated largely by Drupal and WordPress. 

High Stakes Solutions  

When the stakes are high (and when are they not), selecting the right CMS calls for careful consideration and expert analysis. The Drupal vs. WordPress conversation does not lend itself toward across-the-board rules or easy answers.

That said, the judgment and expertise of anyone who suggests that Drupal is always the answer or that WordPress is always the answer should be considered highly suspect. As the saying goes: “When all you have is a hammer, everything looks like a nail.”

WordPress and Drupal each have a definite place at their respective ends of the spectrum, with hobbyist or small business sites on one end and complex, enterprise-level digital experiences at the other. The vast middle ground between these two ends can be highly nuanced with no easy answers, but there’s a likelihood that either Drupal or WordPress would work equally well.

The main thing is the assurance that true experts with a depth of perspective and commitment to client success are doing the work. 

Interested in an expert analysis of the CMS that stands to represent the right fit for your organization’s distinct objectives? At Promet Source, we have all the right people to help with that. Contact us today. 

Source for Drupal Stats:


Source for WordPress Stats:


Sep 10 2021
Sep 10

normal difficulty seo task


Credit & Thanks

Thank you to:

SEO Training Camp

About the Honeypot Module

No one likes getting those annoying spam-bot submissions via their website’s online forms. It’s a waste of site resources that could be better used by visitors to your site. That’s why we’ve included the Honeypot module in our list.

The honeypot and timestamp methods have historically been effective ways of eliminating spam-bot submissions in online forms. The Honeypot module combines both methods into a single module that will work with all web forms on your Drupal site.

Install and Enable the Honeypot Module

  1. Install the Honeypot module on your server. (See this section for more instructions on installing modules.)
  2. Go to the Extend page: Click Manage > Extend (Coffee: “extend”) or visit https://yourDrupal8site.dev/admin/modules in your browser.

    honeypot module installation

  3. Select the checkbox next to “Honeypot” and click the Install button at the bottom of the page.

If necessary, give yourself permissions to use the Honeypot module.

  1. Click Manage > People > Permissions (Coffee: “perm”) or visit https://yourDrupal8site.dev/admin/people/permissions.

    honeypot module permissions

  2. Select only the Administer Honeypot checkbox.
  3. Click the Save permissions button at the bottom of the page.

Configure the Honeypot module

  1. Go to the Honeypot module admin page by clicking Manage > Content Authoring > Honeypot Configuration (Coffee: “honeypot”) or visit https://yourDrupal8site.dev/admin/config/content/honeypot in your browser.

    honeypot module configuration

  2. Select the Protect all forms with Honeypot checkbox.
  3. Select the Log blocked form submissions checkbox.
  4. Change the Honeypot element name to "mobile". This name could be anything, but you want it to look more like a valid field name.
  5. Set the Honeypot time limit to 5.
  6. Click the Save configuration button at the bottom of the page.

Adjust Honeypot settings within Webform module (optional)

If you’re using the Webform module, you’ll need to make a slight adjustment to the default settings.

  1. Go to the Webform module admin page by clicking Manage > Structure > Webform (Coffee: “webforms”) or visit https://yourDrupal8site.dev/admin/structure/webform in your browser.
  2. Click on the Configuration tab across the top.
  3. Scroll to the Third Party Settings section.

    honeypot module configuration third party settings

  4. In the Honeypot section, make sure that Protect all webforms with Honeypot checkbox is selected.
  5. Leave the Add time restriction to all webforms checkbox unchecked.

    Note: We recommend selecting the time restriction setting on a form by form basis. When it is enabled, it  prevents the page on which the form displays will not be cached, and can impact the overall speed of your website if you have a form on every page of your site.

  6. Click the Save configuration button.

Using Honeypot within a Webform

After installation, the Honeypot module settings are now available on a form by form basis.

  1. Go to the Webform listing on our site by clicking Manage > Structure > Webforms (coffee: “webforms”) or visit https://yourDrupal8site.dev/admin/structure/webform in your browser.

    honeypot module with web forms

  2. Click the Title of the form you would like to edit. This will take you to the form’s page.

    honeypot module webform example

  3. Click on the Settings tab. This will take you to that form’s settings under the General sub-tab.

    honeypot module webform settings

  4. Scroll down to the Third Party Settings section (normally at the bottom of the page).

    honeypot module webform third party settings

  5. Make any changes to the settings and click the Save button at the bottom of the page.
  6. Repeat steps 1-5 for each form that needs additional spam protection.

Enabling the Add time restriction to webform setting will prevent the page on which that form displays from being cached, which will impact the load time of that page. A form that is on every page of your site should not have this setting enabled.

Did you like this walk-through? Please tell your friends about it!

twiter social icon linkedin social icon pinterest social icon

Sep 09 2021
Sep 09
Hello Friend of Drupal,

Our community is full of many compelling experiences, skills, and expertise to share, especially when it comes to Drupal. We’d love for you to share your knowledge at DrupalCon Portland 2022! 

Whether you’re a first-time speaker or a bit more seasoned, we invite you to submit a session for our first in-person DrupalCon in 3 years!
Our call for speakers is officially open now through 29 October.

As a speaker at DrupalCon, you will be part of an exciting network of individuals with diverse perspectives. All speakers will receive 50% off event registration, and a pool of scholarship funds is available for new and diverse speakers.

If you’re interested but unsure of where to start, check out our website’s proposal and presentation support.

(Photo by Paul Johnson)

Sep 09 2021
Sep 09

One of the things that’s remarkable about the open source movement is that it brings together people from all over the world to solve difficult and complex problems. 

While some level of conflict is to be expected - and can even be productive - effective collaboration requires that people treat each other with dignity and respect, even when they disagree. 

It’s why the vast majority of open source projects have adopted codes of conduct that set expectations for how people should interact with each other and what kind of behavior is unacceptable.

As one of the founding members of the Drupal Community Working Group, I learned many important lessons about community management and governance. Since stepping down from the group’s conflict resolution team at the beginning of this year, I’ve been discussing these issues alongside people from other open source projects who are equally as interested in fostering a more friendly, welcoming, and inclusive community for their contributors.

Lesson 1: Having a Code of Conduct is Not Enough*

In 2010, Drupal became one of the first major open source projects to adopt a code of conduct, but there were no structures in place to enforce it in a clear or consistent way. This meant incidents of harassment and abuse sometimes went unaddressed and valuable contributors left the community as a result.

Recognizing an open community need, project lead Dries Buytaert led a governance sprint in the summer of 2012 that resulted in the creation of several working groups, including the CWG, which was chartered in early 2013. During its first year, the CWG established the creation of a conflict resolution policy and process and mechanisms for community members to report incidents in a safe and confidential manner. Incorporating community input, we continued to evolve and refine our processes, documenting every step of the way.

Lesson 2: Understand the Scope of Your Community

Many open source projects are maintained by individual developers. Others are overseen by large technology companies like Google, Facebook, and Microsoft or nonprofit foundations like Linux, Apache, and Mozilla.

Conversely, Drupal is an independent project supported by a community of hundreds of companies and thousands of individuals who lend their time, talent, and treasure to support and maintain the project. Our large and broad community required clarity about what was and was not covered by our code of conduct.

Some of the CWG’s most challenging issues to address have involved questions of the extent to which actions that someone engages in outside of the project should impact their ability to participate in its community. Many codes of conduct only apply to actions that occur within designated community spaces and/or when someone is acting as an official representative of the project.

However, we agreed early on that the CWG needed to be able to address harassment of a member of our community by another member of our community, regardless of whether it occurred in a community space or outside of it. For example, we wanted to be able to address cases where someone was using their personal social media account to harass another community member, even if they were completely polite when interacting with that same individual in an issue queue.

Issues that fall outside the scope of our code of conduct include (but are not limited to) personal or workplace disputes between individuals that do not have a clear connection to the community, or situations that fall under the jurisdiction of law enforcement or other authorities and where no imminent or ongoing threat exists to members of our community.

Lesson 3: Leadership and Accountability Go Hand-in-Hand

One of the things that distinguishes large open source projects like Drupal is the number of leadership roles available to members of the community, which include maintaining a project, speaking at events, participating in working groups and committees, and assisting in the mentorship and onboarding of new contributors.

Those who serve in these roles act as representatives of the project and community and are responsible for the important task of fostering collaboration and ensuring the community remains a welcoming place. Being aware of and taking responsibility for their words, and actions, and the impact they have on others is paramount.

Remembering they are modeling behavior for others any time they interact with members of the community is vital.

The CWG created and adopted a Code of Ethics that outlines what you can expect of the group’s members and their responsibilities regarding confidentiality and conflicts of interest. This has not only helped people outside of our group feel more comfortable sharing reports with us, but has also ensured we hold ourselves more accountable.

In response to community feedback, we also modified our charter to institute term limits for members of the conflict resolution team and created a new review panel to provide oversight and act as a point of escalation and appeal. In order to provide both community accountability and perspective from outside of our project this panel consists of two community-elected Drupal Association board members and an outside representative appointed by the board as a whole.

Lesson 4: Accept That Some Questions Don't Have Clear Answers

No matter what you do to prepare, you will always run into situations that don’t have clear or obvious solutions. During my tenure on the CWG, we encountered several examples of these kinds of thorny issues:

  • How do we handle suspected incidents of harassment or abuse that we only have knowledge of third-hand or through whisper networks?
  • What can we do to help community members who are subjected to campaigns of anonymous harassment on social media when the platforms involved can’t (or won’t) take action?
  • How do we consistently and effectively enforce event bans across a broad, decentralized global community?
  • Is there a “path back” for those who have been banned from community spaces due to their past behavior? What does restorative justice look like within the context of an open source community?

For these, and other challenging cases, a one-size-fits-all approach simply doesn’t work. For the CWG, we found that reaching out to trusted experts to get their perspectives (while being sure to maintain confidentiality) to be incredibly helpful when figuring out the right path forward.

Join the Conversation

If you’re curious to learn more about how to help make your open source community a more welcoming place, you can view the session I presented at FOSS Backstage 2021, or see me speak at DrupalCon Europe (October 4-7) or All Things Open (October 17-19).

MacBook Air stickers - DrupalCon Dublin 2016 by Michael Cannon, licensed under CC BY-SA 2.0.

Sep 09 2021
Sep 09

In the previous parts, we focused on Drupal configuration and the overview of modules and libraries. In the third part of the series on conducting a security audit, we'll focus on the overview of custom modules and themes. We'll perform an audit of the project repository, identify and analyze the elements worth paying attention to during the auditing process.

Overview of custom Drupal themes and modules

In custom Drupal themes and modules, attack vectors are most likely to appear. There's code there that isn't being widely used, unlike the code for contrib modules and themes. Therefore, it's not so well-tested in terms of security. In this article, I'll discuss a basic checklist used for auditing custom Drupal code. This list can be used as the basis for an audit of custom modules and themes.


We’ll start with the analysis of the parameters received from the user. Let's check out what is their type and how are they filtered. Drupal allows for using parameters in routings. These are dynamic values, incorrect processing of which may create attack vectors. If a query is created on the basis of a parameter and not filtered, this may cause a vector for SQL Injection attack, for example.

Next, we should look at the routing access configuration, specifically – the permissions that the user must have to get access. When declaring the routing, we need to define the requirements that the user must meet to gain access to the routing. We have to analyze the required permissions for every routing specified in our custom Drupal code and consider whether their level is appropriate. Specifying too low or incorrect level of required permissions will result in users having access to pages that they shouldn’t have access to. These can be both the pages listing the articles on your page and the pages listing all users along with all the data assigned to a given account. For this reason, the permissions audit is so important.


First, we'll analyze the correctness of the element types and check out if the correct type for a given field has been used. During the analysis of the types of fields used in the form, we may come across a field whose name and description suggest that it should be filled out with data of a specific type. However, the field's definition may allow the field to be filled out with other types of data. We should make sure that the definition of the type of elements corresponds with their purpose.

The next step will be to analyze the used methods of validating the field values in the form. Drupal allows for defining custom methods that validate the correctness of the entered data. We should test the correctness of the custom validation methods and make sure that only the valid data passes the validation.

The last thing will be to verify the presence and correct use of Form API provided by Drupal. We should analyze the way of using Form API, preferably using the documentation, and make sure that the forms are being created as directed.

The documentation specifies:

  • the cases where the use of a given field type is correct,
  • how to create the methods of validation,
  • how to use hook_form_alter,
  • how to create forms to be intuitive for the user.

SQL queries

Let's start with verifying the presence and correct use of the Database API provided by Drupal. It's equipped with methods providing security against attacks on the database. The correct use of API largely protects against attacks. We should particularly pay attention to whether input data filtering methods are used in the SQL queries. Drupal recommends using placeholders if there's a need to use input data, e.g., from a variable the value of which has been specified by the user in the form. Here's an example:

$foo = $this->getFormData(); $query = \Database::getConnection()->query(‘SELECT foo FROM {bar} b WHERE b.name = ‘ . $foo[‘name’]);

In the code above, we can see that the value 'name' from the $foo array is being assigned to the query without filtering. In such cases, I recommend using placeholders.

$foo = $this->getFormData(); $query = \Database::getConnection()->query(‘SELECT foo FROM {bar} b WHERE b.name = :name’, [‘:name’ => $foo[‘name’]]);

By creating queries in this way, we subject the variable $foo ['name'] to filtering, which will protect the query against SQL Injection attacks.

Filtering mechanisms

This means verifying the presence and correctness of the filtering data received from the user. We need to check that only TWIG is being used to render the variables in the templates, which by default filters the content of the variables and makes sure that they're safe. In the case of working with variables that are then used in translatable strings, we need to make sure that those variables are substituted for the appropriate placeholders. The plain text coming from the user should be filtered using the Html::escape() method if the user shouldn't be able to provide HTML tags in the text and the Xss::filterAdmin() function if they should be able to do so. If the user provides links, they should also be filtered.

Used for this purpose are the functions UrlHelper::stripDangerousProtocols() and UrlHelper::filterBadProtocol(). Filtering mechanisms are also applicable on the client's side. To clean up text in JavaScript, we should use the Drupal.checkPlain() function.

Sensitive data

We should check whether the code doesn't contain credentials or API keys. In some cases, we may come across the credentials left in the code of custom modules. Identifying them doesn't require much work.

Repository review

It's worth taking a look at the repository to search for sensitive information that may be stored in the files. The first step is to analyse the settings.php file and ensure that there are no credentials in it that would provide access to the database or other Drupal website components. Next, let's go over the environment variables' files and make sure there aren't any credentials in them. The credentials required by the environment shouldn't be part of the repository.

The next step is to check if there are no deeply hidden confidential files, for example – with SSL private keys or database copies or dumps. Sometimes the files that should never be in the repository get there by mistake. Some of them are, for example, database dumps or private keys. Identifying and removing them is recommended.

Analysis of the Drupal code – summary

In the third part of the series on performing a Drupal security audit, we've learned the ways of checking the code of custom modules and themes, we've audited the project's repository in order to make sure that no sensitive data was publicly available, and we've analyzed the elements that are worth paying attention to during the audit process.

Applying the tips I've posted in this article will make your application more secure. A code audit is a key element leading to better page security. It requires more time and knowledge than the update we covered in the first part and the correct configuration of Drupal we covered in the second part of the series, but the benefits of doing it are much more valuable than the time spent on it.

In the next part of this series of articles, we'll learn about external tools for automating the auditing process. It's the next step performed in a comprehensive security audit. Do you need help in performing such a task? Our Drupal support team has extensive experience in conducting audits.

Sep 08 2021
Sep 08

This week, September 5-11, 2021, has been set aside as National Suicide Prevention Week

Suicide has reached epidemic proportions in the United States, with each year adding another dark chapter to the to rising trajectory. 

Stemming the tide and saving lives calls for a complex mix of solutions. Key among is bringing the topic out of the shadows and onto the table, with a greater awareness of helpful and easily accessible resources and support.

That’s why we at Promet Source were so honored this year for the opportunity to partner with Marin County, California, Behavioral Health and Recovery Services, in the design and development of a new Drupal site for Prevention and Outreach.

Encouraging, Engaging, Easy

The objectives for the new site centered on the creation of a comforting community hub, that fueled awareness of and interaction with the full scope of available services, including vetted and recommended community resources, events, and community connections. 

Many of these resources had previously been buried within the main Behavioral Health website.

Recognizing that reaching community members who are in critical need of support
means that resources needs to be not just easy to find, but comforting and encouraging, the site’s UX allows for access to all resources directly from the home page. Resources are presented in meaningful categories that include Suicide Prevention, Parenting & Families, Schools & Educators, and Mindfulness & Self Care.

All critical hotline phone numbers are displayed prominently on the home page, and repeated again on the footer of every page. Within every section, opportunities to get help are highlighted.

A handwritten script-like font on the home page, along with rounded corners on the photos and a contemporary UX, contributes to a comforting, human touch.

Content Editor Empowerment

Also essential was a flexible CMS that could be easily updated with a drag-and-drop design functionality, enabling stakeholders and content editors to make revisions, as needed, without ever needing to touch the site’s underlying code. 

The CMS platform needed to be one that could be richly and easily expanded upon by members of the Prevention and Outreach Team, without needing to reach out to the IT department or ever touch the underlying code.

Promet’s Provus solution enables content editors to easily work with established design components to update content, add functionality and switch up layouts as needed.
Our recent engagement with Marin County’s Behavioral Health and Recovery Services Prevention and Outreach Team has inspired us to package a web solution that can be easily deployed by other local governments. 
Contact us to learn about a ready-to-deploy site with UX that is inherently comforting and encouraging, and provides easy access to a wide range of resources, while allowing for easy updates and revisions. 

Sep 08 2021
Sep 08

DesignHammer has been awarded four MUSE Creative Awards in the 2021 competition, including two Gold Awards and two Silver Awards. DesignHammer’sredesign of the Divers Alert Network website took home a Gold Award in the Nonprofit category and a Silver Award in the Association category, while our TransmetriQ website build for Railinc earned a Gold Award in the Information Technology category and a Silver Award in the Transportation category.

To win these awards, DesignHammer collaborated with DAN to consolidate three of their sites into one user-friendly WordPress website with a custom-designed, mobile-responsive theme to maintain brand identity and more effectively engage their audiences. The TransmetriQ achievement comes after longtime client Railinc commissioned their third project with DesignHammer for a custom website to effectively reflect the rebranded identity for their commercial product line.

The MUSE Creative Awards is an international competition for creative professionals who inspire others to greater heights with their concepts, ideas, or designs. The organization was created by the International Awards Association (IIA), on a mission to honor, promote, and encourage creativity by providing a new standard of excellence for evaluating media design production and distribution.

The IIA conducts five awards competitions, including the MUSE Creative Awards, NYX Marcom Awards, the TITAN Business Awards, the LIT Awards and the Vega Digital Awards. DesignHammer has now earned eleven awards in total from the IIA over the span of four years. Prior to MUSE, our most recognition from the IIA was in the 2021 Vega Digital competition where our Divers Alert Network redesign also earned two awards, including a Canopus Award (platinum), and Centauri Award (gold). This latest achievement for 2021 is important to DesignHammer, because this year is our first time entering the MUSE Awards ever. 

Judges for the MUSE Creative Award competition are chosen from top-tier digital agencies across the United States; creative directors, copywriters, photographers, illustrators, educators, and some freelancers are all represented within the jury panel. MUSE Award winners must demonstrate outstanding achievement in one or more of the following areas: content, imagery, audio, interface, design, accessibility, innovative use of technology, appropriate use of technology, and overall appeal. The full 2021 MUSE Creative Award winner list can be found here.

“I am pleased with DesignHammer’s success in our first set of entries in the MUSE Creative Awards.  The competition was tough this year, with likes of industry leaders such as IBM, Getty Images, and Clinique winning Platinum awards." 

— David Minton, DesignHammer Managing Partner

Muse Creative Awards 2021

About DesignHammer

As a full-service web strategy, design, and development agency, DesignHammer has been integrating proven practices and delivering tailor-made technology solutions to help companies and organizations achieve their business goals since 2001. Headquartered in Durham, North Carolina, DesignHammer has been internationally recognized for their award-winning websites and web design & development industry expertise. Using a collaborative development process, DesignHammer’s close-knit team of experienced web strategists, developers, and designers leverage existing software platforms, custom software frameworks, and third-party software integrations to provide client organizations with the best ROI.

Sep 08 2021
Sep 08

A Drupal e-commerce project

Drupal Commerce has been around for more than a decade. More than fifty thousand sites report using Commerce, and its maintainers have kept the suite of modules modern, flexible, and robust over the years for both Drupal 7 and Drupal 8/9 with the latest code for the Drupal 7 version released as recently as earlier this year.

The National Center for Employee Ownership (NCEO) came to us in 2018 with an existing investment in a Drupal 7 Commerce site that had thousands of hours poured into it in terms of configuration, custom development, and order management. At the time their staff were manually entering email and telephone orders into the Drupal Commerce backend, and were hoping to upgrade to a full-featured, payment gateway enabled online store. They also wanted to develop a brand new public facing NCEO.org that better captured their organization and connected users with their content.

At that time building a brand new public-facing website and upgrading an existing complex online store presented an interesting problem. Do we continue building on top of Drupal 7 knowing it will reach end-of-life in a couple of years? Or do we bite the bullet and invest in a new Drupal 8 solution with its promise of a future-proof approach to website development?

Spoiler alert — the answer was both.

Drupal 7 and Drupal 8: The best of both worlds

NCEO was using a custom Drupal 7 implementation of Commerce and RedHen CRM to manage nearly a thousand products, tens of thousands of customers, hundreds of thousands of order records, and complex coupon and membership pricing logic. Their existing platform represented an extensive investment — and their staff were already trained and proficient on the existing suite of tools. While the tides were definitely turning towards all things Drupal 8 in 2018, completely rebuilding the platform, migrating records, and training staff on a new system was a tough sell. And it was the wrong solution.

The right solution was to protect the existing investment, and building a lightweight Drupal 7 / Drupal 8 integration could do just that. Users needed to be able to browse NCEO’s content and products on a new Drupal 8 website, and then be seamlessly handed-off to a Drupal 7 Commerce backend to make payments or review order details. Luckily, Drupal’s architecture lends itself to just this sort of integration and synchronization across platforms.

A touch of tech

After extending NCEO’s Drupal 7 Commerce implementation to include an intuitive, turnkey customer checkout experience, all that was left to do was wire that backend to the brand new Drupal 8 NCEO.org that would roll out the following year.

The solution had to synchronize both users and products. The NCEO team would continue managing their products on the Drupal 7 platform, but those product updates would need to automatically post to the Drupal 8 site where users would browse them. Additionally, users would need to see their custom membership pricing on the Drupal 8 site, and maintain their session and membership data as they were seamlessly directed to the Drupal 7 platform for checkout.

Single sign-on & user data synchronization

We used the CAS module to create the “behind the scenes” single sign-on between the two sites, and to help synchronize the user role data that translates to special membership pricing and offers. When a user completes a membership purchase (on the Dupal 7 portion of the experience) their new user role is synchronized back to the Drupal 8 website — ensuring that they see the appropriate discounts and membership offers while browsing products, and later receive those discounts at checkout.

Product synchronization via the hook system

The NCEO team continues to manage products and customer records on the Drupal 7 portion of the platform. On the Drupal 7 side we built a simple webhook system that posts product update data using Drupal’s drupal_http_request($url, $options) everytime a product is created, updated, or deleted. We capture those actions with the insert, update, and delete node hooks available in the Drupal 7 API. In essence, every time someone makes a change to a product managed on the Drupal 7 platform, those changes are securely transmitted to the public facing Drupal 8 site.

When the data posts to the public-facing NCEO.org Drupal 8 site the products are updated almost immediately, ensuring that users are consistently presented with the absolute latest product information. Product updates on the Drupal 8 side are accomplished by defining a controller to accept data at a specific endpoint or URL — I wrote a pretty detailed post about capturing webhooks in Drupal 8 sometime ago, complete with code samples.

The integration is super lightweight and the end product is a seamless checkout experience. The solution lets the existing platform continue working as designed while rebuilding the primary public facing website with the more modern, evergreen Drupal 8.

Value before technology

As a developer there’s often an urge to design and build systems using the latest and greatest iterations of our favorite technologies. As the Director of Engineering at Aten, it’s important for me to consider how to achieve our clients’ goals in a way that’s cost effective, secure, and sustainable. Often that requires a mix of bleeding edge technology and creative out-of-the-box solutions that keep the people using the software at the center of the process.

In this case we were not only able to protect an existing investment while delivering a brand-new Drupal 8 website, but also built out a flexible architecture that will be super easy to upgrade in the future. In place of a Drupal 7 Commerce and RedHen CRM backend, NCEO could easily drop in another customer records solution to plug into their Drupal 8 site and store — all with hardly any changes to the Drupal 8 side. Even now in 2021 the solution works great — and as Drupal users everywhere decide what to do with their Drupal 7 assets, NCEO is in a great place to consider next steps for the commerce administration aspect of their platform without having to think about a complete website rebuild.

Interested in learning more about what innovative digital solutions can do for your organization? We’d love to hear from you.

Sep 08 2021
Sep 08

Thanks to the hard work of our team this past year and stellar reviews from our clients, DesignHammer has once again been recognized with an esteemed Clutch Leaders Award. Clutch recently listed DesignHammer as the 2nd best digital agency in all of North Carolina for 2021.

Clutch.co is the leading ratings and reviews platform for IT, marketing, and business service providers. Each month, over half a million buyers and sellers of services use the Clutch platform which contains over 200,000 agency listings. To select their annual Leaders Award winners, Clutch uses a complex methodology that consists of meticulously evaluating a company’s service focus, case studies, brand reputation, and verified reviews, among many other factors, to determine a company’s industry expertise and ability to deliver.

Securing a second place position against hundreds of North Carolina competitors demonstrates that Clutch’s algorithm has recognized industry excellence throughout every qualifying aspect of our agency and considers DesignHammer to be one of the development industry’s finest. 

In addition to their annual Leaders Award, Clutch regularly updates their proprietary “Leaders Matrix,” which provides a visual representation of top performing companies in a particular industry and location. As of this release, DesignHammer is ranked 2nd on Clutch’s Top Drupal Developers Matrixin Raleigh/Durham, and 3rd in Clutch’s Top Web Developers Matrix for all of North Carolina.

In reference to the 2021 B2B Leaders list, Clutch Customer Operations Representative Austin Ellis stated: 

“These providers excelled in their respective fields and have shown that they can provide high-quality services to their clients. Companies looking for a partner in web design, branding, SEO, mobile app development, and other B2B services should check out the firms on this list.” 

This is DesignHammer’s third Leaders Award following our previous recognition from Clutch as a Top Performing B2B Company in North Carolina as well as a Top Global Service Provider in 2020. Winning a Clutch Leader’s Award is a testament to our clients’ success working with DesignHammer and a reflection of the time spent sharing their satisfaction level with Clutch representatives.

“DesignHammer is honored to be recognized as a top digital agency by Clutch in their recently published Top-Performing B2B Companies in North Carolina. We’d like to thank both current and former clients who left us glowing reviews, as well as Clutch for recognizing our agency’s commitment towards delivering quality work and providing our clients with a positive, collaborative project experience.” 

David Minton, Managing Partner


See Clutch’s official North Carolina Leaders Award Press Release

Top North Carolina Web Developers on Clutch

About DesignHammer

As a full-service web strategy, design, and development agency, DesignHammer has been integrating proven practices and delivering tailor-made technology solutions to help companies and organizations achieve their business goals since 2001. Headquartered in Durham, North Carolina, DesignHammer has been internationally recognized for their award-winning websites and web design & development industry expertise. Using a collaborative development process, DesignHammer’s close-knit team of experienced web strategists, developers, and designers leverage existing software platforms, custom software frameworks, and third-party software integrations to provide client organizations with the best ROI. For more information visit: https://designhammer.com.

Sep 08 2021
Sep 08

DesignHammer has been awarded five dotCOMM Awards in the 2021 competition, including two Platinum Awards, one Gold Award, and two Honorable Mentions.

Our custom TransmetriQ website build and the DesignHammer website have each been recognized with a  Platinum Award in the B2B category and in the marketing/digital agency category, respectively. Additionally, our redesign of the Divers Alert Network website has been awarded one Gold Award in the nonprofit category, as well as two Honorable Mentions, one in the association category and one in the sports/recreation category.

Longtime client Railinc commissioned their third project with DesignHammer for a custom website to effectively reflect the rebranded identity for their commercial product line (TransmetriQ), a website that dotCOMM has now recognized with a Platinum Award. DesignHammer’s latest Gold dotCOMM Award was the result of close collaboration with Divers Alert Network in 2020 to consolidate a number of web properties into a user-friendly WordPress website with a custom theme. In addition to these two clients, DesignHammer took home a Platinum dotCOMM for the 2021 redesign of our own company website.

“We are pleased with the recognition of the new Divers Alert Network website — and we’re thrilled with the improved user experience for our customers and members”

— Bill Ziefle, DAN President & CEO


Administered and judged by the Association of Marketing and Communication Professionals (AMCP), dotCOMM Awards is an international competition honoring excellence in web creativity and digital communication. The AMCP is one of the largest and oldest, third-party evaluators of creative work in the world. Other noteworthy dotCOMM award-winning projects from 2021 were commissioned by Duke Energy, NATO, Cornell University, and WP Engine. See the rest of the 2021 dotCOMM award winners.

These five awards bring DesignHammer’s total dotCOMM Awards total to fifteen, since 2017. Previous DesignHammer projects to have taken home awards include work for the Council for Entrepreneurial Development (CED)Highland CompositesInteriors in FlightThe William Blake Archive, the North Carolina Center for NonprofitsRailincDuke Health, and the Full Frame Documentary Film Festival.

“I’m very proud to hear of our agency's recent achievement and happy to see the AMCP judges have recognized the value of the results we deliver our clients. Earning two Platinum Awards, one Gold, and two Honorable Mentions from dotCOMM, is a testament to the skill, vision, and collaborative effort our team.”

— David Minton, DesignHammer Managing Partner

2021 dotComm awards

About DesignHammer

As a full-service web strategy, design, and development agency, DesignHammer has been integrating proven practices and delivering tailor-made technology solutions to help companies and organizations achieve their business goals since 2001. Headquartered in Durham, North Carolina, DesignHammer has been internationally recognized for their award-winning websites and web design & development industry expertise. Using a collaborative development process, DesignHammer’s close-knit team of experienced web strategists, developers, and designers leverage existing software platforms, custom software frameworks, and third-party software integrations to provide client organizations with the best ROI.

Sep 08 2021
Sep 08

In combination with the FacetAPI module, which allows you to easily configure a block or a pane with facet links, we created a page displaying search results containing contact type content and a facets block on the left hand side to narrow down those results.

One of the struggles with FacetAPI are the URLs of the individual facets. While Drupal turns the ugly GET 'q' parameter into a clean URLs, FacetAPI just concatenates any extra query parameters which leads to Real Ugly Paths. The FacetAPI Pretty Paths module tries to change that by rewriting those into human friendly URLs.

Our challenge involved altering the paths generated by the facets, but with a slight twist.

Due to the projects architecture, we were forced to replace the full view mode of a node of the bundle type "contact" with a single search result based on the nid of the visited node. This was a cheap way to avoid duplicating functionality and wasting precious time. We used the CTools custom page manager to take over the node/% page and added a variant which is triggered by a selection rule based on the bundle type. The variant itself doesn't use the panels renderer but redirects the visitor to the Solr page passing the nid as an extra argument with the URL. This resulted in a path like this: /contacts?contact=1234.

With this snippet, the contact query parameter is passed to Solr which yields the exact result we need.

 * Implements hook_apachesolr_query_alter().
function myproject_apachesolr_query_alter($query) {
  if (!empty($_GET['contact'])) {
    $query->addFilter('entity_id', $_GET['contact']);

The result page with our single search result still contains facets in a sidebar. Moreover, the URLs of those facets looked like this: /contacts?contact=1234&f[0]=im_field_myfield..... Now we faced a new problem. The ?contact=1234 part was conflicting with the rest of the search query. This resulted in an empty result page, whenever our single search result, node 1234, didn't match with the rest of the search query! So, we had to alter the paths of the individual facets, to make them look like this: /contacts?f[0]=im_field_myfield.

This is how I approached the problem.

If you look carefully in the API documentation, you won't find any hooks that allow you to directly alter the URLs of the facets. Gutting the FacetAPI module is quite daunting. I started looking for undocumented hooks, but quickly abandoned that approach. Then, I realised that FacetAPI Pretty Paths actually does what we wanted: alter the paths of the facets to make them look, well, pretty! I just had to figure out how it worked and emulate its behaviour in our own module.

Turns out that most of the facet generating functionality is contained in a set of adaptable, loosely coupled, extensible classes registered as CTools plugin handlers. Great! This means that I just had to find the relevant class and override those methods with our custom logic while extending.

Facet URLs are generated by classes extending the abstract FacetapiUrlProcessor class. The FacetapiUrlProcessorStandard extends and implements the base class and already does all of the heavy lifting, so I decided to take it from there. I just had to create a new class, implement the right methods and register it as a plugin. In the folder of my custom module, I created a new folder plugins/facetapi containing a new file called url_processor_myproject.inc. This is my class:

 * @file
 * A custom URL processor for cancer.

 * Extension of FacetapiUrlProcessor.
class FacetapiUrlProcessorMyProject extends FacetapiUrlProcessorStandard {

   * Overrides FacetapiUrlProcessorStandard::normalizeParams().
   * Strips the "q" and "page" variables from the params array.
   * Custom: Strips the 'contact' variable from the params array too
  public function normalizeParams(array $params, $filter_key = 'f') {
    return drupal_get_query_parameters($params, array('q', 'page', 'contact'));


I registered my new URL Processor by implementing hook_facetapi_url_processors in the myproject.module file.

 * Implements hook_facetapi_url_processors().
function myproject_facetapi_url_processors() {
  return array(
    'myproject' => array(
      'handler' => array(
        'label' => t('MyProject'),
        'class' => 'FacetapiUrlProcessorMyProject',

I also included the .inc file in the myproject.info file:

files[] = plugins/facetapi/url_processor_myproject.inc

Now I had a new registered URL Processor handler. But I still needed to hook it up with the correct Solr searcher on which the FacetAPI relies to generate facets. hook_facetapi_searcher_info_alter allows you to override the searcher definition and tell the searcher to use your new custom URL processor rather than the standard URL processor. This is the implementation in myproject.module:

 * Implements hook_facetapi_search_info().
function myproject_facetapi_searcher_info_alter(array &$searcher_info) {
  foreach ($searcher_info as &$info) {
    $info['url processor'] = 'myproject';

After clearing the cache, the correct path was generated per facet. Great! Of course, the paths still don't look pretty and contain those way too visible and way too ugly query parameters. We could enable the FacetAPI Pretty Path module, but by implementing our own URL processor, FacetAPI Pretty Paths will cause a conflict since the searcher uses either one or the other class. Not both. One way to solve this problem would be to extend the FacetapiUrlProcessorPrettyPaths class, since it is derived from the same FacetapiUrlProcessorStandard base class, and override its normalizeParams() method.

But that's another story.

Sep 08 2021
Sep 08

I'm excited to announce that Acquia has signed a definitive agreement to acquire Widen, a digital asset management (DAM) and product information management (PIM) company.

The Acquia and Widen logos shown next to each other

It's not hard to understand how Widen fits Acquia's strategy. Our goal is to build the best Digital Experience Platform (DXP). Content is at the heart of any digital experience. By adding a DAM and PIM to our platform, our customers will be able to create better content, more easily. That will result in better customer experiences. Plain and simple.

Widen is for organizations with larger marketing teams managing one or more brands. These teams create thousands of "digital assets": images, videos, PDFs and much more. Those digital assets are used on websites, mobile applications, in-store displays, presentations, etc. Managing thousands of files, plus all the workflows to support them, is difficult without the help of a DAM.

For commerce purposes, marketers need to correlate product images with product information like pricing, sizing, or product specifications. To do so, Widen offers a PIM. Widen built their PIM on top of their DAM — an approach that is both clever and unique. Widen's PIM can ingest product content from proprietary systems, master data management (MDM) platforms, data lakes, and more. From there, marketers can aggregate, synthesize, and syndicate product content across digital channels.

In short, organizations need a lot of content to do business. And online commerce can't exist without product information. It's why we are so excited about Widen, and the ability to add a DAM and PIM to our product portfolio.

Because content is at the heart of any digital experience, we will build deep integrations between Widen and Acquia's DXP. So in addition to acquiring Widen, we are making a large investment in growing Widen's engineering team. That investment will go towards extending the existing Widen module for Drupal, and creating integrations with Acquia's products: Acquia Site Studio, Acquia Campaign Studio (Mautic), Acquia Personalization, and more. Digital asset management will be a core building block of our DXP.

Needless to say, we will continue to support and invest in Widen working with other Content Management Systems and Digital Experience Platforms. We are building an open DXP; one of our key principles is that customers should be able to integrate with their preferred technologies, and that might not always be ours. By growing the engineering team, we can focus on building Drupal and Acquia integrations without disrupting the existing roadmap and customer commitments.

A few other facts that might be of interest:

So last but not least, I'd like to welcome all of Widen's customers and employees to the Acquia family. I'm excited to see what we will accomplish together.

Sep 07 2021
Sep 07

This guest post comes from Paulo Herinque Cota Starling, who explains how CI&T made contribution to the Drupal project a central part of its work culture, and how that has improved the Drupal talent on their team and brought them more business. 

For four years, CI&T has made its mark as a top Drupal contributor in Dries Buytaert's report "Who sponsors Drupal development?".

CI&T logo

In 2016, we created internal initiatives to get noticed by the Drupal Community with the quality and volume of our contributions. Today, we see the results of these efforts, with recognition as a Drupal leader and increased visibility for the CI&T brand through the Drupal marketplace. This commitment has directly helped us win new businesses.

To manage our efforts, we have an internal Drupal Competence Office (DCO), a team responsible for leading Drupal community contributions and building relationships with the broader Drupal community. The DCO operates as a bridge between the Drupal community and CI&T development teams tackling different pipes. DCO's developers are focused on solving various module issues and Drupal core issues, organizing and updating all Drupal training materials, and providing training support for new developers joining CI&T.

New DCO members who are not knowledgeable in Drupal often start working on less complex module issues. These new developers gain significant knowledge as they discover the modules available in the community, their structure, what Drupal offers out-of-the-box, how to extend its functionality, and how to search for information in various channels. We also often welcome new people at the DCO who are trained, contribute to Drupal, and are ready to work on a project at CI&T.

In addition to our Drupal team, we also undertake internal contribution campaigns, allowing all CI&Ters outside the DCO to feel motivated to contribute. These campaigns usually take place once a year and last approximately six months so everyone has an opportunity to contribute and be recognized. After the end of a campaign, people who made the most significant contributions receive awards. For this year's campaign, the first-place winner will take home a new PlayStation 5!

These internal campaigns are a win-win situation for both CI&T and the greater Drupal Community. Internally, we recognize the contributors while at the same time increasing the number of overall contributions made to the Drupal Community. Contributing to Drupal for the first time can be tricky. It's common for CI&T to run 'dojos' to teach everyone interested in getting a Drupal environment up and running quickly, creating or finding an issue, creating a patch or a merge request and reviewing the changes made in an issue. The participants can also collaborate with documentation, camp organizing, and support requests. 

Drupal has been a widely used technology in customer projects in recent years. In addition to being an open-source framework and significantly lowering our costs, CI&T's contributions to the Drupal Community help the company's business to grow. When talking to potential customers, we're frequently asked about our current contributions, which modules are we a maintainers of, and whether we help in core or not. If the client asks about this issue, we know it will be a significant factor when deciding whether to close a contract with CI&T or another company.

All our initiatives for the Drupal Community aim to increase our employees' knowledge so that they can work on projects, help win new clients and increase the overall quality of Drupal. CI&T, in turn, can continue to offer innovative solutions that meet the needs of our clients.

Editor's note: We at the Drupal Association want to congratulate CI&T on taking the initiative to put their Drupal Competence Office together within their organization. We believe that other organizations in the community can learn from their example, and create a rising tide of contribution to raise all ships in the Drupal ecosystem - building both better Drupal software, and executing better projects for Drupal clients.

Sep 07 2021
Sep 07

One of Acro Media’s very own, Mike Hubbard, breaks down two of the world’s best-known content management systems. Full of detailed analysis and side-by-side comparisons of the WordPress and Drupal CMS admin user interfaces. Read on to learn everything you didn’t know you didn’t know.

Side-by-side: WordPress and Drupal admin UI comparison quick links.

Click on the links below to jump to each section and see which CMS comes out on top.

Content management systems (CMSs) are the engine that drives content creation on the web today. They form the foundation that we build on for publishing and sharing information, creating digital experiences and conducting online retail. WordPress and Drupal are staples in the CMS world and they have both been around a long time. WordPress is known for its intuitive and easy-to-use interface. Drupal is known for its flexibility and complexity. While both have their strengths and weaknesses, the usability gap between WordPress and Drupal is changing. This article will show you the current state of Drupal’s admin user experience in a side-by-side comparison with WordPress, the most widely used CMS. If you’re familiar with one CMS but not the other, this comparison is also a good introduction to the other.

TL;DR: The primary goal of this article is to dispel the perception that Drupal is widely different and harder for administrators to use than WordPress. If you don’t care about the background behind this perception, just skip down to the direct comparison.

WordPress is easy, Drupal is hard… why does this perception exist

But first, a little background. The dominant CMS in terms of the number of sites running on it is WordPress. W3Techs estimates that WordPress powers about 62% of all websites that use a CMS, meaning multiple millions of websites are using it.

Why is WordPress so popular? WordPress started as a blogging engine with a focus on being easy to use. This proved to be incredibly important because it meant that nearly anyone could get a WordPress site up and running fast and be able to use it with little-to-no training. The idea caught fire with both individuals and local businesses who just wanted a simple, low-cost website that others could find online. Web developers and agencies also finally had a framework that allowed their clients to make simple content edits within an admin environment that was friendly.

Of course, today, businesses can use WordPress for much more than a simple website, but ideally, that is still the best use case. The perception that WordPress is easy to use stands true. It may not be the solution if you have more complex needs.

But, dear reader, this article isn’t meant to praise and promote WordPress. Instead, much of this article will focus on another popular CMS, Drupal. 

Drupal is a fantastic CMS and is incredibly powerful when used correctly. Drupal is the go-to solution for providing a robust solution for today’s CMS-driven website development in many web development circles. It is thriving as the #3 ranked CMS with about 3% of the internet population, equalling hundreds of thousands of websites using it. 

Why isn’t Drupal more popular? Well, anyone who knows Drupal (and even many who don’t) will tell you that Drupal is best suited for large websites with high traffic and complex requirements. Universities, government, nonprofits and online retailers are a sample of those who use Drupal. Out-of-the-box Drupal isn’t as ready to use as WordPress, so it’s unlikely a suitable fit for simple websites. For non-developer individuals, configuring Drupal is a steep learning curve. Local web agencies take more time to set up, which means they must charge more. These reasons alone essentially take Drupal out of the running for many websites, so for Drupal, it’s more about the use case than mass adoption.

With that said, Drupal’s ability to be configured and developed means it can handle nearly any situation required of it, whether selling products for enterprise businesses or being the integration layer between multiple platforms. While this inherent flexibility is excellent for software developers, Drupal’s perception of complexity, combined with a historically underwhelming admin experience, has cemented a reputation that Drupal is unintuitive and difficult to use for the end-user. Much like WordPress, Drupal’s reputation preceded itself. In Drupal’s case, however, this reputation isn’t as flattering, and it’s something that our sales and outreach teams often battle.

For Drupal, it’s time for change

Like WordPress, Drupal is open source software. It’s free to use, and anyone has full access to the underlying code to modify and build on. Both platforms have a core team for advancing key initiatives and a massive community of individuals and organizations that support the initiatives while also adding additional functionality through plugins (WordPress lingo) or modules (Drupal lingo).

While usability has always been important to WordPress (since it started as a blogging platform), Drupal was historically more focused on being open and flexible. Its user experience has continuously improved with each version release, but late 2018 marked the beginning of a big push towards modernizing the Drupal admin user interface (UI). Drupal is an amazing software, and it’s time that the admin experience catches up.

Introducing Claro, Drupal’s new admin UI

Drupal 8 Claro admin theme
Claro interface design mockup courtesy of Drupal.org

Claro is the new admin theme being built as part of the Admin UI Modernization initiative. It’s included with every Drupal 8 site, new and old, and can be enabled right now if you so choose. Just be aware that it is currently considered “experimental” while progress continues to be made. It’s not yet in its finished state, but you can view the development roadmap here to see what is still left to do.

Side-by-side: WordPress & Drupal Admin UI Comparison

On to the comparison!

For WordPress, I’m using version 5.3.2 (released Dec. 18, 2019) which comes with its own Twenty Twenty default theme and content.

For Drupal, I’m using version 8.8.1 (also released Dec. 19, 2019. How about that!) and the new, but experimental, Claro admin theme. If you’re looking at this at a later date, some aspects may be different (for the better!) as the development of the theme continues. I’ve also installed Drupal using the official Umami demo install profile so that I have a theme and some content to work with.

In each of the 10 comparison categories below, I’ll give my opinion on which CMS has the edge out-of-the-box and why I think this. I’ve used both platforms and do have some bias towards Drupal, but I’ll do my best to keep that in check.

Category quick links
  1. Admin toolbar
  2. Login dashboard
  3. Managing media
  4. Creating pages
  5. Editing pages
  6. Managing widgets and blocks
  7. Managing menus
  8. Managing users, roles and permissions
  9. Site status report
  10. Plugins and modules
  11. WordPress & Drupal comparison summary

1. Admin toolbar

The admin toolbar is always present on the page of both WordPress and Drupal.


WordPress admin toolbar

In WordPress, a single toolbar is used as a jump-off point for common admin pages, but you can also start the content creation process and access your account profile and information.


Drupal 8 admin toolbar

Drupal has a similar admin toolbar except you have access to everything, including creating new content. Every admin page that your user role has permission to view is available through this menu. While it’s more to look at initially, experienced users enjoy fewer clicks to get where they want to go.

Edge: Drupal

While the learning curve to know where everything is might be a bit steeper, experienced Drupal users enjoy being able to access everything in one familiar way. With that said, new users may find this larger menu intimidating.

2. Login dashboard

After logging in, the login dashboard is the first page you see. WordPress and Drupal both take a different approach to their login dashboard.


WordPress login dashboard

WordPress has a robust dashboard right out of the gate. This dashboard takes admins away from the site frontend and into an interface that only they can see. The left side has a larger menu for accessing the rest of the admin interface. The main content area mix of useful information about your site and information specific to WordPress as a whole, such as training resources and upcoming WordPress events. The panes on this page can be toggled on and off and plugins can add new panes.


Drupal 8 login dashboard

This is the first area where Drupal takes a different approach. Instead of a robust dashboard, you don’t actually get much of anything. The admin toolbar already gives you access to the entire site, so Drupal keeps you on the website frontend and instead shows you your “user page”. This page is entirely customizable although you will most likely need third-party or IT support to do so. It’s an open canvas to do with as you like. For ecommerce, you might show a customer their information, recently viewed products and their last order placed. For content creators, you might show a custom dashboard with quick links to their common tasks. What you do here is entirely up to you.

Edge: WordPress

Although it’s not entirely useful, WordPress actually has a dashboard which is a nice touch for new users. Drupal's clean slate offers a lot of exciting potential for admins and visitors alike, but any potential must first be realized before this page is useful.

3. Managing media

Images, videos, documents and more are uploaded and organized within a media manager. Both WordPress and Drupal offer a convenient content editor plugin that makes selecting and adding media into content easy.


WordPress media manager

WordPress really defined the way media can be managed within a CMS. Their interface for managing media contains a handy drag-to-upload feature and each piece of media is shown in a grid format by default. Media can be filtered by date, type and name.


Drupal 8 media manager

Drupal admittedly isn’t as clean as WordPress in this interface yet but its functionality is essentially the same and solid for most users. The visual interface will improve as the development of Claro progresses. By default, Drupal displays media in a list, but you can toggle between list and grid. There are also similar filtering options. Like all other aspects of Drupal, advanced users can customize media types beyond what you see here and entirely new media types can be created. This advanced functionality is unique to Drupal and isn’t as easily done in WordPress.

Edge: WordPress

WordPress does a great job of making media easy to manage. Drupal will continue to see improvements in the near future, but right now it still feels clunky.

4. Creating pages

Creating new pages, such as general content pages and blog posts, is a common interaction that most admin users will need to do.


WordPress new page Gutenberg editor

As of version 5.0, WordPress includes their much anticipated Gutenberg editor experience. This editing format is sleek, modern, and very intuitive. You start with a title and then continue piecing together chunks of content by selecting various types of “blocks” to build the page with. Blocks are a single, reusable type of content such as a heading or paragraph of text, an image or gallery, a list, a quote, etc. Custom blocks can be created and plugins may also add additional blocks that content creators can use. Along the right side of the page is a settings pane. This pane provides various page specific settings and customizations such as page visibility, featured image, an option to allow comments, etc. Additional settings for the currently selected content block also appears here.


Drupal 8 new page creation

Out-of-the-box, creating a new piece of content looks like the screenshot above. Content in Drupal could potentially be something wildly different than just a basic page, so Drupal defaults to a standard “field-based” editing interface where the different fields that are configured to make up the content are laid out on the page. All editors need to do is fill in the blanks. Field types can be text (with an optional WYSIWYG editor), an image, a file upload, a date, and anything else you can imagine. This again is where Drupal’s flexibility is both an advantage and a curse. The advantage is that a type of content can be anything you can imagine, but the downside is that someone has to configure that content type first. The field-based editing experience is provided by default to ensure the editing experience is consistent across different content types.

Here’s the important thing to know about Drupal. Drupal doesn’t like to make assumptions as to what your editing experience should be. As an example, a used car dealership, a national newspaper, and an online retailer will all have entirely different content editing requirements. Drupal doesn’t want to get in your way and it doesn’t try to. What it does do is give you a solid foundation to create YOUR ideal editing experience. This might not be ideal for organizations and businesses with simple website requirements, but for those with complex workflows and unique requirements, Drupal is ideal.

One last important note to make on this topic is that Drupal does also have a Gutenberg editing experience, it just doesn’t come packaged with Drupal out-of-the-box. This module and other editing interface modules and initiatives can be installed in Drupal to make the default editing experience more capable and modular.

Edge: WordPress

When based solely on out-of-the-box functionality, WordPress's pre-packaged Gutenberg editing experience is modern and intuitive for new and experienced users. However, it’s important to note that Drupal modules exist that greatly improve Drupal’s default experience. You can even add the same Gutenberg experience.

5. Editing pages

Once a page has been created, sometimes you still need to go back and edit it once in a while. This is a different experience from creating new content, so let’s now look at how it works with each CMS.


WordPress editing existing pages

Pretty standard, as a logged-in administrator you have access to editing content by viewing the page on the website frontend and using one of the various “edit” buttons. You’re then brought to the same Gutenberg interface that you see when creating content.


Drupal 8 edit existing pages

I would say Drupal has the upper hand for editing existing content. Similar to WordPress, as a logged-in administrator you have access to page edit links when viewing the content which brings you back to the same interface as when the content was created. However, in Drupal, you also have additional links to view content revisions as well as the view and edit page translations for multi-language sites.

Drupal 8 inline page editor

The current version of Drupal, Drupal 8, also includes an additional edit icon that contains a new “quick edit” option. Depending on the content, the quick edit allows on-page inline editing (shown above) instead of taking you to a separate page! This makes simple edits quick and easy. Furthermore, the edit icon also appears when administrators hover over menus and other configurable page elements too, giving you a quick way to access their configuration.

Edge: Drupal

While WordPress has the edge when creating new content, Drupal’s on-page inline editing feature makes editing existing content quick and easy by keeping content editors on the website frontend.

6. Managing widgets and blocks

Widgets (WordPress lingo) and blocks (Drupal lingo) are two words for essentially the same thing. While not limited to these locations, the header, footer and often left and right columns beside the main content area contain defined regions where certain elements can be placed. I’m talking about slogans, menus, a search bar, your copyright, recent posts, social feeds, etc. WordPress and Drupal have similar but different ways to manage these elements.


WordPress widgets page

WordPress includes backend and frontend methods for editing page widgets, both of which are quite basic and lack a lot of real capability.

The backend method (shown above) is accessed through the backend Appearance menu. This page gives you a nice list of available widgets on the left side and another list of active widgets within the available regions on the right. A simple drag and drop interface lets you move elements around and opening each widget allows for basic configuration.

WordPress widgets live editor

The frontend method is through a "Live Preview" mode (shown above) where a version of the site theme is presented and widgets are managed through the left column. Settings for existing widgets can also be quickly opened by clicking its blue edit icon, as you can see in the image above.

Out-of-the-box, it’s difficult to understand exactly where a widget will appear throughout the site because you don’t have the ability to see or control which pages accept the widget. Some third-party plugins are available to give you this functionality, but they must be added. New widgets are also a bit more difficult to add as they must be created by a developer or added through a plugin.


Drupal 8 block layout page

Like WordPress, Drupal has the ability to manage blocks from both the backend and frontend of the website, although Drupal handles both situations better.

The backend method (shown above) is accessed through the admin toolbar’s Structure menu. Here you can view all available regions and the blocks contained within each. Regions are a big part of Drupal theme creation, so you will often see 10+ available regions to choose from. If you’re not sure of your themes regions, the “Demonstrate block regions” link above the list of regions will give you a preview. Each region has a “Place block” button for adding new pre-configured blocks. Existing blocks can be moved dragged between regions and each block can be configured independently. Block configuration in Drupal is very robust, including but not limited to control over what pages the block is visible on and what account roles can view it. Like content, blocks can be translated and even have revisions.

Custom blocks can also be created by more advanced Drupal users in a similar way that new media and content types are created. In the screenshot above there is a link to the “Custom block library,” which is where new blocks can be created. Like WordPress, modules can also be installed which will add new blocks.

Drupal 8 frontend block quickmenu

Drupal’s frontend method for managing blocks takes on the same familiar editing experience that we discussed for editing content. When logged in and viewing the website frontend, navigating to a page and hovering your cursor over an element will reveal an edit icon if that element is a configurable block. Options for the block are then given. The block in the screenshot above contains a menu, so we see options to configure the block and edit the menu. In this case, clicking one of these options will take you to the backend page for performing these actions. If the block contained text, we would also be given an option to edit the text directly on the page, just like we can with content.

Edge: Drupal

Simply put, Drupal’s block management is robust yet not too difficult. Being able to manage existing blocks directly from the website frontend is both user-friendly and familiar given that existing pages can also be managed in the same way.

7. Managing menus

Menus connect the pages within a website. Commonly you’ll find primary navigation and some sort of footer menu, but menus are used in many other places as well.


WordPress menu management

The menu system in WordPress is a bit strange at first, but overall it’s pretty simple. You create a menu (or select an existing one using the menu selection dropdown), then add links by selecting pages, categories, or by creating custom links (add menu items in the image above), then use a drag and drop interface for moving and nesting the menu items (menu structure in image above). Each menu item within the menu structure can be opened for a bit of customization.

The menu settings area controls where the menu is displayed within predefined template locations. Just check the box and the menu will appear once saved. Any menu created here can also be assigned to the region as a widget or through the template live preview screen.

One odd thing I’ve found with WordPress is that, when editing a page, you’re not able to add it into a menu. I’m sure there are plugins that allow this, but out-of-the-box you have to add the page through the menu system or check a setting within the menu that all new pages get added… but then you might have to remove some.


Drupal 8 menu management

Drupal’s approach to menus is what I would consider more standard. You navigate the “menus” page which lists all of the menus that have been created, then you create a new menu or edit an existing menu. The screenshot above is what you see when editing a menu. Here you manage this menu’s links by either adding a new one or manipulating the existing ones. When adding a new link you can easily search for content that the link will link to or specify a custom link.

Pages can also be added to a menu when the page is being created or edited. Within the page settings, all you do is select the menu and specify a link title.

Like WordPress, once you create a menu you can then add it into a region of the site as a block. However, within the menu itself, you don’t have the ability to put the menu anywhere.

Edge: Drupal

A more standard approach makes managing menus clearer and more user-friendly. Also being able to choose if a page should be included in a menu while creating the page is a nice feature. That said, I appreciate being able to manage a menu in its entirety on a single page as you do in WordPress.

8. Managing users, roles and permissions

Managing users is common for both controlling who can edit the website and who can log in for other reasons, such as non-admin accounts for an online store or community.


WordPress user management

WordPress has six predefined user roles: Super Admin, Administrator, Editor, Author, Contributor, and Subscriber. Each has varying degrees of what they can do, but it’s pretty clear for the most part and goes back to when WordPress was mainly a blogging platform. Users can be created and managed through a “users” page (shown above), which is laid out in a straightforward manner displaying

But WordPress has some major drawbacks here. First, WordPress doesn’t have any frontend user self-management, meaning users can’t view or edit their own profiles. Second, the predefined roles and their associated permissions don’t work for everyone and actually complicate user management when you don’t need it. Third, there is nowhere to really manage role permissions in a granular way. These drawbacks can be fixed through custom development and/or various plugins, but many consider this to be a general weak point of WordPress.


Drupal 8 user management

User management is another area where Drupal shines. In contrast to WordPress, Drupal only starts with three default roles: Anonymous, Authenticated and Administrator. Anonymous is a user who is not logged in, authenticated is a user who has an account but isn’t someone who typically isn’t managing content and site configuration, and administrator is a user with the full site and admin access. These three roles are minimal, clear and cover all of the basic needs of most sites. If and when another role with different permissions is created, this is easy to do right out of the box.

The image above shows Drupal’s version of the current list of users. It follows a similar look and style to the rest of the admin pages, giving administrators a place to add and manage user accounts, including assigning users to specific roles. Anonymous and authenticated users can also create or manage their own accounts through the website frontend (although this functionality can be turned off if desired).

Drupal 8 user permissions page

Drupal’s strength in user management comes in the form of roles and permissions. When a role is created, a column of permission checkboxes for the role is added to the Permissions page (shown above). Almost every piece of functionality within Drupal has associated permission. Simply checking the boxes determines what each role can and can’t do. It’s powerful and easy.

Edge: Drupal

A simple yet powerful user management system combined with frontend self-service functionality gives Drupal a clear edge over WordPress.

9. Site status report

Both WordPress and Drupal include a site status page that gives you information about the website and server configuration as well as an overall health report that outlines any issues. These automated health checks help keep your CMS up-to-date and secure.


WordPress site health page

The “Site health” page (shown above) gives you an overall health status and a list of any issues. This status page is clean and each item can be expanded for more information, but there is no visual urgency that makes the “2 critical issues” stand out. In my opinion, critical issues should be resolved and so highlighting these issues in some way is a necessary UX improvement.

An info tab at the top of the page can be opened which gives more information about your installation of WordPress, the server, the PHP version, and the database.


Drupal 8 status report page

Drupal contains both site information and site health in one “Status report” page (shown above). Like WordPress, this page gives you everything you need to know at a glance about your Drupal installation and the other components that make it run. Here we can also clearly see what errors and warnings have been found and some information on how they can be resolved.

Edge: Drupal

While both WordPress and Drupal have similar pages that show similar information, Drupal’s status report does a better job at laying out the information and visually capturing the severity of any issues.

10. Plugins and modules

Plugins (WordPress lingo) and modules (Drupal lingo) extend core CMS functionality and add new features. Extensions are usually created by third-party developers and released to the platform communities for anyone else to use. Whether it’s to increase performance, enhance SEO capabilities or create an online store, extensions are a powerful way to improve and adapt the CMS platform.


WordPress plugins page

Visiting the “Plugins” page (shown above) is a quick way to see what additional plugins are currently packaged with your WordPress installation and can be activated if desired. The plugins shown here all provide some sort of new functionality or feature that is not part of the core WordPress software.

WordPress plugin search page

When you need new functionality, WordPress provides an excellent and convenient plugin library browser (shown above) accessible within the website backend. Here you can search for, view, and install plugins easily with the click of a button.


Drupal 8 extend page

Drupal’s module list is where you can see all current extensions, activated or not, for your Drupal installation. The big difference here between WordPress and Drupal is that for Drupal you are able to see all modules installed, even those that are part of the core software. Modules are also nicely grouped which nicely organizes the large list.

Installing new modules isn’t nearly as easy in Drupal. Unlike WordPress, Drupal doesn’t include a module library browser within the backend interface. Instead, users must search for modules within a web browser and manually install them. Finding modules can be difficult if you’re not familiar with the process.

Edge: WordPress

While both platforms have a massive library of extensions, WordPress offers users a much friendlier and intuitive way of finding and installing extensions that users of any skill level can appreciate. This may or may not be an issue for you if you have a capable IT team or development partner, but for small teams, WordPress has the clear edge.

WordPress & Drupal comparison summary

I hope after going through this comparison you now have a good understanding of the differences and similarities between WordPress and Drupal. As you can see, both platforms out-of-the-box have different strengths and weaknesses, but it’s important to know that all of the weaknesses can be overcome through platform extensions and experience. In extreme cases, both platforms support custom development to overcome unique problems.

For convenience, here is a quick summary showing which CMS has the edge in the 10 categories compared. However, I would recommend that you go back and read the edge summary for each category if you haven’t done so already.

Comparison category WordPress Drupal Admin toolbar   ✓ Login dashboard ✓   Managing media ✓   Creating pages ✓   Editing pages   ✓ Managing widgets and blocks   ✓ Managing menus   ✓ Managing users, roles and permissions   ✓ Site status report   ✓ Plugins and modules ✓  

A final word of advice

In my opinion, you shouldn’t be turned off from one platform or the other simply because you’ve heard that one is better or easier to use. Both platforms are mature and constantly improving, user experience is top of mind, and usability gaps have become less of an issue in recent years.

My advice, select the platform you use based on your requirements. WordPress is a great authoring tool and is good for small and medium-sized organizations. Drupal is fantastic for medium and enterprise organizations or anyone who has complex workflows, products, and/or a need to integrate with other platforms. That’s a pretty general summary, but if you’re considering either of these platforms, first know what your requirements of the platform are and then start talking to the experts for each.

Acro Media is an ecommerce consultation and development agency that can help you in this regard. We specialize in open source ecommerce and a large part of our work is based around Drupal. Drupal typically works better for our clients but we know WordPress, too. If you’re researching your requirements or evaluating your options, hit us up for a quick chat, we would love to help. Otherwise, check out some of these related resources.

Contact Acro Media Today!

Related resources

Sep 07 2021
Sep 07

The Coffee module adds quick search functionality for backend pages in Drupal. The module was inspired by the Spotlight app on MacOs and Alfred.

Coffee makes it possible to navigate quickly through backend configuration pages by just searching for them instead of using the toolbar.

Table of Contents

Getting Started

Before we begin, download Coffee by running the following Composer command:

composer require drupal/coffee

Then go to Extend and install the module.

How to use Coffee

To display the pop-up window, use alt+D (or alt+K) for Windows or opt+D for MacOs.

Start typing the page title, and you should see results returned, then click on one of the returned results and you’ll be redirected to the page.

You can also display the pop-up by clicking on the “Go to” link in the toolbar.

Jump to Create Page using :add

Furthermore, Coffee facilitates opening a new page or article for you, just type “:add” and choose an article or a basic page. You can also go to the front page by typing colon only.

Module Settings

You can configure the module by going to Configuration -> Coffee (/admin/config/user-interface/coffee).

Here you can configure which menus will appear in the results and the max number of items returned. By default, it’ll only show a max of 7 results.

Module Permissions

The module comes with two permissions:

  • Access Coffee: This allows you to use the Coffee functionality.
  • Administer Coffee: This allows you to configure the module.

If you have an editor role and you want them to use Coffee then assign them the “Access Coffee” permission.

Change Keyboard Shortcut

Currently, you can’t change the default shortcut key from Command/Ctrl/Alt-D. There is, however, a patch for the module if you really want to do it.

If you want to define your own commands in the Coffee module using (hook_coffee_command); see coffee.api.php for more documentation.

Alternative to Coffee

The Admin Toolbar module comes with a quick search functionality which is similar to Coffee. You can learn more about this by reading the “Add Quick Search and Drop-downs to the Toolbar using Admin Toolbar in Drupal” tutorial.


The Coffee module offers handy functionality especially if you spend a lot of time administering Drupal sites.

The ability to quickly jump between pages can speed things up and make you more productive.

Sep 07 2021
Sep 07

6 minute read Published: 7 Sep, 2021 Author: Matt Parker
Drupal Planet , Migrations

This is the fifth in a series of blog posts on writing migrations for contrib modules:

Stay tuned for more in this series!


While migrating off Drupal 7 Core is very easy, there are still many contrib modules without any migrations. Any sites built using a low-code approach likely use a lot of contrib modules, and are likely blocked from migrating because of contrib. But — as of this writing — Drupal 7 still makes up 60% of all Drupal sites, and time is running out to migrate them!

If we are to make Drupal the go-to technology for site builders, we need to remember that migrating contrib is part of the Site Builder experience too. If we make migrating easy, then fewer site builders will put off the upgrade or abandon Drupal. Plus, contributing to migrations gives us the opportunity to gain recognition in the Drupal community with contribution credits.

Problem / motivation

In the last blog post, we walked through the process of creating a simple configuration migration — but I noted that, even after you’ve built the migration, when you get to the “What will be upgraded?” step in the migration wizard, the module will still show up in the list of “Modules that will not be upgraded”. This happens because core’s Migrate Drupal UI has no way of knowing whether you’ve written all the migrations that you intended to write!

If you look closely at the “What will be upgraded?” step, you’ll see there is a row for each module that has stored data on the D7 site — that is to say, D7 modules which do not store data are not listed; and D9 modules are only mentioned if they declare a migration for the data in one of those D7 modules.

Also, to date, this blog series has assumed that you are migrating to D9 from an older D7 version of the same module — but that doesn’t necessarily need to be the case: for example, the D9 Address module didn’t exist in D7: its predecessor module was named AddressField. Address module migrations would be written to migrate data from the AddressField module.

Recall that the main goal of this blog series is to improve the upgrade experience for Site Builders… as a Site Builder facing an upgrade, I want as many of my D7 modules to be (accurately) accounted for in the “What will be upgraded?” step of the migration wizard, so that I know how much manual migration that I need to do after running the migration wizard.

Proposed resolution

In Drupal 8.8, the migration team introduced a way for modules to declare their upgrade status. The status determines whether the “What will be upgraded?” report will list a D7 module in the list of “Module(s) that will be upgraded” or “Module(s) that will not be upgraded”.

A migration status looks like…

# In migrations/state/D9_DESTINATION_MODULE.migrate_drupal.yml
    d6_source_module_1: D9_DESTINATION_MODULE
    d7_source_module_2: D9_DESTINATION_MODULE
      - other_d9_destination_module

    d7_source_module_4: D9_DESTINATION_MODULE

You can see from this example that:

  1. You declare migrations as either finished or not_finished.

    In the “What will be upgraded?” report, a source module that does not have a migration declared for it — or whose migration is declared as not_finished — will appear in the “Module(s) that will not be upgraded” list.

    If a migration is declared as finished, then the module will appear in the “Module(s) that will be upgraded” list.

  2. You declare migration statuses for D6 and D7 modules separately.

    This allows you to tackle D6 and D7 migrations separately.

  3. You can declare migrations from one or more source modules to one or more destination modules.

    For example, core’s telephone module declares that it can migrate content from both the D7 Phone module and the the D7 Telephone module.

    Unfortunately, I’m not aware of an example where more than one D9 destination module is defined for a D7 source module.

  4. You declare migrations as finished or not_finished for the module as a whole.

    For example, this means that if a D7 module stores both content AND configuration, and you’ve only written a migration for configuration, then the module’s status is not_finished. Only once you’ve written the migration for the content, you can declare the status as finished.

Steps to complete

Let’s try to follow the principles of test driven development (TDD) by writing a test before we write the code to make that test pass. Put the following template at your module’s tests/src/Kernel/Migrate/d7/ValidateMigrationStateTest.php:

namespace Drupal\Tests\MODULE_NAME\Kernel\Migrate\d7;

use Drupal\Tests\migrate_drupal\Kernel\d7\MigrateDrupal7TestBase;
use Drupal\Tests\migrate_drupal\Traits\ValidateMigrationStateTestTrait;

 * Tests that the MODULE_NAME test has a declared migration status.
 * ValidateMigrationStateTestTrait::testMigrationState() will succeed if the
 * modules enabled in \Drupal\Tests\KernelTestBase::bootKernel() have a valid
 * migration status (i.e.: finished or not_finished); but will fail if they do
 * not have a declared migration status.
 * @group MODULE_NAME
class ValidateMigrationStateTest extends MigrateDrupal7TestBase {
  use ValidateMigrationStateTestTrait;

   * {@inheritdoc}
  protected static $modules = ['MODULE_NAME'];


The test inherits from MigrateDrupal7TestBase, which automatically sets up a migration; and the test includes code fromValidateMigrationStateTestTrait — which has a public function testMigrationState() — so the migration state is automatically tested if you just fill in the MODULE_NAME.

Since we haven’t declared a state yet, if you run this test, it will fail.

Now, let’s write a migration state! At migrations/state/MODULE_NAME.migrate_drupal.yml


Now, when you run the test, it will pass, because the module has declared a status (even though the status is not_finished).

Once you’re confident that you’ve written migrations for all the data that your D7 module can store, you can change that not_finished to finished.

Next steps

If you’ve already contributed some migrations, you can update those contributions to declare the migration status for that module. Remember, only declare the status as finished if you’ve written migrations for all the data stored by the D7 module that can be stored by the D9 module.

The article Easy commit credits with migrations, part 5: Declaring a module’s migration status first appeared on the Consensus Enterprises blog.

We've disabled blog comments to prevent spam, but if you have questions or comments about this post, get in touch!

Sep 06 2021
Sep 06

This month, we have reports on community activity from:

  • Bugsmash, by Mohit Aghera
  • DrupalCon Europe Advisory Group, by Cecilia Levy
  • Drupal Trivia, by Stella Power
  • Security Team, by Tim Lehnen

Where can you help to drive forward the Drupal project?

Bugsmash, by Mohit Aghera

What have been your priorities in the last three months?

Primarily we have been more focused on the streamlining triage process and have been trying a few things lately.
The team actively took part in Drupal South 2021 code sprint and had significant representation from everyone in the community. Thanks to the amazing mentors like larowlan, jibran, Kristen Pol, quietone, Griffyn Heels, and many other folks.

Apart from that, recent updates include the Bug-smash initiative keynote session by mohit_aghera and Spokje.
Recently, we tried another async meeting approach for triage meetings and it was productive as well as well-received within the contributors.
Apart from triage meetings, the team also focussed more on reviewing open issues and cleaning up issue queues by closing irrelevant issues.

And what has been your greatest success in the last three months?

We did significant work in the last quarter. Here are the statistics from 1, June 2021 till 28th August 2021. Thanks to Lendude for coming up with bug statistics tools. There is a more interactive tool hosted here https://lendude.gitlab.io/bug-smash-initiative/

As on: 2021-08-28

From: 2021-06-06 to 2021-08-28
Only bugs tagged Bug Smash Initiative
Open: 28, including 5 fixed
Closed: 315

Age Count



































Status Count closed (duplicate)


closed (won't fix)


closed (works as designed)


closed (cannot reproduce)


closed (outdated)


closed (fixed)


Based on statistics, we have approximately 2004 year reduction in the total number of years of all open bugs that are tagged with Bug-smash Initiative.

The team actively worked on Drupal South 2021 contribution sprint and making it a success.
A new page (https://www.drupal.org/community-initiatives/bug-smash-initiative/goals) for tracking Bug Smash statistics and goals, 'Goals', has been added to the initiative page (link in the channel topic). Thanks to @jhodgdon for adding it to the menu.

What has been your greatest challenge in the last three months?

Time to work on contributions is the biggest challenge everyone is facing.

Apart from that, we need to focus more on reviewing issues as there are approx 200 issues that need review.

Primarily, we are trying to address that issue within the team by doing review swaps. However, more help from the community will speed up the process.

Do you have a "call to action" you want to make to the Drupal Community?

We welcome everyone to join the async Bug-smash initiative meetings which remain open for 24 hours. You can also join triage meetings. You aren't comfortable in writing code, you can always spend time doing issue triage, review patches, etc.

The initiative page has all the relevant information about the timing and overall activities related to the initiative. Thanks to quietone, dww, jibran for maintaining initiative-related documentation.

As mentioned earlier, we have many issues that are in review state, so folks are encouraged to do a quick review of issues.

DrupalCon Europe Advisory Group, by Cecilia Levy

What have been your priorities in the last three months?

Our top priorities in the last three months were:
- Build a qualitative program (impactful and captivating keynotes & informative and diverse sessions selected from hundreds of submissions) based on a schedule alternating daily to allow a wider audience attending the event.
- Make the most of the event platform we are using this year: Hopin; and provide the best experience possible for our attendees and sponsors.

And what has been your greatest success in the last three months?

As a first edition gathering for DrupalCon Europe with local Camps and Communities, we have been working hard on building the most comprehensive event possible and we are proud to be sharing the floor this year with not less than 7 camps & local associations.
>> https://events.drupal.org/europe2021/join-your-local-community-drupalcon
We know being the firsts to support a new concept is not always an easy decision. That is why we want to express our deepest thanks to the Camps & local Communities which believe in the conjunct project and are already on-board for DrupalCon Europe 2021. They will give another opportunity for their members to experience DrupalCon for Drupal’s 20th anniversary.

What has been your greatest challenge in the last three months?

Our greatest challenge in general is to organize another online event for a target audience who is used to spend hours behind screens and is also tired from online events.
Even if Europe is reopening, we do not know what the future holds and we want to prioritize the safety and health of our participants. Therefore, we are giving our best to make DrupalCon Europe 2021 THE leading event in Europe, by giving exclusive access to insights from open source and tech industry leaders, as well as the broader Drupal ecosystem. It’s also a great opportunity to meet peers and have fun.

We truly hope to meet you all in person next year (fingers crossed), but we also know that to do that and for DrupalCon in Europe to sustain, we need this year’s edition to be a success in terms of participation and sponsorship.

Do you have a "call to action" you want to make to the Drupal Community?

Help us spread the word about DrupalCon Europe happening in less than a month! If you are not registered yet and don’t want to have the FOMO: Buy your ticket here >> https://events.drupal.org/europe2021/registration-information

Drupal Trivia, by Stella Power

What have been your priorities in the last three months?

Building the bank of questions for Trivia night

Do you have a "call to action" you want to make to the Drupal Community?

Yes, I need someone to help me with writing trivia questions. DrupalCon Europe is next month, so we're busy getting ready for that.

Security Team, by Tim Lehnen

What have been your priorities in the last three months?

Preparing for the end of life of Drupal 8, when older versions of core and modules that only have Drupal 8 releases will become unsupported. We strongly encourage maintainers to update their modules for D9, or to seek co-maintainers!

And what has been your greatest success in the last three months?

The security team has continued to have a great relationship with contrib and core maintainers in ensuring that vulnerabilities are responsibly disclosed and patches provided in the appropriate window.

What has been your greatest challenge in the last three months?

Third party dependencies (such as CKEditor) can make scheduling security releases a challenge. We have had to support some releases not on our normal release day to accommodate their schedules. We have mitigated this with PSA messaging to the community.

Do you have a "call to action" you want to make to the Drupal Community?

Update your modules for Drupal 9 compatibility, and seek new maintainers if you need help. DrupalCon Europe contribution time is a great place to look for new people.

Sep 06 2021
Sep 06

Healthcare industry is one of the fastest growing industries that need to embrace digitalization for offering customized care and services to patients. Every aspect of healthcare operations demand a digital transformation to meet the numerous necessities of modern healthcare. In this article, we will get a deeper understanding about how the healthcare industry is welcoming new digital tools and innovations breaking the old traditional healthcare pathways. You will also get a glimpse of what role Drupal plays in empowering the healthcare industry. 

How digital transformation trends are contributing to the digitalization of the healthcare industry?

Digital healthcare is enabling patients to get access to modern healthcare services that deliver seamless patient experiences. Here are some of the digital trends that are adopted by the healthcare industry to bring radical changes in their respective services. 

Describing the digital trends which are contributing to the digitalization of the healthcare industry

Telehealth facility

Telehealth enables us to witness a complete change in the communication process between a patient and a healthcare provider. The technologies such as telemedicine, patient-portals, remote patient monitoring, video conferencing and mobile health are making the patient-doctor interaction very secure and swift.  

Artificial intelligence

Artificial intelligence is one of the most rapidly growing trends for healthcare and technology. The AI-based solutions enable the doctors and medical staff to rightfully take data-driven decisions beneficial for all. Instead of utilizing the rule-based registries, the AI-powered data recovery method is practised to provide exact patient information. The chatbots and automated voice systems are adopted by the hospitals to reduce the workload for the medical staff and screen patients without any difficulties or concerns. The versatility in chatbots enables it to play multiple roles such as diagnostic tools, customer service representatives and therapists as well. Also, the AI screening helps in recognizing who is in need of immediate care and guides patients towards the right contact channels. 

Robotics Process Automation

Since robotics process automation(RPA) can be termed as an intelligent form of business process automation which helps in recording processes carried out by humans on their computer and then carrying out the same processes without the help of any human interference. This technology can be very useful for the hospitals as it can automate all the repetitive processes that necessitate human interference in a hospital.

Virtual Reality

Virtual reality has significantly brought a change in the way patients are treated. This technology helps physicians and doctors to perform proper diagnosis and also plays a huge role in physical therapy, where patients are instructed to follow an exercise routine including VR instead of invasive surgeries and drugs. It can be considered as a powerful communication channel between doctor-patient that helps the healthcare providers to have a better understanding of patients needs and engage them virtually with the necessary services.

IoT & Patient Interaction

IoT provides operation theatres, labs and hospital’s diagnosis rooms with sophisticated technology that connects tools, equipment and machinery to deliver smooth integration where data is shared. IoT altogether helps in enhancing the patient satisfaction with better and much effective communication between patients and healthcare professionals. Additionally, healthcare providers are able to track data for critically ill patients with IoT based wearable devices to get a better understanding of their health conditions. Preventive healthcare is facilitated to patients where they can monitor their internal health conditions by wearable technology. Some of the commonly used wearable devices are oximeters, heart rate sensors and exercise trackers. This technology provides a sense of ownership to the patients during the process of improving their health conditions. The information received from these wearable devices also enable the health insurers to correctly rate a patient’s risk for ailment. It overall enables the healthcare industries to save a lot of money and provide the best healthcare assistance to the patients.

Cloud solutions for healthcare

Cloud-based data services enable hospitals to work upon value-based reimbursements models, providing real-time access to data storage and offering much required agility and flexibility in the healthcare operations. Since, the healthcare companies need to maintain a large volume of data in the form of patient information, medical reports and electronic records. All this data needs to be analyzed, and cloud technology enables the healthcare companies to properly store and access the data also at the same time avoiding any additional costs of physical servers in-house maintenance. Depending on the needs, cloud provides healthcare professionals with the facility to increase or decrease the data storage capacity as well. 

Data Management & Analytics

Since there has been a problem of managing huge data of patients by the medical professionals, they are seen majorly depending on Electronic Health Records (EHR). Maintaining data manually can create errors at times. But adopting necessary technologies such as big data, wearables and blockchain to properly obtain, manage and analyze data can be very beneficial for healthcare providers. Such effective data management leads to better patient diagnosis and care. 

Big Data & Hospitals

Big data brought a change in the process of fetching, analyzing and managing data, also improving the quality of patient care services, reducing the treatment costs and predicting disease outbreaks. The various healthcare apps having exclusive features help companies to get access to huge data, and Big data further analyses them and provides necessary insights. It provides additional benefits like lowering the rate of medication errors, availing preventive care and proper staffing facility.

Blockchain & Medical Records

Blockchain enables registering every transaction, identifying any conflicting information, and decentralizing data. There are countries like the UK and Australia which are seen utilizing blockchain for managing proper medical records. It is an effective tool that helps in preventing data breaches as well.

Safety and security

Cybercriminals and hackers target hospitals to take away sensitive patient data and further misuse them. Therefore, to ensure safety to patients, there is a need to have a robust cybersecurity architecture in the healthcare organizations. With the growing technology, the healthcare industry is able to maintain the necessary safety and security.

Healthcare consumerism

The healthcare consumerism helps patients to actively get involved in their important healthcare decisions. Due to the emerging technologies, like mobile health apps, member portals and bi-directional provider portals, a proper communication between the patient and the physician is built. By using such technology, the health community is able to design and develop modern healthcare facilities. 

Therefore, the above discussed emerging technology trends succeeded in enhancing the various healthcare systems and led to better patient care service. 

COVID 19 emphasizing the growing need of digitalization in the healthcare industry

The COVID 19 pandemic has adversely affected the healthcare sector leading to restriction in various services to prevent infection from this deadly virus which further resulted in reduction in health spending. Undoubtedly, due to this pandemic, there has been an economic impact on healthcare but at the same time, the industry also felt the need of prioritizing digitalization to ensure better healthcare facilities for all. It was observed that globally, the corporate funding for digital health companies was doubled and the investment in telemedicine also rose to a great extent. Additionally, due to these hard times, there has been a disruption in the supply chains of businesses. As it is mainly about life and health, the healthcare industry has to take better initiatives in the form of contingency planning than other industries to resolve such a major issue that is currently prevailing around the world. Therefore, 60% of companies are stepping in to invest in the digital supply chain prioritizing robotics, machine learning/artificial intelligence and automation according to a research conducted by Capgemini. For example, Melbourne Health Logistics has decided to take on a Supplier Improvement Pilot Project that includes 10 Australian-based SMEs and further focuses on addressing the supply chain challenges and inventory management with the help of digitization. The three main focus areas of the project are executing of data capturing technologies, enhancing data quality and enabling suppliers to utilize the Electronic Data Interchange (EDI).

Let us look into some of the healthcare predictions for 2021, post COVID 19.

Describing the healthcare predictions post COVID 19

Telehealth technologies will help in addressing specific patient and caregiver necessities. Currently, due to the pandemic, every health system has to adopt telehealth programs. So, the leaders are trying to look beyond the pandemic to rework upon their telehealth programs for a longer period of time. These platforms are facilitated with unique integration to EHR i.e. back-end electronic health record systems. Based on various factors like, geographical location, care and real-time language translators, this platform will enhance the functionalities to meet the growing necessities of patients.

The digital health companies will go beyond the electronic health record (EHR) systems. For better digital patient engagement, the companies are striving to look for much improved tools and technologies. Some of the big tech firms, like Salesforce and Microsoft will possibly become the platforms for patient engagement and enterprise collaboration due to the growing need of consumerism. 

Enhancing the digital experience of consumers in terms of consumer finance and e-commerce. Since consumerism is significantly growing, along with adopting telehealth technology, the healthcare industry needs to look after all the aspects of consumer satisfaction. Therefore, sectors like consumer finance and e-commerce where the healthcare industry is unable to develop best digital experiences for consumers, shall be prioritized and provided with world class facilities and experiences. The healthcare leaders will focus on enhancing digital engagement, also accepting the challenge of providing seamless customer experience.

Low-contact experiences to be a standard and quality feature of healthcare experiences. The pandemic has given a rise of contactless and low-contact experiences to provide safety to the consumers at its best. Therefore, many of the health systems have started executing online features like registration and payments which helps in replacing the earlier in-person experiences. Without any concern, the healthcare professionals can use the geo-tracking, automatically “check-in” patients at the time of their arrival at a physical location and also assist them to their appointments. 

To know more, read about pandemic-driven digital transformation, digital readiness during pandemic, and how businesses are reimagining their operations in the post-Covid era.

Why opt for Drupal?

Illustration diagram describing the Drupal features

The healthcare industry is hugely supported by Drupal development resulting in its exclusive features and functionalities. Drupal features help in building the perfect digital experiences for the healthcare industry also maintaining all the safety measures required for creating websites and applications. 


The Drupal project is totally open-source software. Without any concern, you can download, use, work and share it to anyone for free. It is purely based upon principles like innovation, collaboration and globalism. Under the GNU General Public License (GPL), it can be distributed and there are no licensing fees for Drupal.

The Drupal community is ever ready to support its users by answering their questions and concerns. So, if you have any question, somebody will certainly answer it, since it’s a worldwide platform.

You can find more information about open-source here:

Content workflow

The in-built tools of Drupal helps in content creation, workflow and publishing, also allowing the content creators to work on it without any difficulties. The editorial workflows can be handled effectively by the provision of authentication and permission in this platform. With the provision of previews in Drupal, you get the opportunity to view the content on a device before approving and publishing it, create content with a WYSIWYG editor, and quickly track all revisions and changes to maintain the history of content changes if required. You can manage your roles and actions efficiently by observing all the stages of content i.e. creating, reviewing, and publishing. Drupal gives you access to a special feature where you can create a structured content, for example, describe content elements, tag content based upon any attributes, create convenient taxonomy for content so that it can be searched, used, reused if required in a manner that can improve customer satisfaction. 

You can create relevant content architecture using the Admin Interface or programmatically also do it. This platform gives you special mode tools and views, customizable menus that provide you a good user experience.

Read about how layout builder and paragraphs module enhance content workflow in Drupal.


Drupal never fails to provide security to all kinds of web threats and vulnerabilities. It always prefers keeping robust security as a priority. There is a team of security experts that Drupal has which looks after all the security issues with their well-built coding standards, and strict review coding process. Drupal proves to be a stable and a secure open-source platform due to its wide professional service provider.

According to the 2020 edition of the Acunetix, Web Application Vulnerability Report, Drupal was found to be the most secure CMS in the open source CMS market.

Illustration with a circle describing the minimal security issues of Drupal CMS Source: Acunetix

Scalability and performance

Drupal’s in-built performance features when combined with a modern CDN provider performs exceptionally well under the pressure of supercharged databases, advanced caching and load balancing. The scalability feature of Drupal allows your website to perform well even on the busiest days. To know more, read about Drupal’s performance optimisation offerings and how it scales with your needs to govern high web traffic.


The automated language translation in Drupal helps in reaching out to a diverse audience with the provision of localized content. Drupal can build complex multilingual web applications and customized sites in various languages. The core modules of Drupal help in complete translation of every part of a website, content types and their definite fields, users, menus, taxonomy, blocks, contact forms and comments. This further allows in acknowledging the suitable language as per the user’s IP address, URL, browser settings, session and more. Read more about Drupal’s multilingual capabilities here.


With Drupal you get a special feature of building websites that can be accessible by people with disabilities. Drupal ensures that all its features conform with the World Wide Web Consortium guidelines (W3C) guidelines: WCAG 2.0 and ATAG 2.0. This feature provides an equal opportunity for all regardless of any discrimination. 

Learn more about accessibility here:


Drupal users receive a special, personalized profile for every visitor like using geolocation, browser history, behavior taxonomies and device type. They also are given a customized experience that helps them in tracking and reporting with A/B and multivariate testing, improving ROI through target marketing and also segmenting visitors over devices by focusing on the important user identity for your business goals. 

Learn more about personalisation here:


With Drupal, you get access to exclusive SEO tools that help you in improving your website’s visibility. Here are the tools and modules.

Understanding the linking game through Linkit module; 
Understanding keyword game through Real-time SEO for Drupal;
Understanding the duplicacy predicament through Redirect module;

To know more, read this definitive guide to Drupal SEO in 2021.

Multisite support 

Drupal helps you in managing various websites over your organization, geographies, brands and campaigns on a single platform, enabling easy, fast website creation and deployment. Read this complete guide on Drupal Multisite to know more. 

Marketing automation

By utilizing tools and modules in recent versions, Drupal facilitates smooth integration with the automation platforms that can collect customer demographics and convert potential leads within the suitable time. Learn more about how marketing automation can be leveraged with Drupal here.

Mobile first approach and mobile apps

Drupal helps in creating responsive sites and building web applications that can deliver better user experience. It provides responsive design best practices and makes sure your users are benefited with the best content experience each time on every device. There are two ways of building mobile web applications which work with Drupal - integrated with Drupal at the theme layer, or a standalone mobile web app that communicates with Drupal using web services. Even though, both the approaches will work for building mobile web applications, it will be a way easier to begin with integrating the mobile web app into Drupal as a theme. To know more, read about mobile-first design approach and mobile apps like that of Flutter-powered delivered by Drupal.

Integrated Digital Tools and Applications

Drupal can smoothly integrate with a wide ecosystem of digital technology and other business applications to help you opt for the right set of tools today and tomorrow according to your preferences. 

Strong Stack Foundation

Drupal depends upon Linux, Apache, MySQL and PHP, the latest LAMP technology stack which meet the requirements of flexible, fast-moving agile companies and brands that help in building the next generation digital platforms. 

Facilitates Decoupled Architecture

Content flexibility is one of the features that Drupal provides to allow a smooth flow over sites, native apps, connected devices that can be displayed on third party websites and social networks. Since, many CMSes look for managing content in a back-end repository and move it to “front-end” templates which can provide a static experience. Drupal facilitates decoupling the back and front ends, wherever it’s required. So, the content of Drupal remains as reusable chunks, which is free from presentation, and ready for easy delivery to sites and applications. Drupal’s presentation i.e. RESTful API and neutral content help the front-end developers to build interactive websites and applications according to their preferences. There is availability of tools like Angular, Node, Ember and Backbone. With this platform you can obtain third-party content ((eg. syndicators and aggregators) and make it accessible to any app, website or channel. The content of Drupal can be comfortably consumed by other websites and applications with the support of Drupal’s content-as-a-service capability. The front end developers of Drupal can easily design content such as separating back-end content from front-end presentation according to their conveniences. 

Learn more about decoupled Drupal here:

Web Hosting

You can choose the best hosting vendor that fulfills your needs, with Drupal. Additionally, you can change hosting vendors whenever you want, and also select to host the website internally. 


Drupal upgrades can be said to be easy and convenient. The makers reveal that the upgrade from Drupal 8 to 9 was very simple. By referring to these four simple steps, you can build your site’s functionality, and maintain proper security standards of Drupal 9 by using the Upgrade Status. With Drupal Module Upgrader and Upgrade Status, the developers can make the upgrades themselves. Moreover, you can also recognize  whether your modules and themes are capable enough for Drupal 8/9 and convert your custom code respectively.

Learn more about Drupal 9 upgrade here:


Drupal offers various themes and distributions to its users. Now, taking you through some of the significant themes offered by Drupal. The first theme we have is YG Medical - Healthcare | Bootstrap based Drupal 9 theme. Available for Drupal 8 and Drupal 9, the YG Medical is a complete modern bootstrap theme for Clinics and Hospitals. 

The second theme is Medical Zymphonies. It is not dependent on any other core theme and has a modern look and feel. The features of this theme include Medical related color combination, Doctor appointment form., Awesome slider, Quick contact details on top of the website, Font awesome icons, Drupal forum, HTML5, JavaScript, jQuery & PHP, Single column, two columns and full width layout, a total of 16 regions, Nivo slider, views, webform module styles, Minimal design and nice typography and Social media (Facebook, Twitter, Google+, LinkedIn, Pinterest, Vimeo). 

The third theme we have is Medicare Zymphonies. This theme is a perfect fit for medical companies and hospital websites, for small clinics, like pediatric, dental, gynecology or general therapist clinics, family doctors and ambulances. It also has all the necessary features needed especially for the medical websites. 

Next, the fourth theme is Ultra Zymphonies. This is a responsive multipurpose Drupal theme which is perfect for any business themes. Be it a medical doctor, freelancer, corporate team or a lawyer who is looking forward to a modern business website or a personal blog, Zymphonies theme can be the best choice.

The fifth theme is Decor Zymphonies. This theme is similar to the above theme. A complete responsive multipurpose theme that suits best for the business theme. It proves to be the perfect theme for anyone including a medical doctor, lawyer, creative, corporate team or freelancer who is proactively willing to build a modern business website or create a personal blog.  

Finally, we will end up with Clinic Zymphonies Theme. It is a Mobile-first Drupal 8 responsive theme. Along with being highly customizable, it also features a custom sideshow, responsive layout and multiple column layouts. 

Now, we will go through one of the Drupal distributions for healthcare i.e. Virtual care. It is a distribution that offers a Basic Drupal Healthcare site for better communication between Patient and Healthcare Professional which further facilitates the exclusive features for patients, healthcare professionals, editors and site-admins as well.

Support and maintenance, hiring of developers, and partnering with digital agencies

You will find various Drupal agencies that will provide you with quality services as per your requirements. Below are the top 5 Drupal agencies in the global Drupal marketplace.

Describing the top 5 Drupal agencies in the global Drupal marketplace with the help of a diagramSource: Drupal.org

Supporting emerging technologies

Drupal uses the latest technologies such as artificial intelligence in the form of chatbots, virtual reality, IoT and Blockchain, cognitive search and digital voice assistants like Alexa on Drupal sites. Check out some of the Drupal-powered healthcare technologies here.

With the above mentioned features, Drupal healthcare websites can be built ensuring all the necessary security standards and requirements. 

Now, below you will get a glimpse of the drupal websites that were successfully built for the healthcare industry around the globe. 

Success Stories

You will get to witness some successful case studies around the world that depict Drupal’s extreme efforts in reaching its users expectations. 

National Nurses United

National Nurses United(NNU) can be considered as the largest union and professional association of registered nurses in the United States. They wanted to architect, redesign and create their new website on Drupal 8. Their main requirements were to design, create and launch their website within a very tight frame. NNU wanted their website to be of light design, modern and also a content management system. Finally, the Drupal 8 website was successfully launched on time and also under the budget. The NNU team now has a modern and powerful content management system that enables their professional members to obtain required tools and information on time.

Great Ormond Street Hospital Children’s Charity

Great Ormond Street Hospital Children’s Charity is one of the UK’s biggest charities, which is also an international centre of excellence in child health care. The website of the hospital provides significant information to healthcare professionals, parents and child patients. They rely upon their site to support campaigns for raising funds. The hospital’s main aim is to deliver best clinical care and training, and in partnership with other organizations, pioneer new treatments and research for the well-being of children around the globe. GOSH’s primary objective was to build a single harmonised platform that would be compiled from the migration of two large, business critical sites (30 content types and 6,000 nodes per site) and 10 sub-sites to Drupal from a proprietary software that is already outdated. The secondary objectives included prioritizing digital at the centre of all organizational activities, scalable architecture, removing complexity, platform for innovation, facility of accessibility, time-saving tools and improved search facility. Therefore, the results were as such that both the content and commerce could swiftly be intertwined, they were no more constrained by their content management system, in fact all the options were available and being capitalised, facility of suitable access privileges, and availability of flexible security boundaries were achieved with the help of Drupal’s powerful Organic Groups module. Additionally, personalization could be achieved by guiding visitors quickly to microsites and site sections for their necessities. Every section could adopt message, content, imagery, tone and Solr Search for the suitable audience. Lastly, the stakeholders could recover control and regularly adapt content. 


Digital transformation in healthcare is a must as it provides comprehensive patient care services with much efficiency and effectiveness. Therefore, having the right technology partner is very essential as it enables in building the foundation required for digital capacities and enhances the healthcare and patient experience to a complete whole new level. And Drupal is the best technology partner to deliver such a seamless experience for both the patients and healthcare industry.

Sep 06 2021
Sep 06

You must be aware that apart from content, the landing page call to action is another crucial component that can drive the visitors to perform an action you desire. The CTA can ensure you have effective online campaigns and can improve conversions through your website. This article will discuss the various ways to create effective CTAs on your landing page.

Businesses are focusing more on their online presence than ever before. They must tweak their digital strategies to reach out to a more significant section of their audience at a relatively enhanced RoI. There is an increased focus on their website and is used to ensure a steady flow of visitors. The workflows help to embark with the visitors on the buyer's journey that culminates in a sale.

What Makes Landing Page Call to Action Buttons so Important?

You can use the CTA buttons as a significant component of your landing page. It allows your prospects to move to the next stage in the workflow as envisaged by you. These buttons must be easily spotted and should be placed appropriately on the landing page. You must have powerful words along with a compelling proposition on the CTA button. Let us first understand the psychology behind the use of the call to action on the landing page.

Grabs the Attention of Visitors

Your landing page must persuade the visitor to take the path you have laid down for them. A call to action button with the perfect colour, font and content can entice the visitor to click on it and embark on the buyer’s journey with you.

Motivates the Visitor to Act

Most brands use colours and fonts in line with their branding guidelines that motivates the visitors to act. It enhances the conversions from your campaigns and informs the visitors about what lies ahead. The visitors are more likely to click if they know what lies ahead.

Makes a Specific Request

You may find a landing page making too many requests to a visitor. But always make a few requests and do not confuse the visitors. The CTA button informs the visitors what to do and places it at a suitable position on the landing page.

Essential Landing Page Call to Action Best Practices

It is crucial to optimize the CTAs to ensure improved conversions from your website. The renowned brands use innovative CTAs to entice users to act. We will now discuss some of the tips to create an effective landing page CTA button. 

Write Enticing Text

If you are working on enticing web content, why shouldn't you bother about the content for the call to action on the landing page? You must opt for action-packed words and do away with the boring ones. It is the content that makes the visitor decide whether to act or not. Always mention what the visitors can expect as an outcome of clicking on the CTA button.

Make it Clear and Concise

The clarity in the content is necessary if you look forward to receiving an adequate number of clicks on the landing page call to action. The visitors are usually impatient. If the content isn't concise and clear, they will not bother to click on it. Therefore, always use effective and short phrases and try to keep the content within a few characters.

Place it Logically

Another critical factor to consider is the placement of the landing page CTA. Placing it is an essential part of a proper UX design. Place the button on the path that the visitors will take when they are on the landing page. It is necessary that there is a natural flow and is present where the visitors expect it to be. You may adhere to the general layout of a call to action as users may be acquainted with it.

Create an Urgency

Many brands create urgency in their marketing messages and social media posts. It would be best if you create urgency on the CTAs as well. It is an effective way to enhance clicks and conversions on the landing page. It is because visitors would fear missing out on the offer you have proposed. Using time-related phrases or adding a countdown timer can add to conversion chances.

Consider the Colours Used

When creating the landing page call to action buttons, we forget to consider the colours used. It must match the overall branding requirements and complement the other colours used on the website. Choosing the right colour can attract visitors and take the action you desire. The colour of the CTA button must be such that it distinguishes it from the surrounding elements.

Create Curiosity

Many of us act when we find something unique around us. Similarly, you can build a sense of anticipation in the minds of the visitors through the content on the CTA button. Creating a limited time offer instils a sense of urgency among the visitors. The fear of missing out on the proposal can induce more conversions from website users.

Keeping it Above the Fold

Place the call to action on the landing page where the visitors can find it easily. Ideally, if you place it above the fold, the visitors need not search the whole landing page. The users will first see the banner on the landing page. They will not miss the CTA if it is above the fold, and you can also put across your message without much fuss. Keep the supporting information below the fold. 

Using Responsive Design

Web admins must consider the fact that several of the website visitors will use a mobile device. Therefore, you must consider a responsive and interactive website design when creating the landing page CTA. The buttons must be of an ideal size and should be easily readable on screens of all sizes. You can test the size of the CTAs across various software agents and screen sizes.

Test and Refine the Call to Action

You must undertake regular A/B testing of the CTA button on the landing page. You can make small changes in the entire context and find out the differences in user behaviour. Test the colour, font, placement of the button, and check what is adequate for your audience. Also, check whether the link is working correctly and moving to where you have wished.

Few Action Examples for Using Call to Action Buttons

We will now discuss a few use cases of how you can use the CTAs.

Using Gated Content

You can drive the visitors to download a flyer, product brochure, case study, whitepaper, etc. The landing page must have the requisite content about the benefits associated with the product. You can then entice them to provide their name and email address for access to the document.


Businesses can use the CTA procedure for registrations to an event or an online webinar. For example, you can use it to register the visitors for a restricted free trial of the product you offer or appointment bookings.


The most common use is to make the visitor click through and visit the page you wish. So, for example, it could ideally lead to your portfolio pages, and it helps you assess the number of visitors interested in what you offer.


The CTAs form the basis of the landing page, and the optimally created CTAs can provide the needed impetus to your landing page. It can improve the quality of leads you have and increase conversions. It is also challenging to have the right CTAs on the landing page. We have discussed the landing page call to action best practices in this article. Our team of experts is always ready to help you with any of your queries.

Sep 03 2021
Sep 03

I am pleased to announce that Victoria Spagnolo (quietone), Ben Mullins (bnjmnm), and Cristina Chumillas (ckrina) have accepted our invitations to become new provisional Drupal core committers!

Victoria Spagnolo (provisional release manager)

Victoria Spagnolo (quietone) is based in New Zealand and has been contributing on Drupal.org for over eight years. She is a maintainer for the Drupal core Migrate subsystem as well as multiple contributed projects. Victoria is also an active contributor to the community Bug Smash Initiative, which aims to improve everyone's experiences with Drupal by fixing bugs and reducing bug report response times. She received the New Zealand Open Source Award in 2018 for her contributions to Drupal.

Victoria's patience, empathy, attention to detail, and issue triage skills make her excellently suited to her new role as a provisional core release manager. She will collaborate with current release managers catch and xjm to improve core process, manage technical debt and disruptive changes, and ensure that core releases are shipped on time.

Ben Mullins (provisional frontend framework manager)

Ben Mullins (bnjmnm) is a United States-based Drupal contributor, also active on Drupal.org for over eight years. Ben is a Drupal core accessibility topic maintainer and subsystem maintainer for the Claro theme. He works for Acquia's Drupal Acceleration Team on a variety of Drupal core strategic initiatives and projects.

Ben will be collaborating with lauriii and ckrina as a provisional frontend framework manager. Ben has contributed extensively to helping solve tricky theme and JavaScript development problems without disrupting site owners' experiences, so we look forward to his further input on Drupal's frontend code. Ben's knowledge about accessibility and documentation also adds valuable expertise to our committer team.

Cristina Chumillas (provisional frontend framework manager)

Cristina Chumillas (ckrina) has been contributing to Drupal for over a decade. She is a core usability topic maintainer and also maintains the Claro theme. Cristina contributed design and theme expertise to the Admin UI and JavaScript Modernization Initiative.

Cristina started out her career in the graphic design industry and had formal training in Digital Marketing and UX. While working as a freelancer, she started coding with Drupal and quickly became part of the local community, where she has helped organise many local events in her home city of Barcelona. She joined Lullabot as a front-end developer in 2019.

Cristina is also joining the frontend framework manager team provisionally with lauriii and bnjmnm. Cristina has already brought a wealth of expertise and leadership to the Drupal project, where she has patiently and successfully shepherded many long-running initiatives. We're excited to see her continue the hugely impactful work she’s been doing under this new role.

Please join me in welcoming these new members of our core committer team!

Sep 03 2021
Sep 03

I am pleased to announce that Victoria Spagnolo (quietone), Ben Mullins (bnjmnm), and Cristina Chumillas (ckrina) have accepted our invitations to become new provisional Drupal core committers!

Victoria Spagnolo (provisional release manager)

Victoria Spagnolo (quietone) is based in New Zealand and has been contributing on Drupal.org for over eight years. She is a maintainer for the Drupal core Migrate subsystem as well as multiple contributed projects. Victoria is also an active contributor to the community Bug Smash Initiative, which aims to improve everyone's experiences with Drupal by fixing bugs and reducing bug report response times. She received the New Zealand Open Source Award in 2018 for her contributions to Drupal.

Victoria's patience, empathy, attention to detail, and issue triage skills make her excellently suited to her new role as a provisional core release manager. She will collaborate with current release managers catch and xjm to improve core process, manage technical debt and disruptive changes, and ensure that core releases are shipped on time.

Ben Mullins (provisional frontend framework manager)

Ben Mullins (bnjmnm) is a United States-based Drupal contributor, also active on Drupal.org for over eight years. Ben is a Drupal core accessibility topic maintainer and subsystem maintainer for the Claro theme. He works for Acquia's Drupal Acceleration Team on a variety of Drupal core strategic initiatives and projects.

Ben will be collaborating with lauriii and ckrina as a provisional frontend framework manager. Ben has contributed extensively to helping solve tricky theme and JavaScript development problems without disrupting site owners' experiences, so we look forward to his further input on Drupal's frontend code. Ben's knowledge about accessibility and documentation also adds valuable expertise to our committer team.

Cristina Chumillas (provisional frontend framework manager)

Cristina Chumillas (ckrina) has been contributing to Drupal for over a decade. She is a core usability topic maintainer and also maintains the Claro theme. Cristina contributed design and theme expertise to the Admin UI and JavaScript Modernization Initiative.

Cristina started out her career in the graphic design industry and had formal training in Digital Marketing and UX. While working as a freelancer, she started coding with Drupal and quickly became part of the local community, where she has helped organise many local events in her home city of Barcelona. She joined Lullabot as a front-end developer in 2019.

Cristina is also joining the frontend framework manager team provisionally with lauriii and bnjmnm. Cristina has already brought a wealth of expertise and leadership to the Drupal project, where she has patiently and successfully shepherded many long-running initiatives. We're excited to see her continue the hugely impactful work she’s been doing under this new role.

Please join me in welcoming these new members of our core committer team!

Sep 03 2021
Sep 03

Mike and Matt are joined by Lullabots Cathy Theys, Greg Dunlap, Cristina Chumillas, and Albert Hughes to talk about hiring people into different Drupal roles. 


About Drupal Sun

Drupal Sun is an Evolving Web project. It allows you to:

  • Do full-text search on all the articles in Drupal Planet (thanks to Apache Solr)
  • Facet based on tags, author, or feed
  • Flip through articles quickly (with j/k or arrow keys) to find what you're interested in
  • View the entire article text inline, or in the context of the site where it was created

See the blog post at Evolving Web

Evolving Web