Modern, attractive, clear, contrasting — these are just some adjectives you could use to describe Olivero, the new theme for Drupal sites. Read our post to learn about its features and the ideas behind it.
Drupal is known for its robust security features, making it a popular choice for websites that handle sensitive information. Drupal's security architecture includes multiple layers of protection, including secure coding practices, access controls, and input validation. However, even with these built-in security features, it's always a good idea to take extra precautions when it comes to website security.
One of the ways to improve Drupal's security is by installing security modules. These modules provide additional layers of protection and can help mitigate potential vulnerabilities in your site. While it's important to note that no website can be 100% secure, installing security modules can help make your Drupal site even more secure.
Drupal's security architecture is built around the principle of defense in depth, which means that it uses multiple layers of protection to guard against potential threats. For example, Drupal employs secure coding practices to minimize the risk of vulnerabilities in its core codebase. It also uses access controls to ensure that only authorized users can access sensitive parts of the site. Additionally, Drupal has built-in input validation to prevent malicious code from being injected into your site.
Despite Drupal's robust security architecture, there are still potential vulnerabilities that can be exploited by attackers. You know what they say - no software is 100% secure. Installing security modules can help mitigate these risks and provide an additional layer of protection. Some of the most popular security modules for Drupal include Security Kit, Password Policy, and Two-Factor Authentication. Each of these modules provides unique benefits that can help enhance the security of your site.
In conclusion, while Drupal is already a secure CMS, installing security modules can provide an additional layer of protection and help mitigate potential vulnerabilities. By taking proactive steps to improve your site's security, you can help ensure that your sensitive information remains safe and secure. Here I'll be listing seven modules I think you really should consider installing and setting up.
The listed modules are all recently updated and work with Drupal 9 and 10.
Password Policy is a module that allows you to enforce strong password policies for your Drupal site. With this module, you can set rules for password complexity, length, and expiration. Password Policy helps reduce the risk of unauthorized access to your site by ensuring that users are using strong and secure passwords.
If you build sites for other, then this is a must. If you build sites for yourself, then I hope that you set strong passwords for yourself.
Two-Factor Authentication is a module that adds an extra layer of security to your Drupal site. With this module, users are required to provide a second form of authentication, such as a token or SMS code, when logging in. Two-Factor Authentication helps protect your site against brute-force attacks and ensures that only authorized users can access your site.
There is also the module Two Factor Authentication - 2FA / Passwordless Login, which has a recently released version, but I haven't tried that one.
Login Security is a module that helps prevent brute-force login attacks on your Drupal site. This module limits the number of failed login attempts from a given IP address or user account. You can also configure Login Security to lock out user accounts for a specified period of time after a certain number of failed login attempts. By enabling Login Security, you can reduce the risk of unauthorized access to your site.
Automated Logout is a module that logs users out of your Drupal site after a specified period of inactivity. This module helps reduce the risk of unauthorized access to user accounts by automatically logging out users who have left their sessions open. By enabling Automated Logout, you can enhance the security of your Drupal site and protect your user's data.
Good if you have a lot of users, if you are the only user then it can be quite annoying when having to log in now and then.
Honeypot is a module that helps protect your Drupal site against spam bots. This module works by adding hidden fields to your forms that are invisible to users but detectable by bots. When a bot fills out these fields, the submission is blocked, and the bot is prevented from accessing your site. By enabling Honeypot, you can reduce the risk of spam and protect your site's performance.
I have used this module for at least a decade, and no site with forms are complete without it. It really whips the spammer's ass, to paraphrase the old Wimamp slogan.
Content Security Policy is a module that helps protect your Drupal site against cross-site scripting (XSS) attacks. This module allows you to specify which sources of content are allowed to be loaded on your site. By setting strict policies for content sources, you can reduce the risk of XSS attacks and ensure that your site's content is safe and secure.
Security Kit is a comprehensive security module that provides a suite of security hardening options for Drupal. This module helps protect your site against common security threats such as XSS, clickjacking, and CSRF. Security Kit also provides input filtering options, session security, and helps prevent the injection of malicious code into your site. With Security Kit, you can easily enhance the security of your Drupal site and reduce the risk of vulnerabilities.
When it comes to strengthening your Drupal site, backend-wise, this is the go-to module, IMHO.
So, there you have it. My seven recommendations for strengthening your site's security, in various ways. Let me know in the comments if you think these are good modules to install, or if you have other ways of improving the security of your Drupal site.
Let's define the scope and goals of our project to upgrade this very website to Drupal 10.
Essentially, that's it: we want to upgrade this website to Drupal 10 so that we can benefit from security releases etc. At the moment we want to do so with the minimum of effort, so I don't want to have to be writing lots and lots of code or changing fundamentally how the site works, but I am up for simplifying things if it gets us to a point where we have to maintain less code.
Since Drupal 9, major version upgrades now take this basic form:
I'm going to install and use the fantastic Upgrade Status module to get a detailed handle on what we need to change, upgrade and rewrite to get the site working in Drupal 9, but ready for Drupal 10. We'll use that as a basis to see what we need to upgrade, the best plan for each component and go from there.
We previously have composer require'd the upgrade status module into our codebase, so after enabling and running the report, here are the major findings that concern us for this series:
But other than that, we're good to go from an environment point of view.
Upgrade status breaks the list of contributed projects down into a few sections, those are:
Upgrade status will scan your code and tell you if there are problems that can be spotted that will stop the code working with Drupal 10. This is static analysis, so isn't perfect, but is a really good start. We have a few custom modules doing very specific things on our site, but we have a custom theme, doing quite a lot of custom things, and that's where the main bulk of the issues the scanner found are, so we're going to need to set aside some time for that.
This site was built in the early Drupal 8 days, and we've not actually made too many changes since, specifically when we upgraded to Drupal 9 we basically did the smallest amount of work to get it there. How you'd typically handle media on a Drupal site has fundamentally changed since we built this site, in that you'd likely use the core Media module and add entity reference fields to your entities rather than adding image/file fields directly. However, we never had that luxury and never got around to changing our approach to use the core Media framework.
So, we're going to allow ourselves a bit of scope creep to do this 'sub project' given that the benefits are that we're going to be able to remove a bunch of modules: entity browser, file browser, etc. that will then mean that we don't need to upgrade those modules and our dependencies will be better supported: since they'll be in Drupal core. It's no slight against those modules, it's just that we don't need the functionality they bring, for our site today.
So roughly the scope/plan is shaping up to be:
Then we'll have a shiny Drupal 10 install, ready for the next few years of security patching.
In this fourth part of a four-part series, Yang talks about her background, the projects she's worked on, and the vision for her professional future
There is no one way to change a career path. Palantir.net’s four most recent fellows - Paak, Tessa, Travis, and Yang - all joined us through the DrupalEasy program. With their different professional backgrounds and experiences, each offers a unique perspective into what interested them in Drupal and their journey to becoming integral members of Palantir.net.
In each of their written entries they share, among other insights, how they have each adjusted to a fully-remote workplace, how their own skills supported their success as a Fellow, and the importance of Palantir.net’s culture which encourages asking questions, remaining curious, and reaching out for help.
Here's Yang's story.
I was looking for a career change.
I was in the process of getting a nursing degree, but I wasn’t sure that’s what I wanted to do. A couple of years ago, a friend of mine suggested I learn to code.
When the COVID pandemic started, I had a lot of extra time at home (like many people!), and I started watching coding tutorials on YouTube. I found that I was fascinated by the idea of coding, so I took the initiative to learn HTML and CSS on Codecademy. Slowly - but surely - I went on to complete even more web development courses on Udemy. I had learned a lot but still found I didn’t have the confidence in my skill set to apply for any jobs in the field.
Earlier this year, my friend sent me a link about the Palantir.net Fellowship program to attend DrupalEasy. I wasn’t sure that I was qualified for the opportunity, but she encouraged me to apply. So I did.
And now, here I am!
The adventure of learning Drupal is like riding a roller coaster: I felt great one moment, but the next thing I knew, I was banging my head against the railing. Then, rinse and repeat.
After 12 weeks of DrupalEasy, I had the opportunity to improve and apply my what I learned during my Fellowship at Palantir.net.
The Fellowship program is run by our talented Palantir.net colleagues, with a professional structure and many great resources that accelerate and support our Drupal learning. I also love Palantir.net’s culture, which is very transparent, collaborative, and co-creative. I have learned and continue to learn new things everyday from my coworkers.
For me, the most important aspect of working here are the people. Everyone contributes, shares, and helps others develop their current skills and learn new ones. When I don’t know something, I feel free to ask questions. I learn from others and feel confident experimenting and making mistakes, learning and growing as I go.
I’ll be honest: learning Drupal is harder than I thought, but the end result is incredibly rewarding. My advice to others who might be feeling daunted by learning Drupal or to code would be, don’t give up! Keep going! You can do this.
I know that every great programmer was once a beginner, and that is exactly where I am now.
In the future, I hope to be a great programmer and to pass my own knowledge to the very same community that helped me get where I am today.
There are a lot of talented, welcoming, and fun people at Palantir.net, and my goal right now is to learn as much as I can from others to become a full-stack developer. I am currently beginning to develop my personal skill set. I’ll be taking another PHP course in the near future to gain additional back-end knowledge.
I know I still have a long way to go, but I look forward to learning new skills every day and applying them to real projects. In my opinion, consistency is the key to learning anything new and, over time, I am confident I will reach each goal I set for myself. I’m unsure whether my future holds being a full-stack developer, project leader, or something else. But the door to opportunity is wide open, and the only real way to get there is by doing the work.
Fortunately, I am on the right path with the right people.
Community Culture Drupal PeoplePredictive marketing is a type of marketing that uses a large amount of information to predict customer behavior and needs accurately. It involves the analysis of all data to determine the best and most effective version of the marketing strategy.
Based on a client's past shopping experience, marketers develop marketing strategies. Therefore, you can create more effective personalized ads in the future that will increase conversions. By forecasting correctly, you can also reduce customer churn and increase demand for your products or services. Stand out from the competition and stay ahead of the game by doing this.
Many famous companies have used predictive modeling in marketing for years because they have seen effective results. When analytics are adequately conducted, websites can increase their customers and orders. A business owner who has mastered predictive marketing can anticipate their target audience's needs and keep up with all current trends.
This article enumerates why an organization must invest in leadership training programs for budding and existing leaders.
A digital accessibility audit evaluates how well a website or other digital assets follow the Web Content Accessibility Guidelines (WCAG). It also refers to being compliant with each country's related laws or acts, including the Americans with Disabilities Act (ADA), Section 508, Section 504, and the European Accessibility Act (EAA).
Accessibility aims to improve the web and provide equal opportunities to leverage its benefits for all. Its importance has been recognized globally, with several countries and states developing laws and policies to ensure a similar experience for everyone accessing the web.
Accessibility aims to improve the web and provide equal opportunities to leverage its benefits for all. Its importance has been recognized globally, with several countries and states developing laws and policies to ensure a similar experience for everyone accessing the web.
A document is considered accessible when it can be read with the same ease by someone with vision, hearing, or cognitive impairment as by someone without any impairments. Ensuring accessibility is easiest during the initial stages of creating a document.