Security hardening - deploy your project with fewer attack vectors Editor Fri, 01/06/2023 - 13:05

KW: security hardening, cyber hardening, security hardening in 2023, security hardening best practices, server hardening, cyber security strategies, system hardening guidelines, cyber hardening.

Any website can potentially be attacked in various ways, and it is desirable to eliminate the main vulnerabilities at the initial stage. Which types of attacks will be applied to your site and for what purpose - it does not matter. The important thing is that the site is vulnerable, which means it can be hacked. For security hardening, there are several effective tools that we will discuss in this article. By the way, it's great to know you're reading the Golems web development agency blog!

DrupalCon Pittsburgh call for sponsors still open! Attract new talent & grow business and more benefits for sponsors.

Jordana is a Senior Technical Community Manager at Mattermost and a Drupal enthusiast. She became a part of the Drupal CWG along with Rachel Lawson in May 2017.

ChatGPT is an artificial intelligence based chat system developed by the same folks behind DALL-E, one of the recent AI based image generation services. 

We decided to play around with ChatGPT's capabilities by asking it about learning Drupal, considering our upcoming Drupal Career Online and Professional Module Development long-form courses that we have starting in late January and early February. Below are ChatGPT's (amazingly) unedited responses. 

Prompt: Tell me why learning to be a professional Drupal developer is a good thing.

There are several reasons why learning to be a professional Drupal developer can be a good thing:

• Demand for Drupal developers: Drupal is a popular content management system (CMS) used by many organizations around the world. As such, there is a demand for professionals with Drupal development skills.
• Career opportunities: Learning Drupal development can open up a range of career opportunities, including positions as a Drupal developer, Drupal site builder, or Drupal consultant.
• High earning potential: Drupal developers can earn competitive salaries, particularly if they have a strong skillset and experience.
• Continual learning: Drupal is a constantly evolving platform, so there is always something new to learn and stay up-to-date with. This can be an exciting and rewarding aspect of being a Drupal developer.
• Flexibility: Drupal developers can work on a variety of projects, including building and maintaining websites, developing custom modules and plugins, and integrating with other systems. This allows for a lot of flexibility and the opportunity to work on a range of interesting and challenging projects.
• Overall, learning to be a professional Drupal developer can be a rewarding and fulfilling career choice, with the potential for a good income, a range of career opportunities, and the opportunity for continuous learning and development.

Prompt: Tell me about the advantages of learning Drupal module development

There are several advantages to learning Drupal module development:

• Customization: By developing custom modules, you can tailor Drupal to meet specific needs and requirements. This allows you to build websites and applications that are tailored to your clients' needs and can differentiate your projects from others.
• Reusability: Custom modules can be reused on multiple projects, which can save time and effort. This is especially useful for commonly needed functionality such as custom content types, views, and blocks.
• Extendability: Modules can be used to extend the functionality of Drupal core and contributed modules. This allows you to add new features and capabilities to Drupal without having to modify the core codebase.
• Community: Drupal has a large and active developer community, which means there are many resources available for learning and getting help with module development.
• Career opportunities: Proficiency in Drupal module development can lead to career opportunities as a Drupal developer, Drupal site builder, or Drupal consultant.
• Overall, learning Drupal module development can be a valuable skill that can open up a range of career opportunities and allow you to build custom, tailored solutions using Drupal.

Prompt: What is the best way to learn to be a professional Drupal developer?

There are several steps you can take to learn to be a professional Drupal developer:

• Familiarize yourself with the basics of web development: Before diving into Drupal development, it can be helpful to have a strong foundation in web development concepts such as HTML, CSS, JavaScript, and PHP.
• Get hands-on experience: The best way to learn Drupal development is by doing it. Start by installing Drupal on your local machine and experimenting with the core features and functionality.
• Learn about Drupal's architecture and concepts: Understanding Drupal's architecture and key concepts such as nodes, blocks, views, and hooks is essential for developing custom modules and making the most of Drupal's capabilities.
• Explore online resources: There are many online resources available for learning Drupal development, including tutorials, documentation, and online courses. Some good places to start include the Drupal documentation and the Drupalize.Me website.
• Join the Drupal community: Drupal has a large and active community of developers who are always willing to help and share their knowledge. Consider joining online forums, attending local meetups, or participating in online events such as DrupalCon.
• Build and publish your own projects: As you learn and gain experience, try building and publishing your own Drupal projects. This can help you practice your skills and showcase your work to potential employers or clients.
• Overall, the best way to learn to be a professional Drupal developer is to get hands-on experience, learn from online resources and the Drupal community, and build and publish your own projects.

End of ChatGPT's responses - back to human-based writing again…

A few thoughts about all this:

• We love that the response includes Drupalize.me, and are happy to note that they've been a long-time supporter of Drupal Career Online. In fact, all of the DCO students get free access to Drupalize.me while enrolled (and a steep discount after that). 
• Amazingly, we don’t see anything incorrect about any of ChatGPT's responses. 
• The main thing that this experience has taught us is that, as is being reported in many, many places, ChatGPT is good. Scary good. So much so that we're going to go on record and say that all of DrupalEasy's content, unless otherwise specifically denoted, is written by a human!

DrupalEasy's beginner- and best-practice-focused Drupal Career Online begins February 13, 2023. Our intermediate-level Professional Module Development course begins January 31, 2023 (with a Lite version starting February 14, 2023). 

The pixel art image used in this blog post was generated by the DALL-E project of OpenAI.  

Finding the Right Drupal Maintenance Partner: Tips and Tricks

Finding the right support and maintenance partner for your Drupal site is easy if you know how

Kristina Ivanovanik Thu, 01/05/2023 - 06:47

Microsites can be a useful tool. If you need sections of your website to look different from the main theme, or you have an initiative that needs greater emphasis, or you want a content team to have more control over a specific group of content, then implementing microsites can be a good solution. 

What's the best way to implement them? And how do you know you need a microsite versus a new website altogether?

Let's start with a definition.

This is the conundrum some may be facing when moving away from Drupal 7.

If you or others in your organization are battling with this question, there are several considerations you should make before choosing to move away from the Drupal platform. We'll cover them in 5 short reads:

• Part 1: Coming to grips with the task
• Part 2: Comparing apples to apples
• Part 3: Better, or just different?
• Part 4: How much are you really outsourcing?
• Part 5: Knowledge attrition

Comparing Apples to Apples

Given the importance of your organization’s website, it’s always good to explore your options. Beware, though, the natural inclination to compare the bells and whistles of a different platform (proprietary or otherwise) to those of your current Drupal 7 website. Here’s why that’s important.

An organization’s website often involves multiple people with different areas of concern. Those not involved with the technical aspects may be tempted to blame any shortfalls of your current site on the Drupal platform itself, and convincing them otherwise will be impossible without a side-by-side comparison of features.

You’ll need to remind them Drupal 7 was first launched in 2011. Once Drupal 8 launched in 2015, all the innovation and updates went to the new version, not Drupal 7. In other words, there is a good reason why your Drupal 7 interface looks comparatively outdated. 

Another thing—and this is important—Drupal 7 runs on PHP 7 which will also sunsets in November of 2023. Drupal has no control over that. Staying on Drupal 7 isn’t even an option unless you’re going to pay for third-party PHP security support.

What I’m getting at is, the shortcomings of your current Drupal 7 site are related to the version of Drupal, not the Drupal platform. Make sure you’re comparing the new features of any non-Drupal solution to the new and improved features of Drupal 9 and 10 before making a final decision.

Analytics integration, content moderation, publishing workflows, SEO, accessibility tools and API integration with third-party services (Mailchimp, for example) are all available for Drupal 9 and 10 via well-supported, contributed (free) modules if they aren’t already in Drupal core. 

Why?

Keep in mind the operational upheaval that results from moving to an entirely new platform. You may be asked to justify why you’re going to force maintainers to relearn how to do their jobs. Are you really making things better overall, or just different?

This is the conundrum some may be facing when moving away from Drupal 7.

If you or others in your organization are battling with this question, there are several considerations you should make before choosing to move away from the Drupal platform. We'll cover them in 5 short reads:

• Part 1: Coming to grips with the task
• Part 2: Comparing apples to apples
• Part 3: Better, or just different?
• Part 4: How much are you really outsourcing?
• Part 5: Knowledge attrition

Better, or just different?

So you’ve set up a Drupal 9/10 sandbox to evaluate against other platforms. One critique often levied against Drupal is its complexity, usually in reference to the editing interface. This is another area the Drupal community worked hard to resolve, and Drupal 8+ provides numerous tools to simplify the user interface substantially. 

As a side note: Yes, the Drupal system is complex. So is Adobe Photoshop. And yet, it’s the industry standard for graphics. It’s professional-grade software used by skilled artists to produce breathtaking results in a variety of styles. You’re only going to get so far with the editor on a smart phone.

Maybe your organization’s website will never utilize Drupal’s flexibility, in which case your options are open. However, if there is any chance of you needing to scale up your website to compete in an ever-more-demanding marketplace, or reach that market across numerous channels, there is no better system to help you meet those challenges than Drupal. 

Getting back to the ‘Better vs Different’ statement, you’re likely to find some tasks are just as easy, some easier, while other tasks seem confusing or difficult. For example, one proprietary system I evaluated for a previous employer was based entirely on XML templates. Creating a new page for the website was simple enough, but adding it to the site’s navigation required finding and editing a completely different file. This is counter-intuitive for anyone accustomed to clicking a checkbox on the Drupal content creation form.

To be fair, there will be some re-training required to use the new versions of Drupal, too. So you’ll want to keep your eye on the big picture because at some point you’re likely to wonder whether the new platform really represents a measurable improvement over the Drupal experience, or just a different one.

Granted, this is all subjective. Every editor will have a slightly different response. But it’s worth considering if the potential benefits of changing platforms justifies making editors learn all-new procedures over an upgrade to those they’re already familiar with. 

Still thinking of switching platforms?

If you go with an entirely new platform, how long will it take to get your content editors up to speed and, more importantly, who is going to train them?

This is the conundrum some may be facing when moving away from Drupal 7.

If you or others in your organization are battling with this question, there are several considerations you should make before choosing to move away from the Drupal platform. We'll cover them in 5 short reads:

• Part 1: Coming to grips with the task
• Part 2: Comparing apples to apples
• Part 3: Better, or just different?
• Part 4: How much are you really outsourcing?
• Part 5: Knowledge attrition

Knowledge Attrition

This article is most applicable to organizations managing their web presence internally. 

Depending on your situation, one could argue moving away from Drupal is like throwing decades of organizational knowledge out the window. Given the considerable difference between version 8+ and Drupal 7, however, one could also argue the disparity between keeping or leaving is minimal because even if you stay with Drupal, it can feel like you’re still starting from scratch. That's understandable, but easily debatable.

However, this is not the only way for an organization to lose valuable knowledge.

As mentioned earlier, Drupal is now built on Symfony, a very popular framework for PHP—the language that powers almost 80% of today’s websites. Drupal also ships with the JSON:API module allowing multi-channel, decoupled access to your Drupal content using JavaScript or any other language. In short, staying with Drupal gives your front and back end developers the opportunity to use and improve in-demand skills. There’s little need to go job hunting because the jobs will always be there.

Not all content management systems are created equal, though, even those built with PHP. As part of your evaluation process, be sure to interview other organizations currently using the platform. Ask if they are having any challenges recruiting and retaining developers who want to work on the system. Why is this a good idea?

If the system or its underpinning language/technology is not in high demand, why should developers bother learning it to the detriment of more in-demand skills? 

Extending support for Drupal 7 is in part a testament to Drupal’s popularity. Gaining new proficiencies on an already-popular platform is job-security for your developers. It also means a large pool of replacement candidates if they choose to leave.

One other thing for a large organization to consider is how much of the migration will the vendor handle? Often, the initial contract will include migration of a limited number of sites. Your developers will then be expected to use those sites as models to write migration scripts for everything else. If you lose your good developers, you may need to add long-term maintenance and development to your list of recurring fees.

Lastly, in terms of long-term technical support, learning how to do anything on Drupal is simply a matter of figuring out how to ask the question in Google. Between the documentation on the drupal.org website, thousands of blog posts and freely available video tutorials, the answers to any question are out there. 

You’re not going to get that level of knowledge-share on just any CMS, and definitely not on any proprietary system.

What to decide?

The decision “to Drupal or not to Drupal” is as individual as each organization. Whether you stay with Drupal or move to a different CMS, it is inevitable A) your site will have to be rebuilt, B) new learning will be required, and C) some level of continued training and support for content editors will be necessary. 

What is also inevitable are the new, modern features you will enjoy. 

Ultimately, the question is whether the benefits of a new platform outweigh the total cost of the platform including the recruitment and retention of competent developers, if applicable. 

Staying with Drupal gives your organization a scalable platform and access to leading technology, top developer talent and a huge community of free, quality technical resources. And $0 licensing fees. So what’s not to like about that?

This is the conundrum some may be facing when moving away from Drupal 7.

If you or others in your organization are battling with this question, there are several considerations you should make before choosing to move away from the Drupal platform. We'll cover them in 5 short reads:

• Part 1: Coming to grips with the task
• Part 2: Comparing apples to apples
• Part 3: Better, or just different?
• Part 4: How much are you really outsourcing?
• Part 5: Knowledge attrition

How much are you really outsourcing?

As part of its licensing fees, the vendor of a proprietary system will likely provide regular training, resources and support for your editors. On the surface, this sounds fantastic. The vendor is going to liberate you from the daunting responsibility of documentation and training! Or will it? 

There are two aspects to using any CMS platform: Individual and Institutional.

The Individual aspect—how do I create an event for the calendar—is something the vendor can provide resources for.

The Institutional aspect covers:

• how do we tag events for proper categorization;
• prevent the creation of duplicates;
• share access with other departments

Topics like these can only be conceived, documented and trained by the institution itself. When it comes to using the platform as part of your organization, the vendor is likely to have little more than suggestions.

This is because the procedures for managing and sharing assets across departments will be different for every organization even if they’re all using the same platform. If you expect everyone to follow a uniform procedure, that procedure will have to be documented and people will have to be trained, but it will not be part of anything provided by your vendor. 

This is especially important if the majority of editors in your organization are transient workers such as student employees and interns. While the vendor’s training resources will indeed be valuable in keeping high-turnover positions up to speed, they won’t be enough to completely replace the knowledge lost when transient employees leave for other opportunities.

Speaking of lost knowledge, consider the knowledge you lose when more permanent employees find the exit door. Could moving away from Drupal cause you to lose regular employees?