drupal

Exploring DDEV, LAMP, and Local Server for Drupal 11

Drupal 11 offers API-first features and enhanced performance, making the choice of development environment critical.

I’ve worked with DDEV, LAMP, and Local Server setups like XAMPP or MAMP to assess their strengths.

This guide delivers a detailed breakdown with setup instructions, configuration options, practical examples, and a comparison table, serving as a resource to match your project needs.

Understanding Your Options

A solid development environment is essential for Drupal 11 projects. The sections below provide in-depth details on DDEV, LAMP, and Local Server, based on my hands-on experience.

DDEV

DDEV is the official local development tool for Drupal, built on Docker and supported by the community, with documentation at https://www.drupal.org/docs/official_docs/local-development-guide.

• Setup Process: Install Docker from docker.com following OS-specific instructions (download and CLI setup), create a Drupal project with composer create-project drupal/recommended-project my-site navigate to the directory with cd my-site initialize with ddev config (set docroot to "web" and PHP version, e.g., 8.1), start with ddev start.
• Configuration Options: Edit .ddev/config.yaml to add custom domains, multiple databases, or integrate tools like MailHog for email testing, adjust PHP versions or enable extensions via the YAML file.
• Practical Applications: Used on a 12-site project, configuring custom domains and databases in the YAML file, added SSL for local development to mirror production.
• Considerations: Requires learning Docker basics (a few hours), needs 4GB RAM minimum (8GB recommended), configuration changes may need community forum support.

Try tweaking config.yaml to set PHP versions, enable Xdebug for debugging, or add services like Redis based on your project requirements.

LAMP

LAMP, made up of Linux, Apache, MySQL, and PHP, is a traditional stack offering detailed control, widely used for Drupal development.

• Setup Process: Use a Linux distro like Ubuntu, update the system and install Apache with sudo apt update && sudo apt install apache2, install MySQL with sudo apt install mysql-server and secure it with mysql_secure_installation install PHP 8.1+ and modules with sudo apt install php8.1 php8.1-mysql php8.1-cli php8.1-mbstring.
• Configuration Options: Create a virtual host file (e.g., /etc/apache2/sites-available/drupal.conf) with DocumentRoot set to your Drupal directory, enable it with sudo a2ensite drupal.conf restart Apache with sudo systemctl restart apache2 tweak .htaccess or MySQL settings for performance.
• Practical Applications: Built a small news site, optimizing .htaccess for caching and MySQL queries, required manual load balancing as traffic hit 600 users daily.
• Considerations: Setup can take a day due to dependency issues, updates and security patches are manual, scaling needs additional infrastructure like reverse proxies.

Consider adding phpMyAdmin for database management and Drush 12 for automating tasks like cache clears or module updates.

Local Server (XAMPP, MAMP)

XAMPP and MAMP provide a pre-configured bundle of Apache, MySQL, and PHP, ideal for quick local development, especially for beginners.

• Setup Process: Download XAMPP from xampp.org or MAMP from mamp.info, run the installer for your OS (Windows, macOS, Linux), start Apache and MySQL via the control panel, place Drupal 11 files in htdocs (XAMPP) or htdocs (MAMP) and access at http://localhost (15-20 minutes total).
• Configuration Options: Adjust ports (e.g., Apache to 8080) in the control panel if conflicts occur, enable PHP extensions like mysqli or gd through the configuration interface.
• Practical Applications: Prototyped a client portfolio site in under an hour, required port changes for a second site, showing limits with multiple projects.
• Considerations: Not suited for large sites (lag with 50+ pages), port conflicts possible with other apps, requires at least 2GB RAM, with older hardware struggling over time.

Check the control panel for port adjustments and review PHP error logs (in htdocs/logs) to troubleshoot setup issues.

Comparison Overview

This table compares DDEV, LAMP, and Local Server across key development factors based on observed performance.

Key Considerations

• Ensure PHP 8.1+ is active—verify with php -v.
• Keep Composer current—run composer update regularly.
• Always back up before changes—use drush archive-dump to save your work.

DDEV, LAMP, and Local Server each bring unique capabilities to Drupal 11 development, from community-driven consistency to hands-on control or rapid setup. This guide aims to equip you with the knowledge to choose what fits your goals. Take your time to assess your project’s scale, team needs, and resource availability—your decision will shape the foundation of your work.

Share this

Add new comment

Your website is at risk. Drupal 7’s end-of-life is looming, leaving sites open to attacks, while CMSs like WordPress or Joomla struggle with bloat or scalability limits. 

These outdated systems drive users away—think single-page visits from Drupal Planet—costing you engagement and revenue. Migrating to Drupal 11 is your escape plan, offering top-notch security, blazing performance, and modern features. 

This no-nonsense guide gives businesses, developers, and individuals the clear steps to transition from Drupal 7 or another CMS, fast and hassle-free.

Why You Can’t Stay Stuck

Clinging to an outdated platform is like ignoring a check-engine light—disaster’s coming. Drupal 11 delivers faster load times, a sleek Claro admin theme, and API-first flexibility, keeping users hooked and your site secure.

• Drupal 7 Users: With legacy Drupal 7 support ending, unpatched vulnerabilities threaten your site. Drupal 11 offers robust security and modern UX.
• Other CMS Users: WordPress’s plugin chaos or Joomla’s rigid structure can’t match Drupal 11’s power for dynamic content or headless setups.
• Real Impact: A retailer migrated from Drupal 7 to Drupal 11, cutting load times by 25% and boosting conversions by 18%.

Quick Action: Audit your site with Security Review (Drupal 7) or WPScan (WordPress) to spot risks. Visit our Migration Resource Centre for more.

Your Drupal 11 Migration Playbook

This playbook breaks down the migration process into five clear steps using Drupal’s Migrate API and community tools. No fluff, just results.

Step 1: Prep Like a Pro

Avoid data loss and compatibility issues with solid preparation.

• Drupal 7: Install Upgrade Status module to check module compatibility. Backup with Backup and Migrate: drush bam-backup.
• Other CMSs: Export content via WordPress’s Tools > Export or Joomla’s Akeeba Backup. Map content (e.g., WordPress posts to Drupal articles).
• Outcome: A news site cut migration risks by 50% with thorough backups.
• Beginner Tip: Use our Drupal Migration Guide for a prep checklist.
• Pro Tip: Document custom fields for smoother mapping.

Step 2: Set Up Drupal 11

Create a clean Drupal 11 environment to receive your content.

• Install Drupal 11: composer create-project drupal/recommended-project my-site.
• Enable Migrate modules: drush en migrate migrate_drupal migrate_tools -y.
• Outcome: A developer saved 20% setup time with Composer.
• Beginner Tip: Choose a Drupal-ready host for quick setup.
• Pro Tip: Test on a staging environment first.

Step 3: Migrate Drupal 7 Content

Move your Drupal 7 content seamlessly.

• Use Migrate Drupal UI: Go to Structure > Migrations to import content, users, and taxonomy.

• Custom fields: Create a module for complex data (e.g., paragraphs).

  # my_migration.migration.node.yml id: custom_node source: plugin: d7_node node_type: article destination: plugin: entity:node process: title: title body: body
• Test: Run drush migrate:import custom_node --update.
• Outcome: A university migrated 10,000 nodes in 48 hours, no data lost.
• Beginner Tip: Use Migrate Drupal UI for no-code migrations.
• Pro Tip: Monitor progress with drush migrate:status.

Step 4: Migrate from Other CMSs

Switch from WordPress, Joomla, or others with ease.

• Install WordPress Migrate: composer require drupal/migrate_wordpress.
• Map fields: WordPress posts to Drupal articles, categories to taxonomy.
• Outcome: A blog moved from WordPress to Drupal 11, boosting SEO by 15%.
• Beginner Tip: Use Feeds module’s UI for drag-and-drop imports.
• Pro Tip: Validate imports with a small dataset first.

Step 5: Polish Your Drupal 11 Site

Make your site fast, SEO-friendly, and engaging.

• Rebuild URLs with Pathauto:

  # pathauto.pattern.article.yml type: canonical pattern: '[node:content-type]/[node:title]'
• Enable caching: Configuration > Performance > Enable Page Cache and BigPipe.
• Audit content: Use Content Moderation for review workflows.
• Outcome: An e-commerce site cut bounce rates by 20% with optimized URLs.
• Beginner Tip: Install Pathauto via admin UI for easy setup.
• Pro Tip: Track engagement with Google Analytics Reports module.

Real Success Stories

Migration isn’t just about survival—it’s about thriving.

• Business: A retailer migrated from Drupal 7, gaining 30% faster load times and 18% more conversions. See our EXARC case study.
• Developer: A Joomla site moved to Drupal 11, saving 40% in build time. Explore our blog for optimization tips.
• Blogger: A WordPress user switched to Drupal 11 with Feeds, growing engagement by 25%. Visit our Migration Resource Centre.

Steer Clear of These Traps

Avoid these common mistakes to ensure a smooth migration:

• Data Loss: Backup with Backup and Migrate before starting.
• Incompatibility: Check module compatibility on Drupal.org.
• Performance: Optimize database: drush sql:optimize.

Quick Action: Download our Drupal Migration Guide to dodge these pitfalls with a full checklist.

Escape to Drupal 11 Today

Don’t let an outdated site hold you back. Drupal 11 offers the security, speed, and flexibility to keep users engaged. Start with our Drupal Migration Guide or learn more about managing legacy Drupal 7 sites. Need tailored help? Contact us or check our blog for more Drupal tips. Nonprofits can explore our discounts.

Explore More

• Migration Resource Centre
• Managing Legacy Drupal 7 Sites
• EXARC Case Study
• Drupal Tips on Our Blog
• Nonprofit Discounts

Share this

Add new comment

As cyber threats evolve, securing Drupal sites demands advanced strategies beyond basic best practices. This post explores cutting-edge techniques for fortifying Drupal platforms, focusing on emerging trends like zero-trust workflows and performance-security integration. Through the lens of Education Above All’s global platform, we demonstrate how these methods ensure robust protection.

The Need for Advanced Drupal Security

Drupal’s security framework, supported by a vigilant community, is robust, but modern threats like advanced persistent threats (APTs) and supply chain attacks require next-level defenses. Protecting sensitive data, ensuring compliance, and maintaining uptime are critical for high-traffic or mission-critical sites. This post outlines advanced strategies to address these challenges, illustrated by a real-world implementation.

Advanced Security Strategies for Drupal

To counter sophisticated threats, Drupal administrators can adopt these advanced techniques:

1. Zero-Trust Authentication Workflows

Implementing zero-trust security ensures no user is trusted by default. Modules like Two-Factor Authentication (TFA) and integration with external identity providers (e.g., Okta via OAuth) enforce continuous verification. Role-based access control with the principle of least privilege (POLP) further minimizes risks by limiting permissions to essential functions only.

2. Hardened Server Configurations

Beyond basic file permissions (644 for files, 755 for directories), securing the server environment is crucial. Use .htaccess to block unauthorized access to sensitive directories and implement HTTP Strict Transport Security (HSTS) headers to prevent downgrade attacks. Regular server hardening, including disabling unused PHP modules and enabling intrusion detection, adds an extra layer of protection.

3. Real-Time Threat Intelligence and Monitoring

Advanced monitoring goes beyond Drupal’s “Recent Log Messages.” The Security Kit (SecKit) module mitigates XSS and clickjacking, while custom scripts can integrate with external threat intelligence feeds to detect anomalies in real time. For example, monitoring IP-based login attempts can block coordinated attacks during traffic spikes.

4. Robust Disaster Recovery Planning

The Backup and Migrate module enables automated, encrypted backups to off-site storage like AWS S3. Regular disaster recovery drills, simulating ransomware or server failures, ensure rapid restoration. Encrypting backups with AES-256 and testing recovery workflows quarterly can reduce downtime to minutes.

5. Performance-Security Synergy

High-performance sites are less vulnerable to denial-of-service attacks. Tools like Varnish or Redis optimize caching, reducing server load. Hosting providers with built-in DDoS protection and updated PHP/MySQL versions enhance both speed and security, ensuring sites remain accessible under attack.

Case Study: Securing Education Above All’s Drupal Platform

The Drupal site for Education Above All (EAA), a Qatar-based non-profit, showcases these advanced strategies in action.

• Challenge: EAA needed a scalable, secure platform to handle millions of visitors, multilingual content, and sensitive donor data, with zero tolerance for breaches or downtime.
• Solution: The following measures were implemented:
  • Zero-Trust Authentication: Deployed TFA for admins and OAuth-based SSO for editors, ensuring secure access control.
  • Server Hardening: Configured HSTS headers and Let’s Encrypt HTTPS, with strict file permissions for multilingual uploads.
  • Monitoring: Used SecKit and custom scripts to detect and block suspicious login attempts during campaign peaks.
  • Backups: Set up AES-256 encrypted daily backups to AWS S3, with quarterly recovery tests to ensure resilience.
  • Hosting: Selected a provider with DDoS protection and PHP 8.2, optimizing performance and security.
• Outcome: EAA’s site handles millions of users without incidents, supports seamless API integrations, and maintains trust, advancing its global education mission.

Key Takeaways for Advanced Drupal Security

• Adopt Zero-Trust: Use TFA and SSO for continuous authentication.
• Harden Servers: Implement HSTS and strict permissions.
• Monitor Proactively: Combine SecKit with threat intelligence.
• Plan Recovery: Automate encrypted backups and test regularly.
• Optimize Performance: Use caching and secure hosting to enhance resilience.

Dive deeper into Drupal security at Drupal.org or discuss advanced security solutions

Share this

Add new comment

The Drupal AI initiative is a hive of activity. There’s a lot to keep up with, so we’ve put together an overview of Drupal and AI, along with our position on these advancements, to help you cut through the noise.

The current state of Drupal AI

Drupal CMS launched in January 2025 with Drupal AI. 

Since then, there has been considerable innovation in the contributed AI module ecosystem, along with numerous blog posts, videos, and conference talks on the topic. 

• Introduction to the Drupal AI Module - FreelyGive - June '24

• Meet the AI Automators in Drupal CMS - Marcus Johansson @ DrupalCon Atlanta - March '25

• Overview of the Drupal AI Initiative - The Modern Web Architect - June '25

The Drupal AI Initiative

More recently, Drupal announced the official Drupal AI initiative, which provides vision and direction for the Drupal community, directing efforts towards product innovation in Drupal core and Drupal CMS, as well as the contribution module ecosystem.

 Notably, the initiative provides:

• An open framework to encourage innovation
• Open governance and leadership
• Funded work initiatives

Across the board, there is a strong focus on responsible AI, including:

• Flexible integrations without vendor lock-in
• Human oversight, such as approval processes and audit logs

This represents a solid path for future innovation and the maturation of a governance model not found in other products.

Areas of focus

Content Editor Improvements

We’ve been using AI to support coding development over the past few years and have witnessed the productivity improvements it brings. That’s why we see the potential for enhancing content editor productivity with AI features.

AI-assisted content generation provides:

• Content summaries - automatically generating a summary of a long-form article.
• Image alt-text generation - which analyses the content of an image and creates alt-text to meet accessibility standards.
• Content tag suggestions to facilitate categorisation and content organisation.
• Content rewrites to match different tones of voice.

It’s worth noting that these automated features require human governance and control, as well as review and approval, but they can also speed up laborious tasks.

Areas of future growth to watch include:

• AI-assisted SEO optimisation, which provides suggestions for SEO content improvements
• AI-enhanced page building and component generation

We’re very excited about the Experience Builder initiative the next step in evolution for Layout Builder, that several PNXers, including Lee Rowland’s are actively contributing to. 

Experience Builder will introduce a powerful, modern drag-and-drop page-building tool that shifts how we build sites in Drupal. The first beta release is due in July and will include direct integration with Drupal AI.

End User Improvements

Users have become accustomed to interacting with websites and applications using natural language and conversational modes. AI-enhanced features that will meet these expectations in Drupal include:

• Semantic search for better results - where the meaning and intent of the query are understood
• Search result summaries that provide AI-generated overviews of a search query, similar to those offered by Google.
• Conversational search, facilitated by an interactive chatbot-style search for site information.

Keep an eye out for future growth in AI personalisation, where content suggestions will be provided based on user preferences and viewing history.

Skpr platform support 

We’re also looking at how the Skpr hosting platform supports AI integration. Two areas that are already of interest are AWS Bedrock and OpenSearch.

• AWS Bedrock can be used as a Drupal AI provider to keep your data private, with Skpr providing the service endpoints and flexible customisations.
• Using OpenSearch enables semantic search through the vector database and AI model integrations via configurable plugins (or hosted with AWS Bedrock).

How we intend to approach AI

We plan to use and implement AI for our clients in a way that boosts productivity, enhances the user and editorial experience, while remaining open, flexible and responsibly governed.

We are already integrating AI into the digital experiences we create. We embrace its potential to enhance everyone’s capabilities and will always guide it towards the best outcomes for you, your customers and our people. Coupled with our deep knowledge, expertise and involvement in Drupal Core, our approach to AI ensures that your sites will outpace and outperform the competition. 

Talk to us about how we can use AI to enhance your next website project.

Further reading

• Bringing Drupal AI into your DNA - How to Learn, Use and Contribute to the Drupal AI Ecosystem - FreelyGive - YouTube
• Accelerating AI innovation in Drupal - Dries Buytaert
• Drupal AI Strategy Document - Drupal Association
• Drupal AI Academy - Training and upskilling resources to get going with Drupal AI
• Workflows of AI - A collection of various workflows with Drupal AI

Today we are talking about DrupalCon, Wordpress, and what a wordpress guy can learn at a Drupal Event with guest Chris Reynolds. We’ll also cover Shortcode as our module of the week.

For show notes visit: https://www.talkingDrupal.com/509

• The Pros and Cons of Short Codes
• Chris Reynolds' Journey to DrupalCon
• Comparing DrupalCon and WordCamp
• Funding and Organization of WordPress Events
• The Collaborative Spirit of the Drupal Community
• Wishlist for WordPress Features
• Composer Support in WordPress and Drupal
• Backward Compatibility in WordPress
• Challenges with Composer in Drupal
• Config Management in WordPress vs. Drupal
• Responsive Image Management
• User Experience in Drupal
• Community Collaboration Between WordPress and Drupal

• A Wordpresser Goes To DrupalCon Atlanta 2025
• wpcfm
• Longhorn PHP Conference Oct 23-25 in Austin, TX
  • Call for proposals through July 18
  • Join #texas-camp in Drupal Slack if you’re interested in organizing a mini Texas Camp to pair with Longhorn PHP
• WP community collective

Chris Reynolds - jazzsequence.com jazzsequence

Nic Laflin - nLighteneddevelopment.com nicxvan John Picozzi - epam.com johnpicozzi JD Leonard - jdleonard

Martin Anderson-Clutz - mandclu.com mandclu

• Brief description:
  • Have you ever wanted your Drupal site to support WordPress-style shortcodes, macros to be used within content? There’s a module for that.
• Module name/project name:
  • Shortcode
• Brief history
  • How old: created in Sep 2010 by Dénes Szabó (denes.szabo) of Tag1
  • Versions available: 2.0.3, which supports ^9.3 ^10 ^11
• Maintainership
  • Security coverage
  • Test coverage
  • Number of open issues: 30 open issues, 3 of which are bugs against the current branch
• Usage stats:
  • 13,260 sites (almost 70% are D7 however)
• Module features and usage
  • For anyone not familiar with WordPress short codes, the documentation describes them as macros, and most often they are used for inserting elements into content such as image galleries, videos, playlists, and more. Shortcodes can also wrap content, however, and it’s possible to nest shortcodes as well.
  • Drupal typically solves the problems addressed by shortcodes using custom HTML elements, as implemented in the media ecosystem, or with the Entity Embed module. I think that shortcodes may also be useful in places where Drupal might also rely on tokens, albeit with an additional module like Token Filter.
  • Gutenberg includes a Shortcode block that can be used as a flexible way to add a variety of elements into a post’s content.
  • I think Shortcodes are an interesting paradigm because they’re really a tool for power users. Instead of providing a UI to browse and choose elements for something like an image gallery, they allow a savvy editor to quickly write a tag that will construct a gallery using numerical ID values.
  • I don’t think this is a tool that most Drupal sites will need, but it could be a really good way for experienced WordPress teams to feel more at home when starting to work with Drupal.

Dear Readers,

Drupal’s strength rests on more than code quality or feature sets. The project’s true resilience comes from the choices it makes about who belongs. As Pride Month closes, the maxim “what you permit, you promote” takes on new urgency. By embedding inclusion into every pull request review, event guideline and policy decision, Drupal lays the groundwork for a community where diverse voices shape its future.

Concrete steps turn that principle into reality. Fei Lauren recalls that “seeing people like me and feeling seen felt so transformative,” a shift driven by initiatives such as hidden-disability sunflower lanyards, family-friendly meet-ups and dedicated channels for neurodivergent contributors. These grassroots practices have sparked regional working groups in Latin America and Africa and transformed the Drupal Diversity and Inclusion Slack space into a hub of shared resources and real-time support.

Sustaining momentum beyond a single month requires ongoing action. Community members can audit site accessibility, propose new support channels and volunteer to host meet-ups that center diverse needs. As Fei urges, “find your people,” because every inclusive choice today becomes the culture Drupal promotes tomorrow.

INTERVIEW

• “What You Permit, You Promote” - Fei Lauren on Drupal Inclusion
• GitLab Co-Create Program Decoded by Nick Veenhof

DISCOVER DRUPAL

• Why Use Automated Testing Kit? - Part 1
• Want to try out the new Agentic structure inside Drupal?
• Drupal CMS Launches SaaS Site Template for B2B Expense Management
• DrupalX Now Powered by Drupal 11: Major Upgrade for Standard and Decoupled Versions
• James Williams Releases Autocreate Access: A Drupal Module for Smarter Tagging Permissions

ORGANIZATION NEWS

• Promet Source Opens Registration for Live Drupal Training Courses
• Adaptive Launches AX+ Toolkit to Streamline Drupal Admin Experience
• Developer Portal of the Dutch Gov Launches Rest-Only, OpenAPI-First API Registry
• CampusDrop Enters Prototype Testing as Open-Source Backdrop CMS Platform for Higher Education

EVENT

• InfoBeans Hosts Drupal Pune Meetup to Support Open Source
• DrupalCon Chicago 2026 Introduces Lower Ticket Prices, New Policies, and Stronger Community Focus
• Apply for Sponsorship at DrupalCon Vienna 2025
   

We acknowledge that there are more stories to share. However, due to selection constraints, we must pause further exploration for now.

To get timely updates, follow us on LinkedIn, Twitter and Facebook. You can also join us on Drupal Slack at #thedroptimes.

Thank you, 
Sincerely 
Alka Elizabeth 
Sub-editor, The DropTimes.

The Trump administration and its supporters are attacking dissenting views on a terrifying scale. Here are steps to protect your website from censorship.