drupal

Today, Drupal is an incredibly powerful, efficient, modern content management system. This solution allows you to create editorial workflows and various interfaces much easier and faster. All this will meet your specific requirements and needs.
Drupal has a relatively practical and multifunctional Render API. It plays a crucial role in displaying content on the site. Its task is to manage how the published content will be shown through the used rendering arrays and its elements.
However, these capabilities are not always sufficient. Combining Drupal functions and options with WebSocket is an excellent solution.

• Drupal core
• Themes
• Contributed and custom modules

• Use complex, unique usernames and passwords for all administrator accounts.
• Consider using a password generator to create strong credentials.

• Login Security: Limits login attempts and blocks suspicious IPs to prevent brute-force attacks.
• Password Policy: Enforces strong password requirements for all users.
• Security Kit: Mitigates risks like cross-site scripting (XSS) and clickjacking.
• Two-Factor Authentication (TFA): Adds an extra layer of protection during login.

• Ensure your hosting provider supports SSL/TLS certificates.
• Configure your site to redirect all HTTP traffic to HTTPS.

• Back up your site’s files and database frequently.
• Use modules like Backup and Migrate to automate the process.
• Store backups securely off-site to prevent loss.

• Assign roles and permissions carefully, ensuring users only have access to necessary features.
• Restrict access to sensitive functions, such as PHP execution.
• Regularly review user roles to remove unnecessary privileges.

• Check Drupal’s built-in logs under "Reports > Recent Log Messages" for signs of issues, such as failed login attempts.
• Subscribe to Drupal’s Security Advisory email list or follow updates on social platforms for timely alerts.

• Ensure the web server cannot write to directories containing executable PHP files.
• Verify that .htaccess files are in place for all Drupal files directories.
• Regularly audit file permissions to maintain a secure configuration.

• Supports the latest Drupal version.
• Offers secure protocols like SFTP and SSH.
• Has robust firewall rules and intrusion detection systems.

• Use the Security Review module to scan for common security issues.
• Perform manual reviews or hire professionals for penetration testing.

Add new comment

Almost a year ago in February 2024, I introduced the Drupal Community to changes being made to the Drupal Certified Partner Program (see: Turning Takers into Makers: The enhanced Drupal Certified Partner Program).

The goal of the enhanced Drupal Certified Partner program was to define the culture of contribution necessary at the agency level to make Drupal thrive at the ecosystem level. We then set out to recognize and reward agencies who incorporate this culture into their operations.

In this blog, I will provide an update on progress made and further changes that will be made to the Drupal Certified Partner Program. These changes are necessary if we are to preserve independence and strong governance and avoid the fate of Wordpress, where the Maker/Taker problem is tearing the project apart.

The Update

We have made great progress in creating a model of sustainable support for Drupal, while maintaining it as one of the world's largest, independent open source projects. In the last year,  the number of Drupal Certified Partners has increased to 101, an increase of 26 companies.

In joining the program, agencies are placed in a Tier based on their previous 12-month contributions. It is heartening to see that we have a strong mix of contribution tiers. The breakdown is what you might expect: the upper tiers, demanding greater contribution, have fewer companies (29).  New Partners, who are beginning their contribution journey, make up ¾ of Drupal Certified Partners. It was exciting to see several companies join in 2024 and then move up a tier in the same year!

The program has some geographic diversity, but this is an area where we hope to grow.  I think the Asian, Australian, and Middle East markets have potential for solid growth.

Most importantly, the impact of the program on contributions has been tremendous. Total contributions to the Drupal Project in 2024 totaled 203,738 and Drupal Certified Partners sponsored 87% of these contributions (158,387 issue credits). The growth in total contributions was due to the Drupal Starshot Initiative, but it is fair (and obvious) to say that without Drupal Certified Partners, Starshot would not have been successful.

But, there were 1,440 organizations active on Drupal.org in 2024 and yet, only 101 Drupal Certified Partners (7%).  In fact, 96% of all contributions came from 219 companies (15%). This is not sustainable, if Drupal is to remain innovative and independent.

The Message

Agencies that rely upon selling Drupal to their customers need to be Makers, not Takers. In becoming a Drupal Certified Partner, such agencies are making an important investment in the sustainability of their company.  They are:

• Investing in the software that they sell to their customers, keeping it innovative into the future, and 
• Investing in their staff, connecting them to Drupal at a deeper level that improves job satisfaction, expertise, and retention, and
• Demonstrating to their customers and potential customers that they are an independently verified, high quality Drupal agency, one that understands open source and can competently deliver; and
• Investing in their business model by embracing open source and being an integral part of its success.

To read more about building a business model around open source, I would refer you to an excellent blogpost by Owen Lansbury, Chair of the Drupal Association and founder of Top Tier Drupal Certified Partner PreviousNext: Becoming a Drupal Certified Partner: How commitment to open source drives value and success at PreviousNext. Owen shares his model in the spirit of open source and with the knowledge that a strong Drupal ecosystem benefits all companies.

Over the past 18 months, the Drupal Association has been asking companies to make the decision to be a Maker and we have been heartened to see many making that commitment.

The progress we have made in 2024 is good and we are pushing for even more growth in 2025.

Invigorating Drupal, increasing marketplace awareness of Drupal, and maintaining its independence are not guaranteed outcomes for the Drupal Project.  We have witnessed poor outcomes in other open source projects over the last several years.

Open source is only as sustainable as the level of commitment to it from the community.  There are proprietary products that view Drupal’s capabilities as an obstacle to market dominance and only the strength of the project and community can stave that off. This is one of the reasons why the launch of Drupal CMS is so important- it innovates the product and rallies the community. It offers opportunities for Drupal Agencies to expand the market and earn business.  It can introduce Drupal to more marketers and site builders.

All this is good, but to be sustainable, we need to do more.

The Drupal Association believes that we need:

• A larger network of Drupal Certified Partners. The Drupal Association’s Board of Directors set a goal of 106 DCPs by the middle of 2026.  We will meet that this quarter.

  We realize now that number is not sufficient to keep Drupal independent and thriving.  A global project with the breadth and depth of Drupal needs a larger network of Makers of all sizes and business models in all markets.

  The number of Drupal Certified Partners needs to be three times as high.

• Greater support from large companies, even those for which Drupal is only a part of their business. Many large (and some really huge) global companies have not committed to the contributions necessary to be a Drupal Certified Partner.

  One of the changes we made to the Certified Partner program was to make code contributions central and the primary reason for placement in the program tiers. The financial sponsorship amount does not move a company up or down the ranking. But financial sponsorship amount does go to support Drupal.org, the Drupal Servers, the Drupal Project and several initiatives to grow the community. Financial sponsorship is tied to employee size as a rough proxy of agency's revenues.

  We are finding that the Drupal teams within some of these large organizations cannot convince upper management to authorize contributions and/or make the financial contribution, even though it is a nominal amount compared to the organization's overall revenue.

  How do we get integrators and other large organizations that make millions of dollars in revenue from Drupal to be Makers in open source and not Takers? These organizations use several open source products and thus it is not a problem that Drupal faces alone.

  The Drupal Association is continually trying to make the case and I welcome additional ideas from the community as to how to solve this.

• Companies to increase contributions commensurate with their size. The primary goal of the Drupal Certified Partner program is to drive contributions to the project that supports innovation and growth to improve Drupal’s relevance in the marketplace.

  Knowing that Drupal has a very diverse ecosystem, we established a program that companies of all sizes can participate in. Given that about 42% of DCPs have less than 20 employees, I think we’ve been pretty successful.  There are plenty of examples of small and mid-size companies contributing far more than one would expect.  For an extreme example, check out Redfin Solutions and their under 10 person team contributing at the Diamond Tier level!

  But, this has led to the situation where large companies meet minimum requirements for certification but do not contribute commensurate with the size of their Drupal team. This holds back innovation. So we need to find a way to incentivize companies who can, to move up in the Tier structure and contribute more back to Drupal.

  The Drupal Association will begin to implement further improvements to the Drupal Certified Partner program to provide extra recognition and benefits for Partners in the upper Tiers.

• Drive Drupal business to Drupal Certified Partners. Dries Buytaert, in his influential Balancing Makers and Takers to scale and sustain Open Source, cites economics 101 and the free rider problem in making the case that we must level the playing field between Makers and Takers by driving business to Makers.

  For Drupal to innovate, for it to sustain, for it to remain independent, those companies that give back must be rewarded.  This is in the interest of Drupal's end users who invest significant funds into their projects and want to know that Drupal will thrive.  Much cheaper than paying license fees in perpetuity is ensuring that the company who is building and maintaining your website is sustaining the software.  In 2024, we started an initiative to make end users aware of the importance of working with Drupal Certified Partners through a model RFP.

  We need to go further.  The Drupal Association will continue to ensure that Drupal is free to anyone, anywhere in the world to download and use as they wish.  We will also aggressively drive business to Drupal Certified Partners.

The Hope

There are SO MANY positive things happening in the Drupal Project and the Drupal Community.  With strong governance and the promise of Drupal CMS, the future of Drupal is ours to create.

My plan, one year from now, in February 2026, is to provide an update to the community that highlights the success of the community’s Drupal Certified Partners in keeping Drupal innovative, inspiring and independent.

If your company will join us, you can make writing that blogpost much easier. 

Since I started working on the Drupal Event Platform initiative, a request that I've heard more than once is for a configurable theme. I have considered making a subtheme of Olivero that would expand the number of configuration options available, to allow for more options in the overall site styling, potentially including things like spacing, border-widths, and border-radius.

Tags

• Theming
• Drupal

• Read more about Artisan Theme: On the Workbench
• Add new comment

Authored by Nadiia Nykolaichuk and Dave Bezuidenhout.

DrupalCon is an exciting and invaluable event for anyone involved in the Drupal community, whether you’re a developer, website owner, or digital professional. If you’re heading to DrupalCon Atlanta 2025 for the first time, you’re in for a treat! Here's everything you need to know to make the most of your experience, along with some top tips for how to prepare.

Get to Know the Hyatt Regency Atlanta

Welcome to the Hyatt Regency Atlanta, the official venue for DrupalCon Atlanta 2025! Located downtown, our hotel offers easy access to the conference and local attractions. With over 180,000 square feet of versatile event space, including a stunning atrium, we’re ready to host your sessions, networking events, and meetups.

Enjoy modern accommodations, a fitness center, and on-site dining, plus nearby landmarks like the Georgia Aquarium and Centennial Olympic Park. Whether you’re here for DrupalCon or to explore Atlanta, the Hyatt Regency is the perfect place to connect, collaborate, and relax.

We look forward to welcoming you!

Find Your Local Drupal Community Did you know that there are smaller Drupal communities that get together, meet, help each other, and share experiences around the world? Communities are typically broken down by geographic area. There will be a designated area in the ballroom for local Drupal community members to meet up. There will also be ambassadors from each community who will be available to answer any questions you may have.

Plan Your Sessions in Advance DrupalCon offers a packed schedule of keynotes, breakout sessions, workshops, and sprints. As a first-time attendee, it can be overwhelming to choose between the many sessions on offer. Be sure to review the full schedule ahead of time and map out your must-see sessions. Don’t forget about the community networking events — they’re a great opportunity to meet like-minded individuals and share knowledge.

Take Advantage of the Expo Hall The Expo Hall is where you’ll find all the key players in the Drupal ecosystem. Whether you’re interested in learning about the latest modules, tools, or services for your website, or you're looking to network with other professionals, this is the place to be. Make sure to visit the exhibitor booths and grab some swag!

Don’t Miss the After-Hours Events DrupalCon isn’t just about sessions—it’s also about networking and having fun. After a long day of learning, be sure to check out the after-hours events. You’ll get to know your fellow attendees in a more relaxed setting. From Drupal meetups to informal happy hours, there’s always something happening in Atlanta.

Be Prepared to Learn and Grow At DrupalCon, you’ll have access to experts, thought leaders, and professionals from across the globe. Take this opportunity to learn from the best, ask questions, and dive deep into all things Drupal. Whether you’re attending a session, workshop, or sprint, you’ll leave the conference with a wealth of new knowledge.

6 Top Tips for First-Time Attendees: How to Prepare 

1. Plan Your Logistics Make sure to book your travel and accommodation well in advance. Atlanta is a popular destination, and staying near the convention center will make your experience more enjoyable. Use the official DrupalCon app to stay up-to-date on session schedules, map out your day, and connect with other attendees.

2. Find the New Member + Local Drupal Community Meeting Space DrupalCon is actually a gathering of lots of local Drupal communities. Find your local Drupal community in the New Member + Local Drupal Community Meeting Space. Use the area to meet new friends and enjoy DrupalCon activities together! Ambassadors from that local community will also be hand to answer questions.

3.  Explore the Keynote Sessions One of the highlights of DrupalCon is the keynote sessions, where industry leaders share their insights on the future of Drupal and digital innovation. These sessions are a great way to kick off your DrupalCon experience and get a sense of the community’s direction.

4. Don’t Miss the Birds of a Feather (BoF) Sessions Birds of a Feather (BoF) sessions are informal gatherings where you can discuss specific topics with other attendees who share your interests. Whether it’s a conversation about Drupal 10 or how to build better websites for non-profits, BoFs are a fantastic way to dive deep into niche topics.

5. Take Advantage of the Social Events Networking doesn’t end when the sessions do. Atlanta is known for its vibrant social scene, and DrupalCon will offer a variety of social events and meetups to help you connect with fellow Drupal professionals. Whether you’re at a local restaurant or a special after-hours event, be sure to engage with the community.

6. Focus on Skill Development DrupalCon Atlanta is a great place to learn new skills, whether you’re interested in backend development, front-end design, or site building. Take a mix of technical and strategy sessions, and don’t be afraid to ask questions or dive into new areas of Drupal that you haven’t explored before.

How to Maximize Your Experience at DrupalCon Atlanta 2025 as a First-Time Attendee

Attending DrupalCon for the first time can be both exhilarating and overwhelming. With thousands of attendees, dozens of sessions, and plenty of opportunities to network, it’s essential to plan ahead. Here’s how you can make the most out of DrupalCon Atlanta 2025.

Understanding the DrupalCon Schedule DrupalCon is packed with valuable content, but it can be hard to decide what to attend when there are multiple sessions happening at the same time. As a first-timer, try to balance between sessions that teach practical skills and those that offer a broader vision for Drupal’s future. The schedule will be available in advance, so take time to prioritize based on your interests.

Attend the Mentoring Sessions As a first-time attendee, you might feel overwhelmed by all the information, but don’t worry – there’s support available. DrupalCon offers mentoring sessions where you can get advice and insights from Drupal experts. These sessions are perfect for newcomers who have questions about modules, themes, or website development.

Network with Fellow Attendees DrupalCon is an excellent opportunity to meet others in the community. Use the event to introduce yourself, exchange ideas, and build lasting relationships. The easiest way to do that is find your local Drupal community in the New Member + Local Drupal Community Meeting Space. The best times to meetup are:

• Monday evening: Right before the welcome reception and walk over together

• Tuesday morning: Before the first sessions and keynote to plan for the day

• Tuesday afternoon: Right before lunch to sit and eat together

• Tuesday + Wednesday evening: Right before each social activity to travel together

Also, don’t hesitate to strike up conversations with speakers and exhibitors—DrupalCon is a community-driven event.

Participate in a Sprint If you're a developer, participating in a sprint is one of the most rewarding experiences at DrupalCon. Sprints allow you to contribute directly to the Drupal project, collaborate with others, and hone your coding skills. Whether you’re new to Drupal or an experienced contributor, sprints are a fantastic way to give back to the community.

Take Care of Yourself Attending a conference can be intense, so don’t forget to take breaks, stay hydrated, and find moments to relax. The sessions can be mentally taxing, so finding some downtime will help you recharge and stay focused throughout the week.

Drupal 11 has debuted in August 2024. It is a major release that offers many interesting solutions and new possibilities. This article explores the updates in Drupal 11 and guides you on preparing and updating your website.