Drupal Planet

If the dramatic evolution of algorithms, hackers and attention spans has you worried sick about your website’s survival, think audit! Your Drupal website needs regular auditing to make sure your site is still healthy, SEO-friendly, secure and performing well. Moreover, there's always an opportunity to improve and make the website more user-friendly. Routinely evaluating Drupal sites helps monitor their overall health and optimize its performance. If you’re responsible for auditing your Drupal website, make sure you read this handy guide.

A website audit is typically performed quarterly as a regular check-up or before a migration.

• It is important to audit sites regularly to improve its performance and to prepare for future enhancements
• If you’re migrating your Drupal 7 (or 6) website to the latest version (Drupal 9), a migration audit is absolutely necessary for a successful migration. Read this article for a handy checklist before you migrate to Drupal 9.
• It pinpoints any issues with the website, offers competitive insights and guides you to the direction of digital fulfillment
• Drupal regularly releases updates, security patches and other updates in order to improve the website's security, personalization and performance. Regular auditing helps in staying up-to-date with the latest and best practices

A website audit covers a wide scope of elements which includes performance, SEO,  security, site building and more. Make sure you remember the following before auditing your website.

• Check if the Sitemap and Meta Tag modules are enabled and configured properly. This helps search engines to rapidly identify important pages and files on your Drupal website.
• Check the Robots.txt file in your project's root directory. This file tells crawlers how you want your website to be scanned or indexed.
• Ensure that image formats such as WebP and AVIF are used. They offer superior compression than PNG or JPEG, resulting in faster downloads and reduced data usage.
• Make sure the server's initial response time isn't excessively long. Themes, modules, and server requirements all have an impact on this. To reduce the time the database takes to process queries, use Redis or Memcache on the server for memory caching. Optimize the application logic to prepare pages faster.

• Always keep your Drupal core up-to-date.
• To limit the possibility of web application vulnerabilities being exploited, use the Security kit contributed module.
• Move all important files from the public folder to the private folder and update the permissions on the private folder. This is very important as an attacker can change the file path to access various resources, some of which may contain sensitive information.
• Use of the Password Policy module. Attackers can easily guess weak passwords and gain access to the system, thus stealing all of the information and destroying or altering valuable data.

• Configuration Management  - Make sure the config sync is properly set (see below).

Synchronize Configuration

• Uninstall modules that have been installed but are not in use.
• Make sure there are no errors in the console.
• Fix all Drupal errors & warnings that appear in status reports (see below).

Status Report

• Security Updates for all contributed modules should be applied.
• Gitignore should be set up appropriately and all dependencies should be managed through the composer rather than Git. Make sure Git does not contain directories like vendor, contrib theme, contrib module, or Drupal core.

Follow Drupal’s coding standards and best practices. Coder can help you with this. It is a command-line tool that scans custom modules and themes for compliance with the Drupal coding standard and generates a report. This is a very good measure of code quality.

You can audit your website using Lighthouse Chrome DevTools. It gives you valuable insights of your website’s performance, SEO standing, accessibility, speed and more.

Lighthouse Chrome dev tools

Site audit is a super useful Drupal module that helps generate an analysis report on various areas of your website. It also offers best practices and recommendations based on the analysis.

Site audit module

Leverage the Security Review module when you want a checklist of all security vulnerabilities and issues you should be aware of. It runs a ton of checks on your website before generating a comprehensive security report.

Security Review module

We hope this checklist has helped you keep track of your website’s performance and things that need to be done to improve its overall health and security. If you need expert help in performing a thorough audit on your Drupal website (FOR FREE!), just send us a message and we’ll get back to you soon.

Leave us a Comment

Today we are talking about GitLab CI with Chris Wells.

www.talkingDrupal.com/347

• CI
• GitLab CI
• What is Drupal transitioning from?
• Benefits of CI
• Key concepts and terminology
• Commonly used CI tools
• Community Benefits
• GitLab CI with other tools
• Coolest integration at Redfin

• Gitlab acceleration initiative

Nic Laflin - www.nLighteneddevelopment.com @nicxvan John Picozzi - www.epam.com @johnpicozzi Chris Wells - redfinsolutions.com - @chrisfromredfin

Here’s why I chose to go, what my experience was, and why I will 100% go back

Being away from our networks hasn't been easy - whether it's family, friends, acquaintances, colleagues, or all of the above, the past two years have been difficult.

It's also been difficult to assess the risks of diving back into events to reconnect or to engage for the first time - even when we have been personally cautious and responsible and when we are assured those around us have been as well. Several members of our team chose to attend DrupalCon. This was Paakwesi's first time attending, and we wanted to ask him about his experience.
 

It would be the feeling of community.

Coming from someone like me - who is brand new to Drupal and working in a fully remote environment - I recognized a lot of usernames, and I caught a name or two here and there. But I had never been able to put those usernames to a face and a person. Going to DrupalCon allowed me the experience to meet, talk to, and work with the people behind those usernames in a collaborative and welcoming environment.

And then all of it clicked for me at one point and I was like, “I’m just like everyone here!” Everyone I worked with wanted to work with me and could relate to some of my hesitations - people who are brand new, others who aren’t, but all who want to solve challenges together.

The sense of community and the dedication to collaboration were the biggest takeaways, and they changed my insight and how I approach my work.
 

My previous conference experience was always to learn technical things, while also maybe networking. But going into it, I realized you get much more of a sense of community. Meeting and talking to so many people - and even just being able to run ideas past people - made me feel like I was involved in the conference and not just an attendee.

There is always that sensitive little bit for me - the imposter syndrome - where I was worried I wouldn’t be able to add up or contribute on a certain skill level. After DrupalCon, I feel reassured that no, that’s actually normal! From my experience, those who have spent years learning Drupal and those who are new all feel the same way, and that was hugely empowering.

It not only made me much more confident, but much more aware of the fact that I’m not alone, we all have struggles, we all have worries, but we all work together to solve them. It was a definite eye-opening experience.
 

I definitely feel that way, especially in terms of working collaboratively to solve a problem and also especially when it comes to me having a little bit of imposter syndrome.

Even when I would talk to some of my mentors, I would try to explain my past experience as an example of having to figure out a problem on my own, having no idea where to go with it but having to cram away and figure it out without support or someone I could work with to find a solution.Now working at Palantir.net, I constantly hear, “No, seriously, just ask anything! If you’ve tried for 15 minutes and feel like your head is against the wall, just ask someone.” And it’s not just a phrase that’s said - it’s a phrase that is meant and acted on.

Even though DrupalCon is a big conference, it doesn’t feel that way. When I was in the classrooms working on a solution for a project, I had the similar feeling of collaboration I have at Palantir.net. I can turn to the teacher or the person sitting next to me and say, “Hey, I don’t really get this” or “I’m really stuck on this part,” and there is an instant response of “Let’s work on it together!”

Coming from previous work experiences that had a “figure it out yourself” environment, when I first started at Palantir.net I probably did not reach out as much as I should have. But now, I realize how many different avenues to use to ask a question, ask for help, or ask for a second pair of eyes on my work.
 

So you know how the phrase, “that memory that's going to live in my head forever for free?” Mine was making my first contribution that showed up on my Drupal Association profile. This means anyone can access my profile and see what module I contributed to. Now, in the next update and if it works, everyone will be using something I contributed to through testing and putting in my two cents.

It was a huge proud moment for me because I felt that I can look back on it in 10 or 15 years and think, “Yeah - I helped to create that.” It is something that will definitely be a memory that will live in my head forever for free.
 

I’d love to attend DrupalCon again - for 2023, it'll be in Pittsburgh from June 5th to June 9th. I’d also definitely like to go to MidCamp, which takes place here in Chicago and will be taking place in the spring of 2023.

A funny story: I met a guy at DrupalCon who is from Chicago and lives in my parents’ neighborhood. It was cool to be able to have an interaction with someone on that type of personal level and to be able to know that there is a built-in community not just at events, but in communities across the country. That was truly an eye-opening experience that I did not expect, but one that really made me realize how wide, large, and connected the Drupal community is. And it’s pretty awesome.
 

If you think that your first DrupalCon will be all work and no fun, you will be pleasantly surprised.

You’ll find out quickly - as I did - that there are after parties, trivia, and plenty of fun people to meet and hang out with outside of the convention hours.

Fair warning: you will never know what you are bound to see.

Anything from Caesar the No Drama Llama to a guy in a Darth Vader outfit riding on a unicycle in a kilt to a random group of flame jugglers we stumbled upon walking from one party to the other. (Part of me was not sure if this was part of the people in the community just getting loose or if this was a Portland thing, since they do say “Keep Portland Weird.” Whatever it is, I am here for it.

All I know is that I had such a great experience at DrupalCon, and I was extremely fortunate to be able to be there with some fellow Palantiri. I plan for this to not be my last.

Photo by Justin Shen on Upsplash

A day-by-day play on anything and everything I experienced - and, yes, I met a llama

I was really excited to attend DrupalCon for the first time. I’ve been with Palantir.net for about a year, all the while being told about the greatness that is the Drupal community, and I couldn’t wait to experience it myself.

When Omicron burst on the scene in early 2022, we all took some time to reevaluate the risks it presented. But since I was fully vaccinated and knew I’d be boosted by then, I decided to carry on and attend - along with a smaller than usual band of Palantiri who decided the same.

But it felt like the hits kept coming. Next, we were made aware that attendance, understandably, was way down from years prior. Would DrupalCon even be what everyone remembered? Would this famously tight-knit community be another casualty of COVID-19? Deciding to be all in, I was determined to find out.

We prepared and prepared and, before I knew it, I was taking the longest flight I’d taken in over two years. I traveled a lot before COVID, but this four hour flight was my near undoing. Add to that a little sinusitis and by the time I reached the hotel Sunday night, I was spent.
 

Monday was booth set up day. It went pretty well for Rachel and I, who were both DrupalCon newbies, but once our CEO and Founder George arrived that afternoon we were really in business. A seasoned DrupalCon vet with 24 conferences under his belt, he got us in shape and it was off to the races.

We were immediately approached by many curious and extremely friendly attendees and had some really great conversations. For me, the most notable surprise was that no one felt like a stranger - not even those I had just met for the first time. It was as if we were all old friends checking in on each other. Instead of, “who are you and what do you do?” it felt like “Hey friend, what are you up to these days?”

I immediately felt right at home in this zany crowd and I was excited to see what the rest of the week had in store.
 

Still battling my sinuses but having gotten a full night's rest, I woke up bright and early ready to tackle the day.

My first regret: I was very much looking forward to attending the day’s keynote, “How to combat global systems of oppression in the tech industry,” but I was feeling a bit anxious about not being present in the booth, so I decided to skip it and will be sure to catch the video - I learn best when I can rewind anyway. The morning was still bustling as we met new and greeted old friends, but I was really grateful that the conference attendance was down - I started joking that DrupalCon knew it was my first year and was kind enough to ease me in.

That night the partner events kicked off. I had to rally a bit after a long day, but I’m so glad I did because I got to know my coworkers in person. COVID really made me forget what it’s like to meet new people and to connect with those I see over a screen every day on a more personal level. I started seeing myself as somewhat of an introvert, and this reminded me that I am mostly not. It was incredible to network in a way that felt authentic; I hadn’t realized how much I’d missed it.
 

I completely forgot about the time difference and had a class at 6:25 am (the class is amazing, but that’s a blog for another time).

I was exhausted, but something about the air in Portland sent my sinuses back to their regularly scheduled programming, and I was feeling pretty good otherwise. Wednesday was a bit more chill in the conference hall, and it gave me the opportunity to have longer and more in-depth conversations with those who stopped by our booth to say hello.

The Women in Drupal Luncheon was exceptional. I think most women were aware that the conference was predominantly male, but sitting in a room with only women felt revolutionary. The speaker, Jackie Wirz, was phenomenal and her presentation left me feeling empowered and inspired to embrace myself in a world that tells me not to.

She spoke about suffering from mostly invisible mental- and health-related disabilities and the effects her own have had on her personal and professional life. When the subsequent conversation turned towards the intersectionality of feminism and Diversity, Equity, and Inclusion (DEI) in the tech industry, she didn’t shy away. These are difficult topics that she and all of the women in the room handled with both grace and care. Being a minority woman in any field can be isolating but this room felt like the start of something. I felt so, so honored to be there.

We had our team dinner and some more partner events that night. I played some arcade games with the crew, saw some fire throwers (I see you, Portland!), and met a pretty cool guy named Caesar the No Drama Llama. 10 out of 10 would recommend.
 

Thursday was the last day and you could tell, because everyone was exhausted.

I highly recommend watching the recording of “Inequity and isolation: inclusive practices for remote teams”. I am into all things inclusivity and believe that it’s incredibly important to widen the lens through which we see the world. Again, this is hard work. It requires self awareness, a desire for change that exceeds our desire for comfort, and perhaps most importantly, stamina.

I finally took some time to go around to all of the booths, meet people I hadn’t yet, and grab some swag. I made sure to connect with some new friends on LinkedIn (I have a few more to get to). The conference ended early on the last day and, quite accidentally, my coworkers and I (and later my husband) ended up on the roof of our hotel for six hours. After many laughs and taking in a gorgeous view, we ended the night with a pizza party in the lobby.
 

I went into this trip prepared to do right by Palantir.net. I wanted to create connections and maybe do some recruiting. I expected to have my “sales smile” on all week and be exhausted every night. And this was partially true. I did some of my sales shpiels and spoke to anyone who’d listen about what sets Palantir.net apart.

But I also made genuine connections, had genuine conversations, and learned maybe the best lesson of all: DrupalCon is a tech conference, but more than that, it’s a community of warm and fantastic people. We root for each other, we’re friends that know there’s enough work for us all, and maybe best of all we are a darn good time.

All in all, I had a particularly spectacular time at my first DrupalCon. I learned a ton, met awesome people, and got the chance to connect with my coworkers outside of work or Zoom. I went into the week of the conference with a healthy dose of skepticism, but went into the following weekend with a very full heart.

See you next year, DrupalCon! It was fun.

Photo by Britany Acre featuring Caesar the No Drama Llama

Last month at DrupalCon Portland, I was honoured to receive the Aaron Winborn Award, named after one of Drupal’s most kindhearted and prolific contributors, who we lost far too soon to ALS back in 2015. (If you were not lucky enough to know Aaron, you can read more about him through many others’ words in his Community Spotlight)

I am tremendously grateful to so, SO many people who have mentored and encouraged me along this journey, from all the way back when I was a wee Google Summer of Code student in 2005 trying to figure out what on earth a “hook” was. :D Each and every time I became excited and passionate about a new way to help the project—joining ALL of the teams (Documentation, Webmasters, Security, etc.), becoming a Drupal core maintainer, joining the Drupal Association Board, improving contribution tools and processes, driving user experience improvements and quality assurance efforts, scaling the governance of the project, etc.—folks would rally to help set me up for success, and assist in ripping blockers out of the way.

The Drupal community really is something incredibly special. There’s an innate desire to enthusiastically share knowledge, to celebrate the wins of others, and to jump in and help where help is needed. We’ve forged long-standing friendships (and at least a couple of marriages! :D), we’ve had many, many laughs (and also a few cries), and we’ve all come together from all over the world to build something truly amazing. Come for the Code, stay for the Community, indeed. :) So an immense THANK YOU to each and every one of you who contributes every day to making this community so truly awesome. (That word gets overused a lot, especially by me ;), but in this case it is extremely apt. <3)

Incidentally, a few people have also asked how I did not have this award before. First, I was a founding member of the Drupal Community Working Group, so receiving it back then would’ve been a supreme conflict of interest. :P Additionally, much of my community work over the years has also been sponsored by Lullabot and Acquia, so that it could have a bigger impact, and this was a *very* unique privilege that most other community contributors do not have. The list of previous winners includes such community luminaries as Gábor Hojtsy, Dr. Nikki Stevens, Baddý Sonja Breidert, and more. I’m *very* happy they all got the spotlight before me. :)

While these days I'm making community happen over at MongoDB, I'm still very much involved in the Drupal community, and it was GREAT to see so many friendly faces at DrupalCon! :D Thank you SO much again for this incredible honour. <3

When migrating a Drupal 7 site to Drupal 9, working with path aliases in custom code is something that is often required. Path aliases were converted to revisionable entities in Drupal 8.8, so also when upgrading from older versions of…

DrupalCon Portland 2022 was the first in-person DrupalCon in over two years. Gathering face-to-face again (plus masks) gave us even more energy and inspiration to take so many insights about the present and the future of Drupal.

Here’s our list of favourite sessions at this year’s DrupalCon, for those who couldn’t attend all sessions and those who couldn’t be at the event. If you want to dig deeper into the topics, you can watch the videos of the sessions on the Drupal Association YouTube channel.

💁‍♀️ Level up your Drupal projects! Check out our upcoming Drupal training courses

The “Driesnote”—the keynote talk delivered by Drupal founder and project lead Dries Buytaert—is always one of DrupalCon’s most awaited events. It’s always filled with updates on the current status of Drupal core and its community, upcoming changes, and the vision and strategic direction for Drupal’s future.

This year, Dries took us on a tour of Drupal’s new features and other changes coming with Drupal 10. He also introduced a shift in vision toward targeting “ambitious site builders” for ongoing improvements from Drupal 10 to 11. Before that, Dries opened his talk with a note of solidarity to Ukraine and acknowledging the war’s impact on the Drupal community there. Here you can watch the Drisnote in its entirety:

💻 Read Our Article: What You Need to Know to Get Ready for Drupal 10

This session was geared toward developers and other technical folks. It focuses on the new system requirements for Drupal 10, the rationale for these dependencies, and how developers can start preparing their projects for the move.

After a quick review of new features, there was a discussion on the dependencies–Symfony 6.2, PHP 8.1, and CKEditor 5. The rest of the session was filled with actionable recommendations, tools, and tips to move to Drupal 10 as seamlessly as possible.

We highly recommend watching this session and starting to plan your Drupal 10 migration now, while there’s still plenty of time before its release, in December.

📖 Download Our Free Ebook: Your Drupal 9 Migration: Agency or In-House?

This was another session focused on Drupal 10, diving deep into the upcoming integration of automatic code updates into Drupal core. This functionality is intended to reduce the maintenance burden of Drupal implementations and encourage project owners to keep up on security updates and other improvements.

This talk provided fantastic insights into the technicals of how automatic updates will work, including code samples and discussions around the decision-making process for the ongoing development and rollout of enhanced features and capabilities.

This session focused on using the elevate.xml configuration file to gain more control over your site’s search results. Elevate.xml lets us directly specify the order of top search results, going beyond score-based sorting. This is a powerful enhancement to Solr, as it allows us to surface results that are not only algorithmically most relevant but that contribute to goals like promoting client content or prioritizing timely resources in response to an emergency.

Much of the talk focused on a step-by-step overview of installing and configuring Solr7 with Drupal 9 and Lando, including a set of files and instructions available for download.

👨‍💻 Read Our Article: How to Create a Great On-Site Search UI Through Iteration

This session focused on how a large government agency improved the accessibility of a huge PDF collection during its migration to Drupal 9. This is a common problem that doesn’t get nearly enough attention or guidance.

While it’s pretty well-known that PDFs on the web can pose major challenges, the most common advice is simply, “Don’t use them if you don’t have to.” Unfortunately, that’s not very helpful for organizations that have to use PDFs due to user needs, team skills, or regulatory compliance, missing a real opportunity to improve PDF accessibility.

We think this review of the constraints, auditing, document remediation, and ongoing best practices employed by a US federal agency is a great place to start your PDF accessibility research and planning.

📽 Watch Our Webinar: How to Use Assistive Technology to Improve Web Accessibility

Most of the sessions on our list focused on technology and practices for implementing technology. However, this one got our attention because it’s a fantastic way to create a path for students from historically marginalized groups to gain access to crucial tech industry internships.

The student team for the featured project had no prior experience in Drupal, Symfony, or PHP. They had just 10 weeks to learn the technology, build a Drupal module to solve a real-world business problem and present their results to a panel of University and industry stakeholders.

We love this session because the Code+ program provides a unique opportunity for undergraduates to own and lead a software development project from start to finish and access a network of industry decision-makers for future internships and employment.

👩‍💻 Read Our Article: How Drupal Can Be a Force for Diversity and Inclusion

This session provided a look at a Layout Paragraphs, a contributed module that gives content editors an intuitive, drag-and-drop tool to manage page layouts in the content creation admin. Where Layout Builder manages sitewide layouts, Layout Paragraphs manages layouts for individual pieces of content. As a result, editors have per-node layout flexibility within configured templates and constraints for the content type.

This is a very exciting idea for content creators, who are often frustrated with the limitations of Drupal’s content entry tools and lack of visual feedback when editing. When exploring highly visual tools like Wix, the lack of content structure and design enforcement can introduce a new set of challenges. This way, Layout Paragraphs could pave the way for Drupal to become the preferred CMS for an even broader range of content publishers.

🎥 Watch Our Video Tutorial: How to Use Drupal 9’s Layout Builder

This session provided an excellent discussion on how to mitigate the taxonomy tangle that often happens in expansive, content-heavy sites. It uses the example of a major UN office’s migration from an old Sharepoint site to its first Drupal platform to look at the specific challenges of such a project and the practices to resolve them.

The presentation is packed with actionable recommendations and clear examples illustrating the various problems and their “holistic taxonomy” solutions. A clear, well-structured taxonomy is the backbone of any effective Drupal system, making this session one we think you should watch.

▶ Watch Our Webinar: How Drupal Fits Into the Landscape of Digital Experience Platforms

These were our picks, but we know there were other fantastic sessions we’ve missed. What were your favourites? What was the best thing you learned, saw, or heard at DrupalCon Portland? What do you hope to see or hear about in the future? Drop a comment below and tell us what you think!

Reposted with permission from Pantheon.io.

DDEV is a Docker-based local development environment solution that allows developers to run local copies of all their Drupal and WordPress projects in a personal development environment. Much like similar Docker-based solutions, DDEV hides most of the complexity of Docker — allowing Drupal and WordPress developers to focus on what they like best.

One of the typical challenges that a developer faces when working on their local development environment is keeping their local database and content files up-to-date with a remote environment (development, test, or live). For the database, the manual process normally involves downloading a database dump and importing it into the local development environment.

DDEV's "provider" functionality automates the steps into a single "ddev pull" command that can authenticate with a remote server, download the most recent database backup, and then import it into the local environment -— all with just a single command!

DDEV includes sample provider integrations for Drupal (but not WordPress yet); they are located in your DDEV project's .ddev/providers/ directory. Each provider integration includes documentation, as well as the complete code for the integration — making it easy for you to customize.

A DDEV community member, Matthias Andrasch, has been working on DDEV provider integration for WordPress; find them here. These are not officially supported, so please use them with caution.

The Pantheon integration requires that a Pantheon machine token be created and added to your machine's ~/.ddev/global_config.yaml file in the following format:

This allows DDEV to access your Pantheon projects via Terminus (built-in to DDEV), in order to access database and content file backups.

The Pantheon integration also requires that you have Drush installed as part of the Drupal project. If you don't, then it's easy to add via:

For basic integration, you'll just need to copy the example.pantheon.yaml provider file to pantheon.yaml and then update the site name and environment variable. This allows you to target exactly which site and Pantheon environment you'd like to access the database backup and content files from when running the "ddev pull" command.

In this example, the machine name of Pantheon project is "de8" and we're going to be updating the local DDEV environment with database and content files backups from the Pantheon Live environment.

Once configured, to update your local database and content files, run "ddev pull pantheon" and you’re set. If you don't want to sync the content files to your local, then you can add the "--skip-files" parameter.

This is a summary of the integration steps — for all the details, be sure to check out the .ddev/providers/example.pantheon.yaml file in your DDEV project.

As mentioned earlier, the example.pantheon.yaml file doesn't just include the parameters for the provider integration, it also contains the actual commands for each step of the integration.

For example, in the "ddev_pull_command" section, you can see the various bash commands used to obtain a database backup from Pantheon:

If you speak Terminus, then you'll notice that the command doesn't actually create a new database backup, but rather downloads the most recent. But, since all of the commands are specified here, you can add a "terminus backup:create" command if desired.

It is important to note that DDEV provider integration also includes a "ddev push" command that does exactly what you think it does — it allows you to easily push a local database or content files directory to a remote Pantheon environment. As this violates the recommended "code flows up, data flows down" principle, I don't recommend using it — or at least use it with extreme caution.

If this level of local development environment automation isn't enough for you, then your next step would probably be to think about using the "ddev pull" command as part of a DDEV post-start command hook (or custom DDEV command) that automatically calls "ddev drush cr" "ddev drush cim" immediately after the "ddev pull" command. This makes it possible to easily have a fresh local development environment every time you start working on your project!

The release of Drupal 10 is scheduled for later this year, which means that there are some exciting new features to look forward to! This release marks a huge shift toward a more accessible and user-friendly Drupal admin, laying the foundation for a platform created for the “ambitious site builders,” as Dries Buytaert discussed in his DrupalCon Portland keynote and follow-up blog post.

There is so much to discover about this next major Drupal release. So let’s look at what Drupal 10 offers for your projects and what steps you can take to get ready.

• Drupal 10 Release Date
• New Features in Drupal 10
  • Default Front-End Theme: Olivero
  • Default Admin Theme: Claro
  • Starterkit
  • CKEditor 5
  • Automatic Updates
  • Modules and Themes Leaving Core
  • Decoupled Menus
• Core Strategic Initiatives
• Planning for Drupal 10 Readiness
  • Technical Requirements
  • Preparing for the Upgrade
  • Drupal 9
  • Drupal 8
  • Drupal 7
  • Drupal 6
• We’re Here to Help!

Drupal 10 is coming soon: December 14, 2022, to be exact. While we had all hoped for a June 2022 release, the new December date allows for more work on integrating the upcoming CKEditor 5 and shipping Drupal 10.0.0 with optimal technical specs.

December 2022 will also see the release of Drupal 9.5. This will be the final release for Drupal 9, containing most of Drupal 10’s new features. The main difference is that 10 will remove all of Drupal 9’s deprecations. This means project owners can iteratively update their custom code for Drupal 10 and deploy these updates to their Drupal 9 production sites, rather than doing a big rebuild all in one shot.

Can’t wait to try it out? As of this writing, there is an alpha3 release available for testing and development purposes.

So what do you get when upgrading to Drupal 10? The new features and approaches continue Drupal’s movement toward a simpler and more modern experience across user groups.

Most of these features are available in whole, or in part, in current and upcoming 9.x releases, making the move to Drupal 10 simpler and less disruptive for your teams.

Initially added to Drupal core as an experimental theme, Olivero is now stable and the default theme in Drupal core as of the 9.4 release slated for June 2022. These are its main advantages:

• A simpler, more modern first impression, with lots of whitespace, clean fonts, and judicious use of colour and effects
• The most accessible Drupal theme yet, with out-of-the-box WCAG AA compliance
• Compatible with modern Drupal features like Layout Builder and embedded media

The Olivero theme is already included in the current version of Drupal core. If you’d prefer a quick peek, the Strategic Initiative team behind Olivero has a live demo you can explore here.

💻 Check Our Webinar “Build Accessible Websites Out-of-the-Box with Drupal”

One of the more significant changes to how we do Drupal will be the new Starterkit theme. Presently in alpha, Starterkit will provide Drupalists with a new way of theming.

Historically, subthemes are dependent on base themes, like Classy, and are created as extensions of them to provide code at runtime. However, changing core base themes is hard.

The new Starterkit simply provides standard classes and markup without the runtime dependency on a core base theme. However, subtheming won’t go away: organizations can still create their own base themes to guide subthemes across their platforms.

From the article: "New Starterkit Will Change How You Create Themes in Drupal 10" (Drupal.org)

With a complete rewrite and exciting new feature set, CKEditor 5 brings a modern, collaborative editor experience to Drupal 10.

The new CKEditor provides an interface familiar to users of tools like Microsoft Word or Google Docs. It also includes standard collaboration tools like comments, suggested edits, version history, and other popular editing conventions. It also features exports to .docx and .pdf files for easy porting to print formats.

The integration is still under development, but if you want to check it out, there is an experimental version already included in Drupal core 9.3.

After many requests, the Automatic Updates contributed module is under active development and will move into core in Drupal 10, enabling users to manage updates automatically. This module may go live with the initial release or in an early minor version like 10.1 or 10.2.

Automatic Updates makes minor release updates simpler and faster:

• Click a button, and Drupal—via Composer—automatically downloads the necessary files, runs a readiness check, and makes a staged copy of your site.
• Drupal then alerts you to the need for database updates or any other steps and allows you to continue or cancel.
• If you choose to continue, your site automatically goes into maintenance mode, the updates will apply, and you’ll be redirected to the database updates page if needed.

The initial core release of Automatic Updates will be limited to updating Drupal core and will only support unattended updates—which run on their own via cron—for patch releases. In time, the module will also handle automatic database updates, updates to contributed projects, and possibly broader application of cron-managed unattended updates.

For more details, watch Ted Bowman’s session about getting ready for Automatic Updates at DrupalCon Portland 2022.

To help streamline core and its maintenance, Drupal 10 will move some current core modules and themes into contributed projects:

• Rdf
• Forum
• Aggregator
• Activity Tracker
• Color
• HAL

• Quick Edit
• Bartik
• Classy
• Stable
• Seven

Decoupled projects have become commonplace, using Drupal for the back-end and common Javascript frameworks for the front-end. To make these implementations more user-friendly, the Decoupled Menus module provides a JSON linkset that will allow non-technical users to use the standard Drupal admin to manage menus on decoupled implementations. Decoupled Menus is currently in the final stages of testing and is expected to be in core for Drupal 10.

👨‍💻 Ready to level up your team’s Drupal skills? Check out our upcoming Drupal training courses

Innovations in Drupal core are driven by strategic initiatives, which ensure the Drupal project aligns with stakeholder needs and market expectations as it moves forward. Members oversee the development, documentation, testing, and communication of Drupal core’s most significant changes.

We already mentioned some of the current core strategic initiatives, such as Automatic Updates, Decoupled Menus, and the New Front-End Theme (Olivero). The others are:

• Drupal 10 Readiness - The Drupal 10 Readiness initiative oversees preparations for the release of Drupal 10. It tracks remaining tasks, ensures dependencies are updated, and deprecations are removed and supports project maintainers in preparing their projects.
• Easy Out of the Box - The Easy Out of the Box initiative makes the Drupal admin easier and more accessible for content creators, editors, and other non-technical users. It encompasses the new Claro admin theme, Media integration, and Layout Builder, seeking to enable all these tools in Drupal core by default.
• Gitlab Acceleration - While most strategic initiatives focus on what is in Drupal, the Gitlab Acceleration initiative is all about how we get things into Drupal. Its goal is to make contributing to Drupal easier by moving away from its custom systems toward the tools and processes commonly used across the industry.
• Project Browser - The Project Browser initiative seeks to make it easier for users–especially novice site builders–to find the modules they need. It will feature a visual browsing interface within the Drupal admin, with more intuitive filtering tools and iconography to convey key quality measures quickly. The ultimate goal is to take the mystery out of starting and building a new Drupal project.

These initiatives are ongoing and in various stages of progress. To learn more or participate, check out their respective pages for more information.

There are new version requirements for some critical Drupal 10 dependencies. You’ll want to make sure that your code and hosting environment are ready. Drupal 10 will require Symfony 6.2 and PHP 8.1 and ship with CKEditor 5 integration.

It’s also worth noting here that Drupal will officially drop support for Internet Explorer, freeing the project to take advantage of more modern front-end technologies.

Drupal 7 and Drupal 9 will both reach end of life–that is, the end of community-supported security updates and bug fixes–in November 2023. That gives you 11 months from Drupal 10’s release date to get your Drupal 9 site migrated before losing support. Drupal 9’s end of life date is driven by the end of life for both Symfony 4 and CKEditor 4 and is unlikely to change.

The good news is that Drupal’s major version updates are getting easier with each release. So while the leap from 7 to 9 is a major effort, going from 9 to 10 is truly the “easiest upgrade ever.”

Great news! You can start updating custom code and contrib projects now, and have a minimally stressful migration.

The current 9.3 core release is compatible with PHP 8.1. When Drupal 10 is released, it will be substantially the same as 9.5, but with the deprecations removed. Code that works with 9.5, and does not rely on those deprecations, will work in Drupal 10.

Moreover, tools like Upgrade Status and Drupal Rector can help automate finding and implementing necessary updates.

If you want to check and/or pitch in to help resolve the deprecation status of specific contributed projects, Acquia has put together a dashboard to track progress and highlight what each project needs to move forward.

If you’re on Drupal 8, your version of Drupal is past its end of life and no longer receiving community support, including security updates. So it’s time to move to 9 as soon as possible. Don’t worry: this is a pretty straightforward process, which we’ve discussed in 7 Frequently Asked Questions about Drupal 8 End of Life.

If you’re still running your sites on Drupal 7, you’re in good company. As of this writing, just over half of all reporting Drupal sites are running version 7. (You can find the latest numbers on Drupal.org.)

Even so, this means that you are running your sites on a platform that is now over a decade old. As a result, you are missing out on years of technical innovations, and while Drupal 7 is officially still supported by the community, support for its contributed projects has eroded as maintainers focus on more current technology.

Now is the time to grit your teeth and move on with your Drupal 9 migration. Check out 9 Frequently Asked Questions About Drupal 7 to get started and download our free eBook, Your Drupal 9 Migration: Agency or In-House? with tips for analyzing your project requirements and internal resources.

Upgrading from Drupal 6 to 9 or 10 is much like upgrading from 7. It’s a major rebuild requiring rewrites of custom code and the replacement of many contributed projects. It won’t be a small task, but the core migration tools for Drupal 9 and 10 include an upgrade path for configuration and content from Drupal 6 to get you started.

From training classes to implementation, Evolving Web can support your new and ongoing Drupal projects. If you want to learn more about our expertise, you can check this case study on how we helped McGill University in a big-scale Drupal migration by training their in-house team of developers.

If you think you might benefit from some outside help, drop us a line and let’s talk!

In a project where we use the Search API to search for content, we noticed that nodes that are marked as "noindex" by the Metatag module are visible during internal searches. Here is a ready-made solution for how to avoid this.

Here's a braindump to a question I answered on Slack today about choosing an e-commerce solution for Drupal.

Concrete observations, real-life examples, and practical advice for building trust and affinity at work

Our work isn’t easy. It’s difficult to complete technical projects with non-technical clients. We understand a lot more about what’s going on, but they’re the ones making important project decisions.

Our work doesn’t live in best-case scenarios. Unlike bakers who have a recipe to predictably create the same cake over and over again, we have to change all the time. This is especially true in a consultancy like Palantir.net that has fully embraced agile.

Building trust and affinity, which is foundational to great client relationships, isn’t always part of the process. It also isn’t explicitly taught in school. That’s why I prepared this session for DrupalCon Portland 2022, to help my community learn the softer skills that are essential to our work. So, let’s uncover these simple secrets to great client relationships.

Sometimes, we act like we’re watching a movie of the world around us, but people are always reacting to our energy, as we react to theirs. When we are warm to people, we’ll often find that they are warm back. Greet your client like you already know (and like) them. Then, leave space for them to shape the conversation.

In March 2020, Tonight Show host Jimmy Fallon used Zoom to interview celebrities in their homes from his home. This struck me as not dissimilar from my work within a distributed team. I noticed how he greeted people ranging from Kim Kardashian to Taraji P. Henson with almost over-the-top warmth and enthusiasm. Then, he let the guest shape where the conversation went next.

You can develop this skill by scheduling a quick happiness boost before client meetings that will leave you authentically joyful when you greet your clients. This can be as simple as spending four minutes watching an older music video like Pump Up the Jam (a nearly-universal happiness boost). You can also practice your greeting in the mirror, study talk show interviews on YouTube, or try an improv class.

Some think always being available creates great client relationships. I believe we build better bonds by setting and honoring boundaries that work for us. It may be tempting to respond to a client outside of your work hours. We think we’re teaching them how much they matter to us. However, it’s much more likely that we’re teaching them that we are always available. This can easily lead to disappointment or frustration when that expectation isn’t met in the future.

You can develop this skill by making clients aware of your collaboration boundaries. You can say things like, “I work 8:30-5:00 pm Mountain Time. What hours are you normally available for work?” This provides an opening for them to share their boundaries as well. You can also schedule non-emergency communication to arrive in your client’s inbox or Slack during your work hours. If you’re interested in digging further into boundaries, I found Essentialism to be a great resource.

For many clients, the world of Drupal projects is unfamiliar. Consider yourself their Drupal guide. It’s your job to keep welcoming and orienting them to our world. Tours, like this great example of a university tour, are analogous to our work. I recommend watching at least the first minute of it while imagining that you are the guides and they are speaking to your client.

You can develop this skill by assuming your client is doing everything for the first time. Start with what’s immediately applicable, then zoom out. Use visuals and always translate jargon. Leave your clients space to think and ask questions. Take tours (or watch more online) through the lens of becoming a better Drupal guide.

Your client inhabits a world that’s unfamiliar to you. Your interest in their world will help you build trust and a better project outcome. Everyone likes other people expressing interest in our world, and it’s even better when they later remember what we’ve shared with them.

You can develop this skill by asking your client questions and remembering details. You can use a reference document to capture what your client shares with you, so you can easily follow up on what you learn. Notice changes, which could include a special piece of jewelry or a frantic late arrival to a call. You can share a complement or a moment to ground themselves in what seems to be a busy day. You can also keep up with your client’s organization via Google alerts, subscribing to their newsletter, or attending their events.

Rather than falling into a teacher or expert role, continue finding opportunities to learn from your client. When they share their knowledge with you, honor it with the respect it deserves. I learned this from a colleague after my company hired her as my new manager. She knew the role way better than me, but she didn’t know Drupal. She often found opportunities for me to teach her, which I later learned was no accident. Whether a manager, mentor, or consultant, we all appreciate work relationships that are mutual.

You can develop this skill by speaking in your client’s language, using the words and jargon that they use. When your client shares insights, be openly interested by rephrasing what they’ve said or asking follow up questions. If this is an unfamiliar approach, prepare by brainstorming and planning for occasions to continue learning from your client.

When I first started my 9-5 career, I thought I had to be a neutral, professional automaton who was always poised, on topic, and efficient. However, people build connections with people, not perfect professionals. Share aspects of your life outside of work with your client. This will give them an opening to share aspects of their life with you. The more you’re connected as people, the stronger your relationship will be.

You can develop this skill by preparing a specific and concise anecdote to share about your weekend, or in answer to the outside-of-work questions you’re regularly asked. Especially if you work remotely, tell your client where you are when you’re away from home. Meet your client for coffee, either in-person or virtually, to talk about things that aren’t work-related. DM your client on Slack and ask non-work questions from time to time.

We all gravitate toward people who are fun to be around. Bring levity and play to your interactions with your client. For example, a client’s Outlook Calendar wasn’t cooperating with my Google Calendar, so she had two identical meetings from me. I added an exclamation point to the active invite, changing our meeting title to “[client name] + Lily!”. We kept it that way, and I smiled every time I saw the meeting appear on my calendar, hoping she did the same.

You can develop this skill by smiling and joking with your client, when appropriate. Within reason, talk to your client like you talk to your friends. Use an informal communication style and emojis to convey tone in emails and Slack.

We can all sense when people are being fake. That’s one of the fastest ways to damage trust. Make sure to stay genuine in all of your client interactions. As a podcast fan, I find Dax Sheppard in his role as host of Armchair Expert to be a fascinating model of authenticity, particularly the episode he released about his relapse.

You can develop this skill by modeling authenticity. Give honest answers to questions like, “How are you?” in front of your client. Speak the why behind your actions and recommendations with your client to help them understand your perspective. And, tell your client when you notice a contribution they’ve made. Be specific about its impact.

The more you learn about your client, the more you’ll understand their collaboration style. If there’s a big gap between your style and theirs, it may be time to adapt and meet them closer to where they are.

You can develop this skill first by avoiding making assumptions about your client before you meet them. Instead, notice how they react to your collaboration style, especially any friction or negativity. Also, notice how your client tends to collaborate and note your observations down. You can use them to brainstorm solutions, then try them out until you find one that works.

We often think telling a half-truth or putting a rosy-colored spin on something will help maintain a great client relationship. In my experience, I haven’t found that to be the case. Even when it’s uncomfortable and not what they want to hear, tell your client the truth. You’ll be surprised by how much grace you’re given when you prove that you can be counted on for your honesty. It’s so much more valuable than anything we get from fibbing or stretching the truth.

You can develop this skill by committing to always telling your client the truth, but also remember that it doesn’t have to be the whole truth. You can say, for instance, that there was a miscommunication within your team without calling out individuals. If work is late because of five reasons, you don’t have to share all five. I also recommend that you voice your inner monologue when delivering difficult news. It can be powerful to say, “This isn’t a conversation I ever wanted to have with you,” instead of trying to find the perfect thing to say.

It can be so tempting to develop an us versus them mentality with clients. If that ever happens on your team, stand squarely on your client’s side. You can even say something like, “I’m playing the role of client advocate. If they were here, I think they’d say something like…” You’ll bring some much needed empathy and valuable perspective to the situation.

You can develop this skill by saying things to your client like, “I can see how given this happened, you might feel that way.” Practice seeing things from their perspective, and if you struggle to understand it, ask them questions until you do. If you’re interested in exploring this topic further, I recommend Nonviolent Communication.

If you’ve read this far and want to keep digging into this material (or if you’re more of an auditory learner), I’ve included a recording of my DrupalCon session that inspired this article. There’s also an engaging Q&A session with the audience at the end. Whether you watch it or not, keep exploring connection and try new approaches until you find what works for you.

Photo by Brooke Cagle on Unsplash

I took the schema.org blueprints module for a spin in a "box-opening" video. I was amazed!

We cannot believe DrupalCon Portland 2022 has already come and gone! We had a fantastic time with everyone in the wonderful city of Portland, Oregon. We welcomed attendees from all over the world to collaborate, innovate, network, and learn. In this email, we’ll share a few highlights from the conference – starting with the group photo!

Roughly 1,300 Drupalers back together in person, at last!
(Photo by Christina Lindner) 

The first in-person Driesnote in nearly three years was certainly a treat! Drupal founder Dries Buytaert gave an update on the state of the Drupal project, and if you missed it, you can watch the entire presentation now on the Drupal Association YouTube channel. You can also view the Q&A session with Dries that occurred directly after the Driesnote! 

Our two DEI Keynotes provided insight and invaluable conversations about important topics. Watch the recording of Tuesday’s Keynote with Mala Kumar, Daelynn Moyer, and Marcus Carter II to learn more about Global Systems of oppression in the tech community. Once you’ve viewed the Tuesday keynote to set the stage for taking action, check out Demetris Cheatham’s Keynote Fireside Chat, Let’s Open Source Diversity, Equity, and Inclusion, for a tangible way to truly advance DEI in the open source community.

And finally, What is Open Source’s role in the future of the well-being of the Internet? Dries Buytaert, Adam Silverstein, and Mek Stritti covered the part of Drupal and other open source platforms in the Internet’s future. Watch each Keynote session recording now on the Drupal Association YouTube channel!

Congratulations to Angie Byron (@Webchick) for winning the highly-anticipated Aaron Winborn award! This award is presented annually to an individual who demonstrates personal integrity, kindness, and above-and-beyond commitment to the Drupal community. Angie is a staple in the Drupal Community, with 249 people citing them as a mentor. Her work has not only strengthened the Drupal project, but has impacted the Drupal community in ways we will all feel for decades to come. Thank you, Angie, for all you do in Drupal and congratulations!

There were so many informative sessions at this year’s DrupalCon Portland! From creating marketing case studies to building a GraphQL API, there was something for everyone. Check out the DrupalCon Portland 2022 YouTube playlist to watch audio recordings of the sessions accompanied by the slides from each session.

The week was packed with fun events as well! Trivia Night was in full swing on the final night of the conference, and the Expo Hall Passport contest awarded many Drupalers with fun prizes – including an Oculus Quest! One of the best parts about DrupalCon is the free swag, and this year did not disappoint. Who else had trouble fitting all of their new clothing and free goodies into their suitcase?!

We were so excited to host 9 scholars and 4 Discover Drupal students at DrupalCon Portland! 

We are excited to share that Pantheon will be donating $3,500 to our Discover Drupal initiative as part of the Gift of Open Source! Pantheon partnered with the Drupal Association weeks prior to DrupalCon to help grow contribution to the project. All contributions were counted towards a max donation amount of $3,500 and Drupalers helped us reach that goal! Thank you, Pantheon for this very important strategic partnership to ensure the growth of the Drupal project.

If you snapped some awesome photos at DrupalCon Portland, upload them to the Flickr group! By sharing your photos, you’ll ensure that you and our community have memories from all the wonderful moments at the conference. It also helps us to be able to continue promoting Drupal programs, events, and contributions. We can’t wait to see your photos!

Thank you to our speakers, sponsors, volunteers, trainers, and participants! We could not have done it without their support.

Did you have a great time at DrupalCon Portland? Become a Drupal Association member today to support future DrupalCons! By joining the Drupal Association as a member, you’ll also contribute to the future innovation of the Drupal project, as well as gain access to other perks. Are you part of an agency that relies on Drupal for your business? Become a Supporting Partner today of the Drupal Association. Learn more.