Drupal Planet

Matt Glaman: Check out the "Drupal at your fingertips" developer reference guide

1 month ago

Selwyn Polit has created a fantastic Drupal 9 and 10 developer reference guide called Drupal at your fingertips. The book is a reference guide that explains the various APIs within Drupal and examples of code for using them. The book's contents are available online, and all of the content is licensed under Creative Commons Attribution 4.0, making it available to share and modify with attribution. You can find the Drupal at your fingertips book online at: https://selwynpolit.github.io/d9book/ and its source at https://github.com/selwynpolit/d9book/tree/gh-pages.

Lemberg Solutions: Drupal Commerce + SAP Integration: Solutions and Benefits

1 month ago
If you’ve been looking for a viable solution to extend the functionality of your Drupal Commerce platform, we have one. In this article, our Drupal Team Lead, Mykhailo Hurei, provides a comprehensive overview of SAP integration with Drupal Commerce. Keep reading to learn how we integrated the Drupal Commerce platform with SAP for one of our clients and find out what custom features we added. 

Specbee: Migrate to Drupal 9 (or 10) Without Losing Your Hard-Earned SEO Ranking

1 month ago
Migrate to Drupal 9 (or 10) Without Losing Your Hard-Earned SEO Ranking Shefali Shetty 28 Feb, 2023 Subscribe to our Newsletter Now Subscribe Leave this field blank

Website migrations are never an easy decision and we get it. The fear of their SEO rankings being negatively affected often holds site owners back from migrating their CMS or upgrading from an older version. After all, it has been a long and hard process to get your website to the top of Google's search result pages, and you don't want all that effort to go to waste. 

However, this common concern can be addressed and mitigated before and during the migration process. With meticulous planning and a systematic migration approach, a website migration will not affect your SEO. Instead, with a CMS like Drupal that offers SEO and performance optimization techniques, your SEO ranking should see an upward trend.

In this article, we’ll discuss why a website migration to Drupal 9 does not have to mean sacrificing your SEO ranking. We'll go through some of the best practices and tips as well as what you need to do if you see a drop in ranking after the migration.

Why Migrate to Drupal 9 (or 10)

Most of our clients migrate/upgrade their CMS to Drupal 9 for one big reason: to fuel their business growth! Drupal 9 offers the high-performance tools and features needed to take your business to the next level.

Let’s get started with understanding why migrating your CMS to Drupal is important, especially in terms of SEO:

  • Upgrading your CMS to the latest version of Drupal will bring more features, stability, and security to your website while also increasing the performance of your site by​​ using the latest technologies. 
  • Drupal allows for easy management of important on-page optimization elements like meta tags, URLs, meta descriptions, titles and others that are vital to enhance your ranking.
  • Drupal is SEO-ready straight out of the box! A variety of built-in and contributed SEO boosting modules that can be easily integrated with a Drupal website enhances its indexability. 
  • Drupal’s clean and well-structured code makes it easier for search engines to understand your website’s content.
  • The highly customizable nature of Drupal enables you to tailor it to meet your SEO strategy's specific requirements.
Should you be concerned about a migration affecting your SEO?

A migration involves moving and mapping all your website's content, data, and functionality from an old version to a newer one. It's like charting a new course to a brighter future.  And they are never going to be identical. A CMS migration when done right cannot be a cause for your SEO ranking to get affected. 

Ideally, a website redesign or CMS migration is risk-free when no URL or structural changes are expected. But let’s give you a few reasons when you should be concerned:

  • When you’re changing domain names and your new URL structure is completely different than the old one. This can cause search engines to see these pages as new pages and will lose the existing SEO juice.
  • When internal links are lost during migration due to various reasons like a change in the URL structure, content reorganization or any manual migration errors.
  • When the content is not migrated properly and leads to duplicate content.
  • When a migration causes broken links which can lead to bad user experiences and consequently a dip in SEO ranking.
  • When there are problems with the website’s crawlability and indexability because of technical errors during a migration.
SEO Audit - First Step to a Successful Migration

We cannot emphasize enough how important an SEO audit is before a migration. 

Just like you would thoroughly examine and fix your car before a big road trip to ensure a smooth and safe journey, an SEO audit can help you identify and avoid potential technical issues or SEO problems before a migration. It also allows you to plan for redirects, establish a baseline for measuring the impact on SEO performance and ensure current best practices.

What happens during an SEO Audit?

Your ideal Drupal agency should provide you with a comprehensive SEO audit checklist before planning the CMS migration. Read this article to find out how to evaluate a Drupal partner for your next project.

Here are some of the most significant elements that are analyzed during an SEO audit:

  • Check if robot.txt exists and is configured properly to make the website crawlable
  • Verify if sitemap.xml exists and is optimized
  • Clean URLs are enabled for SEO Friendly URLs
  • Appropriate meta information and tags are present for web pages
  • Check if structure data is enabled for the site.
  • Verify if a canonical URL set for all the pages
  • The titles and descriptions are optimized
  • Check for duplicate content
  • Check for broken links
  • Find out if analytics tools are present on the application for tracking
The Do's and Don'ts Do: Create a full backup of your website

Before you begin the migration process, make sure to create a full backup of your website to ensure that you have a copy of all your website's files and data.

Do: Benchmark current keyword rankings

Benchmarking old rankings is an important step when migrating a website to a new domain or URL structure. It helps you understand how your website is currently performing in search engines and identify any potential issues that may affect your SEO efforts after the migration.

Do: Benchmark organic traffic levels

It helps you monitor any changes in organic traffic after the migration and allows you to identify any issues that may be affecting your SEO efforts.

Do: Keep the same URL structure

Try to keep the same URL structure of your website, if possible. This will help to maintain the authority of your website and avoid any broken links

Do: On-page optimization

On-page optimization is crucial when migrating a website to ensure that your site is optimized for search engines and user experience. Here are some steps to take for on-page optimization during a website migration:

  • Update content
  • Optimize meta elements
  • Use header tags
  • Optimize images
  • Improve page speed
  • Implement structured data
Do: Use Drupal SEO Modules

Drupal is a popular content management system (CMS) that provides several SEO modules that can help with website migration. Here are some SEO modules you may want to consider when migrating a Drupal website:

  • Pathauto
  • Redirect
  • Metatag
  • XML sitemap
  • Google Analytics
  • Schema.org
Do: Test Contact form, Thank you Page, Conversion code

It is important to test all contact forms, thank you pages, and conversion codes while migrating a website. Here are some tips to help you ensure that these elements are working correctly after the migration:

  • Test all contact forms - Make sure to test all contact forms on your website to ensure that they are working correctly. This includes testing the form fields, validation messages, and submission process.
  • Verify thank you pages - Check that all thank you pages are working properly and have the correct URLs. Test them to ensure that they load correctly after form submissions or other actions.
  • Check conversion codes - If you have any conversion codes installed on your website, such as Google Analytics or Facebook pixel, make sure to check that they are working properly. Verify that the codes are firing correctly on the appropriate pages and that they are tracking conversions accurately.
  • Update any changes - If you make any changes to your contact forms, thank you pages, or conversion codes during the migration process, make sure to update them on the new website as well. This will help ensure that everything continues to work correctly.
Do: Update sitemap.xml and robots.txt

Update your Sitemap.xml and Robots.txt files to reflect any changes in your website's URL structure. Read more about sitemaps and Drupal’s XML sitemap modules here.

Do: Monitor performance

Monitoring a website after migration is an important step to ensure that everything is functioning correctly and to identify any issues that may arise. Here are some steps you can take to monitor your Drupal 9 website’s performance after migration:

  • Monitor traffic and rankings
  • Check for broken links
  • Monitor website speed
  • Monitor server errors
  • Test forms and conversions
Don’t: Delete your old site

We know already mentioned this in our Do’s but we can’t stress enough how important this step is! Even after the website migration, it is recommended not to delete your old site immediately. There are several reasons why you should keep your old site for a while. Like backup and recovery, content comparison and redirects.

Don't: Move to live before testing/reviewing it completely

It's important to thoroughly test and review the new site before pushing it live to ensure that it is functioning correctly and there are no errors or issues that could harm your SEO. By taking the time to test and review the new site, you can identify and fix any potential issues before they impact your rankings and traffic. Make sure you have completed these activities before pushing it to live:

  • Checked all links
  • Verified title tags and meta descriptions
  • Tested site speed
  • Verified site structure and content
  • Tested contact forms
  • Ensured that all content and pictures are present on the new page
  • Confirmed URL structure and 301 redirects are set up correctly
Don’t: Schedule migration during peak traffic stretches

To minimize the potential negative impact of a website migration, it is generally advisable to avoid scheduling it during peak traffic periods when the site is experiencing its highest levels of user activity. This is because any disruptions to the site's functionality or accessibility during these times could lead to a poor user experience and potentially harm your search engine rankings or revenue. Instead, consider scheduling the migration during a time when traffic levels are typically lower, such as weekends or overnight, to minimize the risk of disruption and ensure a smoother transition for your users.

What happens if there’s a drop in ranking after a migration?

Let’s get straight to the point. If you notice a drop in your SEO ranking after a migration:

  • Keep calm. Take a step back and reassess the situation. Many times the drop is temporary because search engines will need to re-crawl your website.
  • Check if this is happening due to an update in the algorithm
  • Use Google Analytics to identify the pages that have been affected the most and are getting the least organic traffic
  • Create a list of those URLs. Analyze these pages for URL structure, broken links, duplicate content, page errors, canonical URLs and other content changes.
  • Use a page performance testing tool like GTMetrix and check if the performance has been affected. Follow best page speed practices (optimized images, CSS and other files) to fix this issue.
  • If you have changed your hosting provider along with the migration, find out if there’s a performance issue because of the server change.
  • Make sure all the pages are indexible (at least the ones you want to rank)
Final Thoughts

A successful migration process starts with an in-depth analysis of your current website’s structure, content, and code to identify any potential SEO risks. During this analysis, you should also consider factors such as which CMS version you are currently running, the cost and timeline of the migration process, and how to ensure that your SEO rankings remain intact during the transition. Keep checking your index status in the search console to make sure everything is in order once the migration is complete. Finally, it always helps to communicate regularly with your new hosting provider to ensure that all the performance issues are taken care of in a timely manner. 

A CMS migration does not have to negatively impact your SEO ranking. In fact, a migration to Drupal 9 (or 10), can potentially increase your SEO rankings due to the improved speed and performance of your website. If you’re looking for a 100% Drupal-first company that specializes in Drupal migrations, then look no further than Specbee. Our certified experts have completed numerous successful migrations to Drupal 9 and can help ensure that your website remains SEO-friendly​​. Contact us today for a free consultation and find out how we can help you migrate with ease.

Author: Shefali Shetty

​​Meet Shefali Shetty, Director of Marketing at Specbee. An enthusiast for Drupal, she enjoys exploring and writing about the powerhouse. While not working or actively contributing back to the Drupal project, you can find her watching YouTube videos trying to learn to play the Ukulele :)

Email Address Subscribe Leave this field blank Drupal 9 Drupal 10 Drupal Module Drupal Migration Drupal Planet

Leave us a Comment

  Recent Blogs Image Migrate to Drupal 9 (or 10) Without Losing Your Hard-Earned SEO Ranking Image Get the Most Out of Apache Solr: A Technical Exploration of Search Indexing Image From Mother to Manager - Shreevidya’s Career Story Need help Migrating to Drupal 9? Schedule a call Featured Case Studies

Upgrading the web presence of IEEE Information Theory Society, the most trusted voice for advanced technology


A Drupal powered multi-site, multi-lingual platform to enable a unified user experience at SEMI


Great Southern Homes, one of the fastest growing home builders in the US, sees greater results with Drupal

View all Case Studies

Axelerant Blog: How To Shift-Left With Accessibility

1 month ago
What Is Web Accessibility?

Web accessibility is the practice of designing and building web solutions that everyone can use, no matter what limitations they have. This means that users with low or no vision, color blindness, trouble with motor skills, or inability to hear properly can use any accessible website or application.

Talking Drupal: Talking Drupal #388 - Valhalla Content Hub

1 month ago

Today we are talking about Valhalla Content Hub with Shane Thomas.

For show notes visit: www.talkingDrupal.com/388

  • Joining Netlify
  • Changes at Gatsby
  • What is a content hub
  • How does that differ from a content repo
  • What is Valhalla
  • How does it work
  • Data stitching with GraphQL
  • Can you massage / normalize data
  • Benefits
  • Privacy
  • Production examples
  • How is it structured
  • Do you have to use Gatsby
  • Integrations with Drupal
  • Timing
  • Cost
  • How to sign up
Resources Guests

Shane Thomas - www.codekarate.com/ @smthomas3


Nic Laflin - www.nLighteneddevelopment.com @nicxvan John Picozzi - www.epam.com @johnpicozzi Jacob Rockowitz - www.jrockowitz.com @jrockowitz

MOTW Correspondent

Martin Anderson-Clutz - @mandclu Entity Share You configure one site to be the Server that provides the entities, and content types or bundles will be available, and in which languages.

The Drop Times: Importance of Synergy

1 month ago

"The whole is greater than the sum of its parts," said Aristotle. It is especially relevant while talking about a free software ecosystem.

In functional logic, it is helpful to break up things into smaller units so that it becomes manageable. There would be more focus, and bugs are easy to be identified.

The non-core modules that follow the strict guidelines for quality code are the building blocks contributing to Drupal's greatness. The insistence on quality is what binds these compartments seamlessly. Each team has its role. But their collective can touch in many ways than these individual parts could deliver.

The synergy between different constituent units is paramount in a loosely knit community formed based on superior technology and grand philosophy. Entities working in this space should constantly meet in some way or another and be able to share their ideas to achieve this synergy. The DrupalCons and DrupalCamps are always facilitating this catchup game.

DrupalCon Pittsburgh Early Bird Registration is now open and is available through April 02. But the deadline to apply for a scholarship will end tomorrow. Early Bird Registration for the 6th annual DrupalCamp Ruhr will also end tomorrow. DrupalCamp Florida is now over, and here is a look back. Read our interview with Melissa Bent and April Sides, published as part of DrupalCamp Florida. DrupalSouth (New Zealand and Australia) has called for paper submissions for their upcoming event in Wellington. They have opened registrations for the camp, and the first 50 registrants will get an early bird offer. If you are eager to attend Drupal training, you can consider registering for the training sessions at DrupalCamp New Jersey. Fan tickets are available for DrupalCamp Poland. Here is a list of current sponsors for Drupal Developer Days Vienna. Some sponsoring slots for the NERD Summit might still be open. The four-day DrupalCamping Wolfsburg, fashioned as a BAR Camp, has limited tickets, and those interested could rush for registration.

This March, we have the DrupalCamp NJ and the NERD Summit coming up. MidCamp is in April. DrupalSouth Wellington, The Stanford WebCamp, DrupalCamp Ruhr, and DrupalCamp Poland will follow in May. Not soon after, we have the first annual DrupalCon of this year in Pittsburgh by the beginning of June, just after the DrupalJam. In the same month, we have Drupal Camp Asheville and Drupal Developer Days Vienna. Let these gatherings be an excellent start for your Drupal journey if you are new to the community. For those already here, it is time to synergize with the rest. That is for this week. Thank you.

Sebin A. Jacob
Editor-in-Chief, The Drop Times

CTI Digital: How Drupal Has Evolved to Make Content Editors Lives Easier

1 month ago

Drupal has come a long way since its inception as a content management system (CMS) in 2001. Over the years, Drupal has continued to evolve and improve, positioning itself as a top choice for organisations looking to build a dynamic and engaging online presence. 

One of the most significant changes in Drupal's evolution has been its focus on becoming more user-friendly for content editors. In this blog, we’ll explore some of the biggest changes that have occurred from Drupal changing its positioning to being more user-focused.

CTI Digital: Drupal Through The Years: The Evolution of Drupal

1 month ago

Drupal has long been known as a powerful and flexible content management system (CMS), but it’s also well known for its complexity. In the early days of Drupal, creating and managing content required a deep understanding of the platform, its architecture and many intricacies, making it challenging for non-technical users to navigate.

However, over the years, Drupal has made significant changes to become more user-friendly and accessible for content editors. In this blog, we’ll take a closer look at the evolution of Drupal and the changes that Drupal and the community have made to create a more accessible platform for content editors.

Consensus Enterprises: Aegir5 Development is Happening!

1 month ago
Aegir5 development is happening! We (Consensus) have been making steady progress on it over the last few years and are looking to kick off a new burst of focused development. Here’s a summary of progress that has been made so far and how you can contribute. First off, as you’re probably aware, Aegir5 is a complete re-write of Aegir. We are intending to build on all the great aspects of Aegir, while freeing ourselves from a codebase that is rooted in PHP 4.

ComputerMinds.co.uk: Drupal 10 upgrade: Defining the project scope

1 month ago

Let's define the scope and goals of our project to upgrade this very website to Drupal 10.

Essentially, that's it: we want to upgrade this website to Drupal 10 so that we can benefit from security releases etc. At the moment we want to do so with the minimum of effort, so I don't want to have to be writing lots and lots of code or changing fundamentally how the site works, but I am up for simplifying things if it gets us to a point where we have to maintain less code.

Since Drupal 9, major version upgrades now take this basic form:

  • Update your code to be fully compatible with the last version of Drupal, removing all deprecations: hard.
  • Upgrade to the new version of Drupal: easy!

I'm going to install and use the fantastic Upgrade Status module to get a detailed handle on what we need to change, upgrade and rewrite to get the site working in Drupal 9, but ready for Drupal 10. We'll use that as a basis to see what we need to upgrade, the best plan for each component and go from there.

Upgrade status - First pass

We previously have composer require'd the upgrade status module into our codebase, so after enabling and running the report, here are the major findings that concern us for this series:

  • We'll need to upgrade to PHP 8.x, the site is currently running on PHP 7.4.
  • We're using deprecated or obsolete modules that come with core and will be removed in Drupal 10. This is a rather scarily long list for us:
    • CKEditor
    • Color
    • RDF
    • Seven
    • Stable

But other than that, we're good to go from an environment point of view.

Contrib projects

Upgrade status breaks the list of contributed projects down into a few sections, those are:

  • Projects that need an upgrade that might make them Drupal 10 compatible:
    • Better exposed filters
    • Components
    • Disqus
    • Advanced link
    • Entity browser
    • jQuery UI Slider
    • Scheduler
    • Simple XML Sitemap
    • Twig Tweak
    • Webform
  • Projects that don't have Drupal 10 releases yet, so either require patches or work to get them to Drupal 10:
    • Entity Embed
    • jQuery UI Sortable
    • Kraken
    • Markdown
    • Social media share
    • Term Reference Change
    • Unified Twig Extensions
    • Video Embed HTML5
    • Weight
  • Projects that are compatible with Drupal 10 already, I'll not list those, but there are plenty already, it's great to see community support for Drupal 10.
Custom code

Upgrade status will scan your code and tell you if there are problems that can be spotted that will stop the code working with Drupal 10. This is static analysis, so isn't perfect, but is a really good start. We have a few custom modules doing very specific things on our site, but we have a custom theme, doing quite a lot of custom things, and that's where the main bulk of the issues the scanner found are, so we're going to need to set aside some time for that.


This site was built in the early Drupal 8 days, and we've not actually made too many changes since, specifically when we upgraded to Drupal 9 we basically did the smallest amount of work to get it there. How you'd typically handle media on a Drupal site has fundamentally changed since we built this site, in that you'd likely use the core Media module and add entity reference fields to your entities rather than adding image/file fields directly. However, we never had that luxury and never got around to changing our approach to use the core Media framework.

So, we're going to allow ourselves a bit of scope creep to do this 'sub project' given that the benefits are that we're going to be able to remove a bunch of modules: entity browser, file browser, etc. that will then mean that we don't need to upgrade those modules and our dependencies will be better supported: since they'll be in Drupal core. It's no slight against those modules, it's just that we don't need the functionality they bring, for our site today.

The scope/plan

So roughly the scope/plan is shaping up to be:

  1. Convert our file/image fields to core media, and remove entity browser, file browser, etc.
  2. Update our custom code
  3. Evaluate the remaining upgradeable contrib projects to see if we can remove them, and if not, upgrade them.
  4. Evaluate the remaining non-upgradeable contrib projects to see if we can remove them, and if not, work with maintainers to get them upgraded.
  5. Handle the core modules that have been marked as deprecated or obsolete.
  6. Upgrade the PHP version we use to run the site
  7. Get the site running in tip-top condition with the latest Drupal 9 etc.
  8. Do the Drupal 10 upgrade.

Then we'll have a shiny Drupal 10 install, ready for the next few years of security patching.

Golems GABB: What is Predictive Marketing?

1 month ago
What is Predictive Marketing? Editor Fri, 02/24/2023 - 16:41

Predictive marketing is a type of marketing that uses a large amount of information to predict customer behavior and needs accurately. It involves the analysis of all data to determine the best and most effective version of the marketing strategy. 
Based on a client's past shopping experience, marketers develop marketing strategies. Therefore, you can create more effective personalized ads in the future that will increase conversions. By forecasting correctly, you can also reduce customer churn and increase demand for your products or services. Stand out from the competition and stay ahead of the game by doing this.
Many famous companies have used predictive modeling in marketing for years because they have seen effective results. When analytics are adequately conducted, websites can increase their customers and orders. A business owner who has mastered predictive marketing can anticipate their target audience's needs and keep up with all current trends.

Palantir: Yang's DrupalEasy Fellowship Experience: Taking a chance on a career change

1 month ago
Internships and Fellowships

In this fourth part of a four-part series, Yang talks about her background, the projects she's worked on, and the vision for her professional future

There is no one way to change a career path. Palantir.net’s four most recent fellows - Paak, Tessa, Travis, and Yang - all joined us through the DrupalEasy program. With their different professional backgrounds and experiences, each offers a unique perspective into what interested them in Drupal and their journey to becoming integral members of Palantir.net.

In each of their written entries they share, among other insights, how they have each adjusted to a fully-remote workplace, how their own skills supported their success as a Fellow, and the importance of Palantir.net’s culture which encourages asking questions, remaining curious, and reaching out for help.

Here's Yang's story.

Where I Started

I was looking for a career change.

I was in the process of getting a nursing degree, but I wasn’t sure that’s what I wanted to do. A couple of years ago, a friend of mine suggested I learn to code.

When the COVID pandemic started, I had a lot of extra time at home (like many people!), and I started watching coding tutorials on YouTube. I found that I was fascinated by the idea of coding, so I took the initiative to learn HTML and CSS on Codecademy. Slowly - but surely - I went on to complete even more web development courses on Udemy. I had learned a lot but still found I didn’t have the confidence in my skill set to apply for any jobs in the field.

Earlier this year, my friend sent me a link about the Palantir.net Fellowship program to attend DrupalEasy. I wasn’t sure that I was qualified for the opportunity, but she encouraged me to apply. So I did.

And now, here I am!

The adventure of learning Drupal is like riding a roller coaster: I felt great one moment, but the next thing I knew, I was banging my head against the railing. Then, rinse and repeat. 

After 12 weeks of DrupalEasy, I had the opportunity to improve and apply my what I learned during my Fellowship at Palantir.net.

The Fellowship program is run by our talented Palantir.net colleagues, with a professional structure and many great resources that accelerate and support our Drupal learning. I also love Palantir.net’s culture, which is very transparent, collaborative, and co-creative. I have learned and continue to learn new things everyday from my coworkers. 

For me, the most important aspect of working here are the people. Everyone contributes, shares, and helps others develop their current skills and learn new ones. When I don’t know something, I feel free to ask questions. I learn from others and feel confident experimenting and making mistakes, learning and growing as I go. 

I’ll be honest: learning Drupal is harder than I thought, but the end result is incredibly rewarding. My advice to others who might be feeling daunted by learning Drupal or to code would be, don’t give up! Keep going! You can do this. 

Where I am Now

I know that every great programmer was once a beginner, and that is exactly where I am now.

In the future, I hope to be a great programmer and to pass my own knowledge to the very same community that helped me get where I am today.

There are a lot of talented, welcoming, and fun people at Palantir.net, and my goal right now is to learn as much as I can from others to become a full-stack developer. I am currently beginning to develop my personal skill set. I’ll be taking another PHP course in the near future to gain additional back-end knowledge. 

I know I still have a long way to go, but I look forward to learning new skills every day and applying them to real projects. In my opinion, consistency is the key to learning anything new and, over time, I am confident I will reach each goal I set for myself. I’m unsure whether my future holds being a full-stack developer, project leader, or something else. But the door to opportunity is wide open, and the only real way to get there is by doing the work. 

Fortunately, I am on the right path with the right people.

Community Culture Drupal People

Don't Panic: A blog about Drupal: 7 security modules for Drupal that you cannot live without

1 month ago

Drupal is known for its robust security features, making it a popular choice for websites that handle sensitive information. Drupal's security architecture includes multiple layers of protection, including secure coding practices, access controls, and input validation. However, even with these built-in security features, it's always a good idea to take extra precautions when it comes to website security.

One of the ways to improve Drupal's security is by installing security modules. These modules provide additional layers of protection and can help mitigate potential vulnerabilities in your site. While it's important to note that no website can be 100% secure, installing security modules can help make your Drupal site even more secure.

Drupal's security architecture is built around the principle of defense in depth, which means that it uses multiple layers of protection to guard against potential threats. For example, Drupal employs secure coding practices to minimize the risk of vulnerabilities in its core codebase. It also uses access controls to ensure that only authorized users can access sensitive parts of the site. Additionally, Drupal has built-in input validation to prevent malicious code from being injected into your site.

Despite Drupal's robust security architecture, there are still potential vulnerabilities that can be exploited by attackers. You know what they say - no software is 100% secure. Installing security modules can help mitigate these risks and provide an additional layer of protection. Some of the most popular security modules for Drupal include Security Kit, Password Policy, and Two-Factor Authentication. Each of these modules provides unique benefits that can help enhance the security of your site.

In conclusion, while Drupal is already a secure CMS, installing security modules can provide an additional layer of protection and help mitigate potential vulnerabilities. By taking proactive steps to improve your site's security, you can help ensure that your sensitive information remains safe and secure. Here I'll be listing seven modules I think you really should consider installing and setting up.

The listed modules are all recently updated and work with Drupal 9 and 10.

1. Password Policy

Password Policy is a module that allows you to enforce strong password policies for your Drupal site. With this module, you can set rules for password complexity, length, and expiration. Password Policy helps reduce the risk of unauthorized access to your site by ensuring that users are using strong and secure passwords.

If you build sites for other, then this is a must. If you build sites for yourself, then I hope that you set strong passwords for yourself.

2. Two-Factor Authentication

Two-Factor Authentication is a module that adds an extra layer of security to your Drupal site. With this module, users are required to provide a second form of authentication, such as a token or SMS code, when logging in. Two-Factor Authentication helps protect your site against brute-force attacks and ensures that only authorized users can access your site.

There is also the module Two Factor Authentication - 2FA / Passwordless Login, which has a recently released version, but I haven't tried that one.

3. Login Security

Login Security is a module that helps prevent brute-force login attacks on your Drupal site. This module limits the number of failed login attempts from a given IP address or user account. You can also configure Login Security to lock out user accounts for a specified period of time after a certain number of failed login attempts. By enabling Login Security, you can reduce the risk of unauthorized access to your site.

4. Automated Logout

Automated Logout is a module that logs users out of your Drupal site after a specified period of inactivity. This module helps reduce the risk of unauthorized access to user accounts by automatically logging out users who have left their sessions open. By enabling Automated Logout, you can enhance the security of your Drupal site and protect your user's data.

Good if you have a lot of users, if you are the only user then it can be quite annoying when having to log in now and then.

5. Honeypot

Honeypot is a module that helps protect your Drupal site against spam bots. This module works by adding hidden fields to your forms that are invisible to users but detectable by bots. When a bot fills out these fields, the submission is blocked, and the bot is prevented from accessing your site. By enabling Honeypot, you can reduce the risk of spam and protect your site's performance.

I have used this module for at least a decade, and no site with forms are complete without it. It really whips the spammer's ass, to paraphrase the old Wimamp slogan. 

6. Content Security Policy

Content Security Policy is a module that helps protect your Drupal site against cross-site scripting (XSS) attacks. This module allows you to specify which sources of content are allowed to be loaded on your site. By setting strict policies for content sources, you can reduce the risk of XSS attacks and ensure that your site's content is safe and secure.

7. Security Kit

Security Kit is a comprehensive security module that provides a suite of security hardening options for Drupal. This module helps protect your site against common security threats such as XSS, clickjacking, and CSRF. Security Kit also provides input filtering options, session security, and helps prevent the injection of malicious code into your site. With Security Kit, you can easily enhance the security of your Drupal site and reduce the risk of vulnerabilities.

When it comes to strengthening your Drupal site, backend-wise, this is the go-to module, IMHO.

So, there you have it. My seven recommendations for strengthening your site's security, in various ways. Let me know in the comments if you think these are good modules to install, or if you have other ways of improving the security of your Drupal site.

Debug Academy: The Popular "Become a Drupal Architect Series" Course Starts Soon

1 month ago
The Popular "Become a Drupal Architect Series" Course Starts Soon What is the Architect Series?

Debug Academy created the Drupal Architect Series, a set of five 2.5 hour classes, because we know there are many ways to build a functional website, but not all ways are created equal. And making the wrong choice can lead to long-term headaches when faced with performance, security, caching, or data structure issues.

And it's not your fault. The options are many and can be overwhelming.

Drupal Association blog: The DrupalCon Experience - Birds of a Feather (BOF) Sessions

1 month ago

DrupalCon Pittsburgh 2023 is approaching fast! If you haven’t been to a DrupalCon before, Pittsburgh will be a great opportunity to experience the event. You will have the opportunity to connect with other developers, designers, content creators, and business leaders who use Drupal to build websites and digital experiences. DrupalCon offers a range of sessions, including hands-on workshops, technical talks, business case studies, panel discussions, and Birds of a Feather sessions providing attendees with the latest information and best practices for using Drupal to build some of the world's most innovative digital experiences.

What are Birds of a Feature (BoF) sessions?

"Birds of a Feather" (BoF) sessions are formal roundtables or informal gatherings of attendees who share a common interest or topic. They are usually organized during conferences and provide a space for attendees to network, discuss, and exchange ideas and experiences on a specific subject. Unlike normal sessions, BoFs are not typically led by a speaker or panel. They are more of an open discussion among participants. At DrupalCon, BoF sessions can cover a wide range of topics related to Drupal, including technical issues, business challenges, community initiatives, and more.

Why should you attend BoF sessions?

Attending Birds of a Feather (BoF) sessions at DrupalCon is a great way to enhance your conference experience. They provide opportunities to learn and engage with other attendees at the conference. They provide a relaxed and informal setting for attendees to connect, learn, and grow. As an attendee, here are four ways BOF sessions can benefit you at DrupalCon Pittsburgh 2023:

  1. Networking: BoFs provide a platform for attendees to network with others who share similar interests and challenges, creating opportunities for building new relationships and collaborations.
  2. Knowledge sharing: BoFs allow attendees to exchange ideas, experiences, and best practices on specific topics, providing a deeper understanding of the subject and helping attendees to stay up-to-date with the latest developments.
  3. Community building: BoFs contribute to the sense of community at a conference and help to foster a supportive and inclusive environment for attendees.
  4. Personal growth: Attending BoFs can help attendees expand their knowledge and skills, and also provide new perspectives on their work and challenges.
When will BoF sessions happen at DrupalCon Pittsburgh?

Birds of Feather sessions happen all day every day of the conference and sessions often run concurrently with other programming. There are designated areas where the BOF sessions are held and a schedule is usually posted outside of the area for sign-ups.

How do I find out about BoF sessions?

In previous years, Birds of a Feather sessions were organized organically at the conference, and they provided ad-hoc meeting areas for informal sessions. This year at DrupalCon Pittsburgh, the Drupal Association is taking session submissions for BOFs to provide more visibility into topics and spread awareness. The Birds of a Feather schedule will be posted one month prior to the conference on the DrupalCon Pittsburgh website, and there will be write-in slots available on-site for ad hoc BoF sessions.

Birds of a Feather sessions are a great way for attendees to take advantage of networking and learning opportunities to make new connections and strengthen existing relationships within the Drupal community. Have a session you are interested in submitting? Submissions are open until the slots are filled! Submit your Birds of a Feather session today.

10 minutes 7 seconds ago
Drupal.org - aggregated feeds in category Planet Drupal
Subscribe to Drupal Planet feed