Drupal

OpenSense Labs: Best Drupal 8 Security Practices to Follow

Planet Drupal - 11 June 2018 - 4:38am
Best Drupal 8 Security Practices to Follow Akshita Mon, 06/11/2018 - 17:08

Even though security remains one of the major concerns for an organization, the implication of new technologies has at the same time broadened and complicated the understanding of the term. 

Security is no more about working in isolation. 

Recent events such as Drupalgeddon 2 in March and other subsequent security releases in April – marked critical – have once again brought the question ‘Is Drupal Secure?’ to the center-table. Drupal is among those few open source projects popular for their security with a dedicated team working on to improve it. However, there are still sometimes when the security of your Drupal website is under the impression of threat. 

Security is a vast area of expertise and it is quickly changing with time. No more is it about one person working in isolation or an expert who can understand all the aspects. 

While the list of do’s and don'ts is extensive and exhaustive to keep up with the threats, vulnerabilities and mitigation strategies, here are the top seven Drupal security practices to follow in order to keep up the health of your website. 

And Aristotle once said...

The aim of the wise is not to secure pleasure but, to avoid pain. Seven Drupal 8 Security Practices Securing the Server-side Hosting Environment

Before starting off with the general security hacks and tips, you need to secure your server-side hosting environment. Here are some points to keep in mind before moving to securing your core. 

  1. Protect the server: Only a limited number of users must be allowed to access your server. One of the key points is to add a basic layer by restricting the access to server login details. Once the authentication is set up, it is easier to monitor server access and restricting file access usage. This can help you detect unusual activities.
     
  2. Hide the server signature: Server Signature needs to be hidden as it reveals an important piece of information about the server and operating system. It can let a hacker know if you are using Apache or Linux - information which can be utilized as a vulnerability used to hack the server. In order to keep the server secure from possible vulnerabilities, you need to hide the server signature. 
     
  3. Enable port wise security - Since the applications use the port numbers, it is important to keep certain port numbers hidden from general access. 
Securing the Drupal Core
  • Keep your Core Updated
    A key practice, keeping the core updated will always be the first when listing healthy security practices. And this was the first lesson we learned from the Drupalgeddon2. Always look out for core updates (include the minor releases as well) unless security is not on your agenda. In all of its advisories, the Drupal Security Team asks for updating the core version of the system. 

    If you fall a long ways behind the latest update, you are opening yourself to vulnerabilities. Since history tells us that hackers target the older versions.

    Look out for core updates. Follow the Drupal security team @drupalsecurity on Twitter. Get quick updates and announcements from the team through the emails and security newsletter. You can also follow Security Group in order to contribute and stay part of the security discussions. 

    Another important point to note here is when updating the core - ALWAYS keep a backup of your site's database and codebase. We will discuss this security practice later in the article. 
     
  • Security by Design
    As a matter of fact, every stakeholder wants security to be a simple concept, sadly it isn’t. One of the biggest misconceptions here would be that investing a hefty sum post development would ensure a secure system. However, it is never the case. 

    The best practice to follow is at the architectural level when the website is being designed. 

    Security by Design ensures that designing the software up by the ground to be secured in order to minimize the impact of a vulnerability when discovered. Pacing up your security from the foundation - is the key. It implies following the best security practices at the architectural level instead after building the website. 

    When the foundation of the design remains secure regardless of a reasonable approach adopted later, you can tackle the issues easily. A uniform methodology needs to be adopted to protect the assets from the threats. 

    Once the requirements have been collected, the architecture can be laid out and other elements can be discussed later like trusted execution environment, secure boot, secure software update among others.
"The key to security is eternal vigilance"
  • Use Additional Security Module
    When covering security, there is nothing as better than equipping yourself with more and more. To keep the walls up high, you can use the additional security modules like security kit, captcha, and paranoia. Drupal Security Review can be used as a checklist to test and check for many of the easy-to-make mistakes making your site vulnerable.  

    You can also look out for a List of Must Have Security Modules to prevent you from becoming the next victim of a potential cyber attack. 
     
    • Security kit
      SecKit provides Drupal with various security-hardening options. This lets you mitigate the risks of exploitation of different web application vulnerabilities such as cross-site scripting (XSS), Cross-site request forgery, SSL, Clickjacking and other. 
       
    • Captcha
      A CAPTCHA is a reaction test put in the web structures to eliminate entry by robots. It helps in protecting your website’s contact and sign up forms asking you to prove your credibility as a human with a bizarre sequence of characters, symbols, numbers and sometimes images.

      Often they thwart you from accessing the content. Quite the irony, their purpose is contrary to what we reckon about them.

    • Paranoia 
      Paranoia helps you identify all the vulnerable issues/ places from where a potential leak is possible. It alerts the admin when an attacker tries to evaluate the PHP script via the website interface. 

      It helps in blocking the permission for the user to grant PHP visibility and creation of input formats that use PHP filter.

      It also prevents the website to grant risky permission, mostly the ones that involve leaking the script information.  

    • But Use only Security Team Approved Modules 
      Your site probably uses a number of contributed modules, although that’s not an issue. Using the stable and approved modules is where the key lies. This is especially worth noting for contrib modules which are more susceptible to vulnerability. 

      Always look out for the green batch when downloading a contrib module. Rest, as the advisory reads, Use it at your own risk! An example of security team approved module with a green batch An example of a vulnerable module
    Backing Up - In Case of a Mishappening
    • Keep Up your Backup
      Catastrophes never come invited. While all seems perfect, you might wake up to find out that your website has been taken down by some psychotic hacker. Although it is an unforeseen event, you can definitely arm up yourself.

      As an administrator, you have to be prepared for all of such uninvited events. They can be controlled and the damage minimized by strengthening security, frequent backups, installing updates in a timely manner.  

      We cannot stop disasters but we can arm ourselves with better security and backups. Hosting by Acquia cloud or Pantheon provide automated daily backups of your site’s database, files, and code plus single-click restoration if something goes wrong. 

      You can also use the Backup and Migrate Module or Demo Module because unlike life your Drupal website has the option to go back for some changes. 
    User-Side Security
    • Follow a Standard Practice with a Strong Password Policy
      Passwords are used at both admin and user level, therefore strong and secure passwords are important for your website. When I say strong password should be used I have nothing against short and easy passwords. Easy should never imply less efficient

       A string like Mypassword123 will prove acceptable but is obviously weak and can easily be brute-forced.

      The best practice? Your password should provide realistic strength in terms of measurement and complexity. A password must only be allowed as long as it proves to be of high enough entropy with a combination of characters, alphabets - uppercase and lowercase, symbols, and numbers.

      Start checking passwords on explicit rules and amount of varying character types to be used (symbols, numbers, uppercase letters, etc). 

      Password Strength - a Drupal module - classifies the expected brute-force time for the summed entropy of common underlying patterns in the password. Patterns that can be detected in passwords include words that are found in a dictionary of common words, common first and last names or common passwords. 
    Your password can make the difference between a vulnerable and a hard-to-hack Drupal site.

    While there will always be some new thing to add to the list, you can be sure that this list comprises of the core practices which need to follow. The protocol for communication needs to be clear and well documented. Properly documented procedures are important, as third-party services can often be manipulated.

    In need of a security update or services? Drop a mail at hello@opensenselabs.com and let us help you out. 

    Site builders and developers need to keep an eye open for the possible when security releases are announced and apply them quickly, to ensure the site is not compromised. It is good to be consistent and have your reasoning documented so that it is clearly understood.

    blog banner blog image Blog Type Articles Is it a good read ? On
    Categories: Drupal

    OH

    New Drupal Modules - 11 June 2018 - 3:52am

    OH is an alternative office hours / opening hours solution.

    Categories: Drupal

    Valuebound: How to highlight search results in Search API Solr View in Drupal 8

    Planet Drupal - 11 June 2018 - 2:15am

    In Search API, there is a field for a search excerpt that you can use on field views to highlight search results. In this article, I’m going to show you how to enable excerpt and set it using views. Here I’m assuming that you have already set the Search API module and has a Search API Solr view.

    Follow the steps:

    Go to Manage -> Configuration -> Search and Metadata -> Search API.

    In your search API index ‘processors’ tab, enable Highlight Processor as shown below.

    Categories: Drupal

    Roy Scholten: Implementing IndieWeb on your personal Drupal site, part 1

    Planet Drupal - 10 June 2018 - 2:53pm
    Sub title

    Laying the foundations for POSSE

    /sites/default/files/styles/large/public/20180610-indieweb.png?itok=KzjgwAsG

    This is my version of the steps you need to take to make your site part of the indie web community. Swentel helped me getting it all setup on this here Drupal site using his indieweb module. It’s all a bit complicated still, so this is mostly me trying to retroactively understand what’s going on.

    As it says on the site, the IndieWeb is a people-focused alternative to the corporate web. Its main tenets:

    1. Ownership – your content is yours, it should not belong to a corporation.
    2. Connection – starting from your own site you can share your content to all other services.
    3. Control – post what you want, in the format you prefer, using your own URLs that you keep permanent.

    While 1 and 3 are essential and relatively easy to achieve (use your own domain and post your content there), it’s number 2 that is the most alluring.

    Owning your stuff and being able to share it across multiple platforms combines ownershop with reach. This is what “POSSE” is all about: Publish (on your) Own Site, Syndicate Elsewhere. Drupal lead Dries Buytaert has written several posts outlining his POSSE plan.

    Getting started

    This “Connection” part of indieweb publishing is also the most complicated. There are quite a few moving parts to getting it all up and running.

    For Drupal sites, the setup for the community/sharing/syndication parts of indieweb publishing has gotten much more accessible with the release of the IndieWeb module created by swentel. It doesn’t necessarily reduce the number of things to set up, but it provides a centralized UI for all of them: Webmentions, Microformats, Feeds, Micropub, IndieAuth and Microsub.

    Before going over the details of configuring the indieweb module itself, we have to take care of some basics first.

    Introduce yourself (right on)

    To own your content on the web, you have to establish that you are in fact, you. That’s why IndieWeb starts with having your own domain and posting some initial content there. Important part of this initial content is a specific bit of HTML that establishes you as the author and owner of things published on this particular domain:

    Roy Scholten

    The specific part here is that “h-card” class added to the anchor tag. This “h-card” is one of a collection of so-called microformats. With microformats you give more structure and semantics to information presented in HTML. In this case, h-card is the microformat to use for publishing information about people or organisations. We’ll need to add other microformats to (blog) posts you publish on the site, but that’s for later.

    To do in Drupal

    The indieweb module does not (yet?) handle adding this information to your site. Add your version of the HTML snippet above to a (new or existing) Drupal block. Place that block to be visible on your homepage. The site footer or maybe a sidebar are obvious places you can put it. Mine’s in the footer below.

    You can check if all is fine with https://indiewebify.me/validate-h-card/. Enter your domain name there and it will report back with what it found and suggest additional elements you could add to enhance your h-card.

    Even without posting any other content to your own site, you now have your own space on the indie web and setup your identity in a way that you own and control.

    Next: add links to your existing social media accounts

    You’ve seen those signup forms that let you create an account by using your existing Google, Facebook or Twitter account details. In this step, you configure your own domain to be your IndieAuth identity. This lets you use your own domain to sign in to other sites and services.

    There are not many sites outside the indieweb circles itself that offer this, I think. It’s still useful to do this though. You’ll likely want to use some of these indieweb services, especially to automatically share (links to) your content on other platforms like Twitter or Facebook.

    To do in Drupal

    Detailed instructions are here. In short:

    Add links to your other profiles and add the rel="me" attribute. Might as well add this to that h-card block you created in the first step. For example:

    @royscholten on Twitter

    If you have a Github account, that’s also a good one to add.

    To do on the external sites you link to

    Link back to your homepage from your profile page on these services. The indieweb wiki has direct links to edit your Twitter and Github profile.

    Then, try logging in to indieweb.org to see if it all works.

    So far, so good,

    So what? By establishing your identity on your own domain you stake out your own spot on the internet that you control. With this set up, you have created an environment for publishing on your own site and syndicating elsewhere.

    Next time: configuring the indieweb module to start sending and receiving webmentions, the indieweb catch-all term for comments, likes, reposts and the like.

    Tags indieweb posse drupalplanet
    Categories: Drupal

    JSON API Include

    New Drupal Modules - 10 June 2018 - 3:58am

    Add include data to relationship of JSON API output.

    Categories: Drupal

    Clarion Date

    New Drupal Modules - 9 June 2018 - 2:34pm

    This package provides a service for dealing with SoftVelocity's Clarion standard dates. A Clarion standard date is the number of days that have elapsed since December 28, 1800.

    Categories: Drupal

    Custom Permission

    New Drupal Modules - 9 June 2018 - 11:20am

    Allow administrators to create custom permission keys. The custom permission keys can be used in views permission control (for example) to achieve fine tuned user access.

    Categories: Drupal

    James Oakley: Moving from Piwik to Matomo on Drupal

    Planet Drupal - 9 June 2018 - 3:37am

    I'm a big fan of Piwik, an open source analytics suite. Think Google Analytics, StatCounter, Sitemeter, etc. … only self-hosted an open source. There are many benefits of using it:

    Blog Category: Drupal Planet
    Categories: Drupal

    Simple Modal Entity Form

    New Drupal Modules - 9 June 2018 - 1:44am
    About this Module

    The Simple Modal Entity Form module provides a way to edit (content) entities in a modal.

    Featrues:

    1. Views fields (edit and delete links)
    2. Action Links (See instructions)
    3. Specifying form display modes
    Instructions

    The operation links for editing and deleting entities are automatically added to the Views UI.

    To add an action for a 'modal' entity form, add the following to your module.action.yml file:

    Categories: Drupal

    Ashday's Digital Ecosystem and Development Tips: Decoupled Drupal: Ashday has gone React!

    Planet Drupal - 8 June 2018 - 12:00pm
    Decoupled Deschmupled

    Like many folks in the Drupal space we've been closely following the Decoupled Drupal conversation for the past few years, and occasionally a part of it.  And, again like many folks in the Drupal space, until recently we had felt that it was somewhat in its infancy and a lot of tough questions still remained as to whether it was even a good idea. The SEO implications have not been entirely clear, the impact on estimation has also been very hard to nail down, which decoupled framework to go with has not at all been a consensus, and what Drupal’s exact role is in the decoupled site has not been clear either. 

    Categories: Drupal

    Axelerant Blog: Women at Axelerant: Chapter Three

    Planet Drupal - 8 June 2018 - 6:12am


    I sat down to speak with the amazing women of Axelerant, and they each shared their unique perspectives about what it's like being professionals in their field. In this chapter, Swati, Hetal, Priyasha, and Aliya expound on this—and in their own words.

    Categories: Drupal

    Hybris Integration

    New Drupal Modules - 8 June 2018 - 5:38am

    Initial works on the Hybris + Drupal Integration

    Categories: Drupal

    OpenSense Labs: How To Devise Your Content Strategy With Drupal

    Planet Drupal - 8 June 2018 - 5:01am
    How To Devise Your Content Strategy With Drupal Shankar Fri, 06/08/2018 - 17:31

    Content is the fulcrum of any enterprise that gives them the tensile strength to build a robust online presence. Having the right approach towards delivering astounding content involves plenty of effectual content strategies in place. Drupal 8 is your one-stop destination for building an efficacious content strategy with its out-of-the-box capabilities.

    Source: Getty Images

    According to a research by LinkedIn, 72 percent of the digital marketers have a content strategy in place of which 30 percent are the documented and the rest non-documented.

    Before we look at the ways of forming a blueprint for content distribution, let’s see what are the various models of disseminating content.

    Content dissemination

    Every organisation has a different need for content distribution plan and requires different kind of content dissemination. An organisation may have a primary global site that contains the most of the content. This might have to be distributed to different secondary sites if it is a large organisation with a global presence. Even some external sites might be receiving the content from the primary site. It is also possible that these secondary sites would be sharing the content with each other through a peer-to-peer network.

    Primarily, organisations adopt either of the top content distribution models namely, centralized and decentralized models.

    Centralization

    This involves a primary site that acts as the main activity hub when it comes to content production. Large enterprises would have the dire need of such a website which would pass on the content to its global sites or product sites. Thus, this helps in maintaining the brand consistency during cross-channel marketing campaigns.

    Source: Acquia

    It is possible that one of the secondary sites may have a relevant information on the subject. Primary site may need to import important information from its sub-sites so that it can then distribute it to the other secondary sites. In any case, in the centralized model of content dissemination, content is propagated through a primary site to the global sites.

    For instance, the website of United Nations is powered by Drupal. It has a global presence with member nations from across the globe. To meet their needs, it has dedicated country sites that comprises of unique digital marketing teams. So, if a new agreement has been signed on by influential nations on combating climate change, a digital marketer can push the information out to the secondary sites via a primary site thereby publishing the content to both primary site and its secondary sites spread across the nations.

    Another very good example is the Planet Drupal, which displays the aggregated list of feeds about Drupal posted around the globe. Drupal.org, Groups.Drupal.org and several other sub-sites may find several absorbing contents fit into its topical sections. Planet Drupal provides the platform to share interesting, relevant and highly useful Drupal-related informative blogs.

    Decentralization

    It is not always the case where a primary site would be distributing content to additional sites. What if there is no such main site to propagate the information to the secondary sites? Independently run sites can share content with each other through a peer-to-peer model of content dissemination.

    Source: Acquia

    For instance, an organisation from media and publishing industry can have several regional sites. So, in a country like India, with a diverse and multi-linguistic culture, a digital media might have independently run regional sites. If a regional site in Chennai, a metropolitan city in India, is running a cover story of the citywide celebration of a festival, their national television channel can reuse that coverage of festival to be posted on its site.

    It is doubly important to choose the right model of content distribution for your organisation’s needs and its success. It is also significant to have the best content strategies in place in addition to the continuous flow of wonderful content.

    Constructing effectual content strategies Source: Contently

    A question on Quora reads, “How do I develop content strategy?”. It involves identification of roles and workflow to find out who does what, formulation of standard guidelines to be followed by content producers, repurposing available content on your site, and using the best tools and technology available.

    Source: ContentlyHammer out the finer details of your objectives

    Before you commence with the proceedings involving content production, you need to be smart and have the right set of goals and plans for the creation of superabundance of content.

    • Being succinct: Make sure that what you plan is precise, specific and succinct.
    • Relevancy: Your objectives should be relevant to your business. So, if you are a Drupal agency, in addition to Drupal related content, you can explore many other technologies that can work together with Drupal.
    • Being realistic: Setting goals that are attainable would serve you the purpose better. If your Drupal agency has been churning out 30 blogs per month, setting 100 blogs per month would be too drastic.
    • Trackable: Your objectives should be measurable. So, if you want to boost your social media presence, formulate a goal that focuses on increasing it by X percentage so that you can measure your achievement rate.
    • Time constraints: You should have a goal that is time-bound. You should be able to adhere to the timeline set for the particular task.
    Define your target audience

    A proper persona research would help immensely to build content that is ideal for your users. For the creation of optimal content, you should know who your customers and prospects are, what are their interests and concerns, and what sort of content do they want to consume.

    Source: Online Marketing Institute

    Start off by developing the persona research for existing user base. Pen down user profiles like their name, job role, industry information and demographic details. Once you do so, try to gauge what information are they searching for, their needs and challenges.

    Assess your content

    Performing a content audit would help you in re-organising your existing content. Always review your existing content to see what can be repurposed or reused.

    Instead of spending a lot of your time in creating or recreating something, content assessment can help in identifying gaps in the existing ones.

    Choose the right Content Management System

    Selecting the best CMS to power your website can pay dividends. Drupal 8 should be your goto CMS when it comes to choosing the best content-friendly framework.

    Source: Bluehost

    Its amazing themes offer the best UX to the content editors. A plethora of custom and contributed modules assist in customization of your site as per your needs and help hugely in content publication. It can of great use for content analytics. For instance, Real-time SEO for Drupal recommends automatic alterations that can boost the SEO of the content that is going to be published.

    Prepare a super list of topic buckets

    Brainstorming on content ideas can be effectively done through tools like Buzzsumo, Feedly, Semrush and many more. Once done, start preparing a topic cluster to construct a super list of relevant content based on the parameters like search volume and long tail keywords.

    Rummage through the content types

    A plenitude of content types can be derived, after the super list has been prepared, to work upon. Determining the sort of content you should be using would depend on different stages of buying cycle of the prospects.

    • Brand awareness: The prospects would rummage through your products and services, understand your brand value and try to gauge whether they have the need for your product.
    • Identification of problem: Prospect might figure out the problems and start researching about the possible solutions thereby coming across your products.
    • Comparing available options: Prospect can compile the list of vendors and validates these options.
    • Decision-making: After the comparison of different options, the prospect can start deciding which one to choose from.

    Once the different stages of buying cycle are figured out, it is time for mapping what sort of content type would suit best for each of the stages. An illustration below shows the types of content that can be identified with different stages.

    Source: Hubspot

    Drupal can be of great use to build these content formats. Let’s see some of them.

    Posting blogs: Posting blogs on your website on a regular basis is of utmost importance. Blog posts should provide valuable information to your readers ranging from long form to short form blog types. Drupal provides options for posting different types of content on your website. Whether it is business-centric article or an interview of a CEO from a renowned company, Drupal has the provision for posting different sorts of content.

    Developing infographics: Another great way of producing content is the infographics that provide graphical information to convey an information clearly and quickly. Drupal offers a lot of modules that can help in embedding images with infographics in your blog posts. For instance, colorbox, a Drupal module, can help in displaying an image by overlaying it above the current page.

    Embedding videos:  A research by Hubspot, as can be seen in the stats below, shows that video is increasingly becoming the most influential and preferred medium of content. Drupal has plenty of modules that can be used for producing videos and embedding them in the blog posts. For instance, CKeditor Media embed module can help in embedding videos, images, tweets that are hosted by other services.

    Creating Podcasts: Edison research, in one of their studies, reports that 57 million people listen to podcasts every month.  If you have interesting presentations, want to share the latest information on your products and services, or have some amazing conversation with industry leaders, podcasts are the way to go. Drupal 8 module, RSS SimplePodcast, lets you create simple podcast RSS.

    Content Governance

    Governing the publishing of content is one of the foremost things that content editors need to take care. Having the provision for publishing the content should be hassle-free. You should not only be able to publish your blogs posts but also be able to schedule it as per your organisation’s workflow and your convenience. Scheduler, Drupal 8 module, helps in publishing or unpublishing a content at a particular date and time.

    Content editors should also have to administer the publishing of content other than their own sites. Creating original content for an online content portal like Medium would be really helpful in spreading the content to bigger and relevant audience. Also, publishing the content on social media sites like Twitter, LinkedIn etc. can help in targeting more eyeballs.

    Conquering challenges

    Strategizing the content flow can be rewarding but it does have its fair share of hurdles.

    • Construction of right content for the audience can be hassling.
    • Churning out the right amount of content can be tricky.
    • Looking up for a specific content from the wealth of content on website can be strenuous.
    Source: HubspotDrupal 8: Ultimate choice for content strategy

    It is of paramount importance that you choose the right CMS for your business when it comes to producing a great content efficaciously. Drupal offers the belligerent support needed for content-heavy websites.

    APIs as a core feature

    Business enterprises can choose Drupal as the central content repository getting the best out of its rich content structuring, content creation, and administration provisions. Drupal provides the best way to curate, build, and publish content through APIs as its core feature. It makes multi-channel content distribution much easier.

    Web personalization

    Drupal has the means for enabling web personalization that helps in understanding the interests of the users, tailoring the website to accommodate their profile and, offer them the best content that is relevant to them.

    Source: WhiskData

    Acquia Lift Connector, Drupal module, helps in the unification of content and the insight collected from several sources about the customers for delivering in-context and personalized experiences across multiple platforms.

    Intelligent content tool module, supported by Opensense Labs, helps in auto-tagging, text summarization and finding content duplication.

    Multilingual capabilities

    Drupal 8 has out-of-the-box multilingual capabilities that help in building websites in more than 90 languages. With in-built modules for language handling, interface translation, configuration management, content translation, Drupal 8 can of great help in building multilingual sites easily. This helps in tailoring user experiences by translating the content in their own language.

    Mobile-first approach

    Drupal 8 is responsive out-of-the-box. That means the mobile-first approach is a core part of the Drupal framework. It comes with a plethora of fully responsive themes that enables it to work efficiently across platforms. Your content would look exactly the way you want on computers, tablets, and smartphones.

    Content strategy project for Drupal.org

    Drupal.org Content Working Group met for a two-day workshop in 2014 to get the team from Forum One, content strategists and user experience designers, to build a content strategy for the official Drupal website.

    Why is content strategy formulation needed?

    Drupal.org is the hub of Drupal and its community. It is the main source of code, Drupal-related information and collaboration among the community members. From project managers to web developers, everyone contributes towards its development and betterment. Organisations from a wide array of industries like governments, nonprofits, and Fortune 500 companies have been using Drupal for their business needs.

    What were the objectives of this initiative?

    One of the first things that they wanted to improve was the quality and the relevancy of the content available on the Drupal.org website. They also planned to reframe it around all the user roles and proficiencies to address all the audiences. Moreover, their objective was to develop a content governance for the site and improve user engagement within the Drupal community.

    What were the steps taken to improve content strategy?

    Content Working Group and Documentation Working Group of Drupal identified some gaps and put forth some fixes as part of their content strategy for the site.

    • With over a dozen content types, more than a million pieces of content, much more taxonomy terms and views that represent displays of data, thousands of forum topics, projects (including modules, themes and distributions) and issues associated with these projects, Drupal.org had a lot of content.
    • They took steps to break down these content types into more meaningful content types. For instance, a book page content type can be anything ranging from documentation to resource guides. Thus, this had to be broken down into relevant content types so that the new users can find information more easily.
    • Moreover, a dearth of marketing materials was noticed. They pledged to create content to promote Drupal 8 among the likes of CIOs, CTOs, managers, and business decision-makers.
    • A content audit was needed to be performed regularly. They zeroed in on what sort of content could be archived, what can be removed, and what can be updated. Content mapping was done as well to figure what content they have on the site and what sort of content would they need that would assist in building better information architecture for the new users.
    • They analysed and tested the user experience for creating and maintaining the content on the site.
    Tools and technology for content strategy

    Understanding the significance of formulating a master plan for producing content on your website can have dramatic metamorphosis for your business. Now, that we have understood the importance, we need to look for the right technology stack that can help out attain our goals.

    Integration of CMS and DAM

    Content Management System (CMS) like Drupal is primarily designed to build, publish and handle the content on your website. A Digital Asset Management (DAM), in contrast, is highly useful for governing the digital rights and the storage of media content like photos and videos. Integrating DAM capabilities into the CMS can be a big boost for your content endeavours. For instance, integration of Drupal with Acquia DAM, a cloud-based DAM, cam improve brand consistency with the usage of rich media content.

    Project management

    Usage of project management tools like JIRA, Workbench or InMotionNow can help in imbibing an agile approach to your content workflow, incorporate editorial calendar for effective content management and also help in the proper planning of content production.

    Content analysis

    Integrating business intelligence and analytics tools like Tableau and Google Analytics would help in compiling reports on your content marketing efforts and assist in the assessment and measurement of your website content.

    Future of content strategy

    With an enormous presence of disrupting technologies promising to streamline the way existing technologies manage our workflow, curating and distributing content on your website can benefit from some of the future technological advancements.

    Virtual reality

    A Statista report states that by the year of 2022, the market size of virtual reality would amount to 209.2 billion US dollars. Virtual reality can be a great option to produce immersive content for your content marketing campaigns. For instance, IKEA introduced their customers a way of virtually exploring the living room rather than just looking at their products at the store.

    A fictional site of Massachusetts State University was built on Drupal 8 that would help students to take a virtual tour of the University from their website.

     

    Artificial intelligence

    To make your content production more predictive, personalised and relevant, AI can be of great help. For instance, Amazon Rekognition helps in integrating photo and video analysis in your application and lets you identify which influencers are generating more user engagement vis-à-vis various product categories.

    Native advertising

    You might have noticed some form of paid advertisement while reading e-newspaper where the content seems similar to the native content of the platform. Native advertising can play a big role in the content marketing tactics in the future. Almost 60 percent of US digital display ad spending would be done through native advertising.

    Live streaming

    Another form of content dissemination is the live streaming which will grow immensely in the coming years. It is more like a real-life conversation where audience can pose questions and get responses in real-time thereby increasing user engagement. Viewers spend 8 times longer on a live streaming video content than the on-demand videos.

    Conclusion

    Creating cornucopia of content is a great deal of work. Producing content smartly by devising right strategy to disseminate content across channels is the way to go. Drupal has been pioneering in the effective distribution of content and can be a great option to embed your website with the best of content.

    Ping us at hello@opensenselabs.com to implement the best content strategies for your Drupal site.

    blog banner blog image Blog Type Articles Is it a good read ? On
    Categories: Drupal

    sweetalert2

    New Drupal Modules - 8 June 2018 - 4:13am

    Integrates the SweetAlert2 plugin to act as a modern replacement for JavaScript's alert.

    Usage

    In a custom theme or module, you can trigger a Sweet Alert within your javascript by invoking it directly and providing it whatever options you want to use:

    swal(
    'Good job!',
    'You clicked the button!',
    'success'
    );

    Categories: Drupal

    Communications

    New Drupal Modules - 7 June 2018 - 6:20pm
    Categories: Drupal

    James Oakley: Security and Performance: Remove old Modules

    Planet Drupal - 7 June 2018 - 1:49pm

    Yesterday, the Drupal Security team issued a Security Advisory for the Mollom module, SA-CONTRIB-2018-038. The module is now marked as "unsupported".

    The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer.

    Blog Category: Drupal Planet
    Categories: Drupal

    Acro Media: Drupal with WebSockets for Real-Time Synced Displays

    Planet Drupal - 7 June 2018 - 7:45am

    The situation: I'm the primary maintainer of the Commerce Point of Sale module and have been building a customer facing display feature for the Commerce 2 version. So, I have two separate pages, one is a cashier interface where a cashier enters products, the second is a customer facing screen where the customer can watch what products have been scanned, review pricing, and make sure everything is correct.

    The problem: Since products can be scanned through quite quickly, it was imperative that the customer facing display update very quickly. The display needs to match wha's happening in near real-time so that there is no lag. Unfortunately, AJAX is just too slow and so I needed a new solution.

    The solution: WebSockets seem like a great fit.

    Design

    AJAX - Too slow!


    WebSocket - Fast!


    The socket server can either not bootstrap Drupal at all, or bootstrap it only once upon load, making it able to relay traffic very quickly.

    Dependencies

    I only needed one dependency for this, Ratchet, which is a PHP library for handling WebSockets and is easily installed via Composer.

    Setup

    The WebSocket server is actually very simple, it finds and loads up the autoload script for Drupal, similar to how Drush does it.

    We bootstrap Drupal, just so we can load a few config settings.

    We terminate the Drupal kernel, since we don’t need it just for ferrying traffic back and forth and it will probably leak memory or something over a long time if we use it a bunch, since Drupal isn’t really meant to run for ages. I did try it with Drupal running the whole time and it did work fine, although this wasn’t under any real load and only for a couple days.

    Now all that we have to do is setup the service.

    All the details of our service come from the class we pass in, which basically hooks in the different server events. I’ll leave the details of that outside of this article as none of it is Drupal specific and there are lots of tutorials on Rachet’s site: http://socketo.me/docs/hello-world

    Javascript

    On the JavaScript end, we connect to the WebSocket using the standard interface.

    I used a few mutation observers to monitor for changes and then passed the changes to the WebSocket to relay. You could do this however you want and probably some nicely integrated JS or even a React frontend would be a lot cleaner.

    Resources

    Related module issue: https://www.drupal.org/project/commerce_pos/issues/2950980
    Ratchet PHP Library: http://socketo.me/

    Categories: Drupal

    Drupal core announcements: Drupal Security team response to recent news articles relating to SA-CORE-2018-002 and SA-CORE-2018-004

    Planet Drupal - 7 June 2018 - 6:51am

    Various media outlets are reporting that a large number of Drupal sites are still vulnerable to the recent highly critical core vulnerabilities SA-CORE-2018-002 and SA-CORE-2018-004.

    Those reports are all based on the same source. The source investigated the contents of CHANGELOG.txt of a large number of sites and assumed all sites reporting a version lower than 7.58 to be vulnerable.

    Checking the contents of CHANGELOG.txt is not a valid way to determine whether a site is vulnerable to any given attack vector. Patches distributed by the Drupal security team to fix the issues were widely used, but did not touch CHANGELOG.txt or any version strings defined elsewhere. There are also other mitigations that vendors have provided which would also not affect CHANGELOG.txt but would protect the site.

    We believe the presented numbers to be inaccurate. We consider it to be misleading to draw conclusions from this sparse information. The Drupal project has a long history of a reliable coordinated disclosure security program. For the past 4 years, the Drupal Security Team has provided support to journalists covering our releases and policies and is available for further enquiries.

    If you are a member of the press and want the Drupal Security Team to comment, please contact security-press@drupal.org.

    Categories: Drupal

    Configuration Override Warn

    New Drupal Modules - 7 June 2018 - 6:46am

    Implements the warning message proposed by #2408549: There is no indication on configuration forms if there are overridden values from one module without needing any changes to configuration forms.

    Categories: Drupal

    Pages

    Subscribe to As If Productions aggregator - Drupal