This is the third in a series of articles, in which I'd like to share the most common pitfalls we've seen, so that you can avoid making the same mistakes when building your sites!
myDropWizard offers support and maintenance for Drupal sites that we didn't build initially. We've learned the hard way which site building mistakes have the greatest potential for creating issues later.
And we've seen a lot of sites! Besides our clients, we also do a FREE in-depth site audit as the first step when talking to a potential client, so we've seen loads of additional sites that didn't become customers.
In the first article, we looked at security updates, badly installed module code and challenges ith "patching" modules and themes, as well as specific strategies for addressing each of those problems. In the second article, we looked at how to do the most common Drupal customizations without patching.
In this article, we're going to look at some common misconfigurations that make a site less secure, and how to avoid them!
NOTE: even though they might take a slightly different form depending on the version, most of these same pitfalls apply equally to Drupal 6, 7 and 8! It turns out that bad practices are quite compatible with multiple Drupal versions ;-)
I'll put this here, in case it helps anyone else.
I'm owning up to Drupal Schoolboy Error #1.
I was writing a very simple module. It did so little, that I wanted to keep things as simple as possible — just a .info file, and a .module file.Blog Category: Drupal Planet
Alike any team that focuses on full cycle Drupal development we work with rather complex projects. Usually we go through all the stages: from idea to launch. We love having control over the process, that's why we created the simple yet working scheme. Following its steps gives us confidence that nothing is missed. This article describes the workflow of one of the ADCI Solutions projects and emphasize a designer's role at each stage. Try this scheme out and learn other tips that we included in the article.
While building a site recently, we had a requirement for teaser images to be in a landscape or portrait orientation. We could have created two image fields and told the client to just fill in one - but that would mean editors would be responsible for cropping the image which would add extra effort to their work. Instead what we did was used one image field and one select list to choose if they image should be 'landscape' or 'portrait' in teasers.
How to move fast, be flexible, and maintain high quality while building a digital experience.Tags: acquia drupal planet
As a Drupal themer, it's rare that I choose something other than the Bootstrap base theme for a new project. Besides its quality and popularity, there are some specific technical reasons why Bootstrap is such an attractive option.The internet loves Bootstrap
This makes Bootstrap the top JS Framework worldwide and the second most popular JS library ever used, right after jQuery, which is used across 72% of the web. This means that there are a lot of docs and examples out there to use as a guide.
Thousands of developers know Bootstrap and work with it every day. And because Bootstrap is not Drupal-specific, you can use Bootstrap for your Drupal theme and your other non-Drupal projects. Front-end developers who know Bootstrap can be more easily on-boarded on your project if you go with Bootstrap as a base theme.A Bootstrap theme doesn't have to look like Bootstrap
If you start with Bootstrap and don't customize the styling of your theme, of course, you will end up with that classic Bootstrap look and feel. But the magic of Bootstrap isn't just about how it looks. It is also how it behaves and the way it provides us a solid framework of interactions and components that we can easily customize to the most precise design specs.
Parts of Bootstrap like the grid, breakpoints, messaging and modals are generic components that you can reuse and restyle for your projects pretty easily. As a themer, you can either change these using the Advanced Theme Settings or do these custom on your project.Advanced Theme Settings
Since Drupal 7, when Bootstrap theme was created with a lot of settings that allow site builders to customize it out of the box and without coding. This is a very common practice across most Drupal themes, but on this specific case, you can "tweak" Bootstrap library specific components that integrate with your Drupal site like the Navbar, Breadcrumbs, Modals and so on.
Even if you are not an experienced Drupal Themer, you can jump into the Settings and start moving things around while customizing your website's appearance and behavior.
Another great feature is that you can set to use Bootstrap library from a CDN, change the library version you want to support and even use different "skins" from Bootswatch.com.
For a complete list of the theme specific settings, refer to the Bootstrap Theme Settings Docs.Your theming style matters
In 2016, among many other projects, we developed a couple of Drupal 8 corporate websites on top of Bootstrap theme for the Council for Responsible Nutrition and CARTaGene. On both projects, designers were free enough to come up with their concepts without knowing we were going to use that specific framework to make these come to life and get launched.
By the way, did I mention that this site you see right now, is also Drupal 8 + Bootstrap Theme based?Drupal loves Bootstrap
In a previous blog post, I talked about "Drupal Theming and Site Building: 6 Best Practices' and listed a set of criteria to use when considering a base theme for your Drupal project. So here's how the Bootstrap theme measures up against these criteria:
- How many people use it? The Bootstrap theme had more than 140,000 Drupal 7 & 8 reported installs as of March 2017. That is more than 10% of Drupal sites out there and is the most-installed theme for Drupal 8 so far.
- Is it increasing? Over time, more and more front-end developers are adopting Bootstrap, according to the installation statistics from Drupal.org.
- Is it being maintained? Bootstrap theme is actively maintained. Just check the issue queue.
- How do I get started? Well, the documentation is extensive and detailed. There is even a specific website for it at http://drupal-bootstrap.org.
- How secure is it? Stable releases are covered by the security advisory policy.
In Drupal 8, there are templates files for almost every HTML component printed on the page, so you can easily customize the way that Bootstrap classes are applied. This makes it really easy to use the library the way you want. You're not stuck with the decisions made by the base theme developers.The Amazing People Behind Bootstrap
Last but not least, Open Source does it again:
Bootstrap Library Github repo is mainly managed by @mdo and @fat plus an active community of contributors. The library started in 2011 and since then it's been constantly increasing with more and more contributions every day.
For the Drupal base theme there is also a long list of contributors, but I'll give a special mention to Mark Carver, who takes care of leading the project development as the main maintainer and does an amazing work while carefully mixing these two technologies in the best way possible.
If you jump into the issue queue, you will notice that, just because a patch works, doesn't mean it will go into a base theme used by +140,000 websites as an update before being carefully reviewed and tested by the community. Thanks a lot to Mark and everyone else behind the theme.How to Get Started?
If you are new to Drupal:
- Start with Drupal
- Download and Install Bootstrap Drupal Theme
- Take an Intro to Drupal Training
- Take a Drupal Theming Training
If you have some Drupal theming experience I suggest you read about:
- How to Integrate Material Design with Drupal
- Planning Your Drupal 8 Theme: Choosing a Base Theme
- Drupal Theming and Site Building: 6 Best Practices
And if you are an advanced Drupal Themer, we would love to have you contributing back:+ more awesome articles by Evolving Web
tl;dr: Use a Samba share in the VM mounted on the host instead of using a Vagrant synced folder, and use Drupal VM 4.4's new drupal_deploy features. See the video embedded below for all the details!*/
I've often mentioned that Windows users who want to build modern Drupal sites and apps are going to have a bit of a difficult time, and even wrote a long post about why this is the case (Developing with VirtualBox and Vagrant on Windows).
The Crellpocalypse in the Drupal world last week has shaken the entire community. This event and its handling have called our fundamental values and structures into question. We’ve had fights on social media, calls for Dries to step down, and valuable contributors stepping away from the community. I have friends on every side of the situation, but all I can think is: This seems like the perfect time for a singing, dancing, spandexed pageant about the Drupal community.
Why? For those who don’t know, I’m one of the authors of the DrupalCon Prenote, the “pre-keynote” show that kicks off DrupalCon right before Dries’ keynote. The organizer (and my officemate), Jeffrey A. “jam” McGuire and I have been living our own special version of the crisis (Read Jam’s post about taking sides on this here). Our friend Larry Garfield has been an enthusiastic part of the Prenote ever since his first appearance as “Lord Over-Engineering” at Drupalcon Austin. Dries has often played a special guest role, too. With Drupalcon Baltimore looming on the horizon, everything seems to be coming together in one awful moment full of painful reminders – and it’s just when we’re supposed to be cheering for “community.” That awful conjunction is what makes this next Prenote in Baltimore more important than ever.
I have a tremendous respect for how painful this whole situation is for everyone involved. This very public meltdown, which has already done tremendous material damage, is made even more painful by the personal friendships of the key people involved. Klaus, Dries, and Larry have been colleagues for more than a decade. Even if this was only a private falling out, it would have been a painful one. And this is a public explosion. I can’t imagine the emotional strain that each of them is under right now. Internet mob outrage is a terrible experience, made much worse when it comes from your friends and colleagues, directed at your friends and colleagues.
And this is exactly why we need a Prenote right now. Because this is terrible shit that we’re wading through, and the Prenote exists to remind us of why we should keep going. The Drupal community – not the specific leadership, but the agglomeration of people, practices, code, and rules – has a lot that’s worth fighting for. We are the largest open source software community in the world, with a uniquely personal connection to its members. An incredible diversity of contributors from every culture imaginable who, for the most part, manage to work very well together.
The Drupal community is on the leading edge of how a community of this size and diversity can work. No one has ever done this before. Things like our Code of Conduct, Community Working Group, and conflict resolution process, can seem like established and unassailable systems. They aren’t. Go read the version history of those links; we just get a group of people together at a Drupalcon or on video conference to try to figure out how to handle this stuff, and then codify it in writing. We take models from other kinds of communities and try to adapt them, we suggest crazy new ideas and directions. As a community, Drupal actively and aggressively tries to figure out how to make itself more diverse, and less conflict prone. Humanity has never done collaborative communities on this scale before, and the Drupal Community is on the bleeding edge of it all.
The cost of the bleeding edge is that we make mistakes. We set off conflicts, we discover new kinds of obstacles. We muddle through every time, and then in retrospect try to find a better way forward for next time. I don’t mean to diminish the size or importance of any of these conflicts. They can be serious, existential crises.
- When Acquia first formed and started to hold outsize influence, it was an existential crisis. We had to figure out how to handle a conflict of interest in our leadership, and what to do about a (then) totally asymmetrical services market. Acquia is now just one large player of several in the Drupal marketplace, and Dries found a compromise between his interests that has lasted almost a decade.
- When Nate and Jenn forked Drupal into Backdrop CMS, it presented another existential crisis for our community. We had never had such a credible fork from such key community members before. It was the apex of a crisis in the development direction for the whole project. We had to figure out how to address developer experience, how to work with a forked project, and even how to continue working with the forkers themselves. Backdrop is now a normal part of the ecosystem; Jenn and Nate remain important and welcomed Drupal community leaders almost four years later.
- We have had critical tensions, messy relationships, and fallings out with some of our most appreciated developers and community leaders. Whether it’s offense taken at Morten, or outbursts from Chx, these have divided our community and forced us to solve diversity problems that no one else has ever had to deal with.
I could go on. The point is: With each crucible, we the Drupal community must try to learn and build better systems for the next time.
So right now, in the midst of all this anger, this prejudice, and these accusations, I’m here to say: we will learn from this, too. The Drupal community is extraordinary, but we must adapt in order to survive. Losing Larry is a big hit to our community in almost every dimension. This public explosion has been a big hit to us in almost every other dimension. The arguments and animosities we’ve unleashed feel like they will tear us apart. But we must look forward. We must use this event for introspection and carry on as a better, improved community.
Do you think Larry was punished for thoughtcrime? Pitch in and help build a system where the next Larry can’t be treated that way. Do you think Dries and the DA deserve our trust in their decision? Join up and help make sure the next iteration preserves the strength of independent leadership.
The prenote is about why we are here, why we’ve stayed here all these years. Because it’s fun, because it’s supportive, because we love it. Sometimes the best way to start addressing your pain is through humor – and we desperately need to start addressing this.
However you feel about the Crellpocalypse, please don’t leave. Not yet. Stay, and help the community improve. Don’t stay for your job. Don’t stay for Dries, or the DA, or Larry. Stay for the community.
Last week we attended and sponsored the Drupal Developer Days in Seville where we also had two well attended sessions. Introducing the UI Patterns module: use atomic UI components everywhere in Drupal 8 and Advanced Configuration Management with Config Split et al. attached here are the promised slides, as well as a few updates about the modules.What's new in Config Split Drush
As we posted about before, drush supports the Config Split workflow since 8.1.10. In the next version drush will drop the support for its --skip-modules flag and people using it should upgrade to using Config Split.Split Storage in Database
Previous versions of Config Split allowed to set an empty split folder which resulted in the configuration to be lost. To avoid saving the configuration into files under version control one would therefore have to set up a temporary directory and save the split there. But with the last development release a separate database storage is used when not specifying a split folder. This allows configuration to be "stashed" in the database for a deployment. A specific export first is still and will always be necessary by design.What's new in UI Patterns
Following a productive BOF meeting at DDD, it was decided to move everything that concerns defining and displaying patterns locally into a separate module.
This will allow for a better and more solid architecture: the main UI Patterns module will be solely responsible to provide plugins and other glue code: it will then be responsibility of modules implementing component library integrations to expose their components using pattern derivers.
Discussion is ongoing at https://github.com/nuvoleweb/ui_patterns/issues/86 and more generic future plans are being dicussed at https://github.com/nuvoleweb/ui_patterns/issues/76Tags: Drupal 8Drupal PlanetAttachments: Introducing the UI Patterns module: use atomic UI components everywhere in Drupal 8 Introducing the UI Patterns module: use atomic UI components everywhere in Drupal 8
Over the past couple of years I’ve attended quite a few conferences like DrupalCon Amsterdam & Barcelona, DrupalCamp Vienna, European Drupal Days, Drupal Developer Days and SymfonyCon Berlin.
Last weekend I had the opportunity to attend and speak at my first WordCamp. My friend Jam and I spoke about Challenges and Solutions in Getting your Open Source Company to Contribute which we have done many times before.
My colleague Ronald Ashri was also speaking about An AI Bot will Build and Run your Next Site… Eventually, sharing some of our work on chatbots and applied artificial intelligence
We do this because we firmly believe that organisations can achieve far greater success if they work together and improve the world while they do so. As with other conferences I was greeted by a warm and welcoming community. The fact that I’m from the Drupal community didn’t bother anyone and it was relatively easy to find common grounds with everyone I met. So far no surprises, because we all shared a love for open source technology.
That said, I did find that this conference and the people that attended vastly different than what I experienced at any other tech conference to date. The main difference being their focus on diversity, accessibility, inclusivity and user experience. As it turns out, not only WordPress is extremely user focussed and easy to use, so are its conferences. They have gone out of their way to make the conference as inclusive and accessible to everyone. To list a few of the things that stood out for me:
- Creche - You’ve got kids? WordCamp has you sorted. For a mere £5 per child per day your kids are close and taken care off while you attend your favourite sessions. This lowers the bar for people with young children that otherwise maybe wouldn’t be able to attend.
- Life essentials boxes - napkins, sanitary pads, tampons, you name it they’ve made sure they’ve got it. Not just in the female facilities, but in the male facilities as well. An awesome gesture of acceptance and inclusivity for transgender attendees.
- Speech To Text Reporters - Each room had two Speech To Text Reporters that provided live session transcription. One transcribed the current session, while the other corrected any errors in the previous transcription so that it can be used with the session footage that will be posted on the internet.
A post shared by Jeffrey A. "jam" McGuire (@horncologne) on Mar 18, 2017 at 2:33am PDT
But the differences were not limited to the organisation only. The attendees and sessions seemed different as well. Most conferences I’ve attended were mostly visited by developers and most sessions would be about “How to do something awesome with framework A”, “What changed between version X and Y” or “How your application can communicate with API Z”.
The technical sessions didn’t offer me many new insights, but reaffirmed that all software communities face (and solve) the same problems and challenges and the non-technical sessions reminded me that as developers we have a responsibility to our users. The responsibility to ensure that they can access the information our products provide and that no-one is excluded from being able to access that information. All in all WordCamp was highly similar, but also very different.
Yes it’s still attended by developers, but they are not necessarily the majority. I’ve spoken with designers, business owners, entrepreneurs, user experience designers and project managers and heard a lot less technical talk while walking around the venue. The focus seems to be more about “I’ve got a business and want to find out how WordPress can help me make the most of it” than “I’ve always used WordPress and now want to know how to apply it to this new project”.
Looking back at the other conferences I’ve attended I think a lot can be learned from the WordPress community. The session diversity, clear communication and open atmosphere encourage a wide range of attendees, which in turn allows people with entirely different roles to talk to each other and gain a better understanding of each other’s (business) needs and be inspired by their ideas.
WordCamp London turned out to be all that’s good about tech conferences. I like it, sign me up for more!
We’re hiring in Europe at the moment - find out more about working at Deeson.
Did you miss last week's Lunch & Learn Event about open marketing in Ghent? Dropsolid CTO Nick Veenhof explains his quick-and-dirty proof of concept for integrating the Showpad environment with the Drupal CMS.
In the current economic and digital environment, companies are realising that integrated approaches are the future. The time that, for example, sales and marketing act as individual parts of a company is definitely long gone. Luckily, there are plenty of options available for companies to drive business results, such as open marketing platforms.
Recently we have had the honor to present, together with Showpad & Survey Anyplace, a lunch and learn about leveraging these kind of open marketing platforms to boost customer experience. Showpad and Drupal have many things in common, but how do you make sure you are not managing your assets in two separate places - for example in Drupal and in Showpad? As a company, you don't just want to use the right platforms, but you want to use them in the most efficient way.
In preparation for the lunch and learn, we were asked to demonstrate how the technologies that Dropsolid and Showpad use (Drupal & Showpad API) integrate with one another to maximise efficiency.
The first step was consulting Showpad’s API, which is well documented and can be found when logging into their system.
Here's the short version of the demo:
If you're interested in more details, you can watch the extended version on our YouTube channel as well.
Some of the challenges we faced is that Showpad didn’t have a fully featured SDK for PHP. However, there were proofs of concept available that suggested ways of working with the Showpad API. After some exploration I decided to adapt one and contribute it back to github. The adaptation makes the existing, non compatible, library compatible with Guzzle 6 so that it natively works with Drupal 8’s composer dependencies and thus, the Guzzle version that is shipped with Drupal.
After the library was working as expected, I tried to make a quick and dirty implementation in Drupal. Just a warning: this Drupal code does not adhere to the code standards, nor do I recommend you to implement it this way. It is merely proof that integrating the two is not a work of months, but of mere hours. You can find the Drupal code I used at https://github.com/nickveenhof/showpad-api.
Did you miss our Lunch & Learn? Read the complete recap here.Add new comment Header image Teaser image Publish to Drupal planet On
Now I'm working on a new Drupal 8 module "LandingPage Framework". By the fact it's a package of several modules and themes.
Project page: https://www.drupal.org/project/landingpage
I still don't have a stable release but there is a version that you can start to play with and let me know if it worth to continue the development. The module use the power and the magic of Drupal Paragraphs. Paragraphs approach provides beautiful flexibility in content management because you can get any Drupal functionality in paragraph entity and you can set paragraphs on each page in individual order.
The main goal of that package is simplification of Drupal based LandingPage development. I want to provide several out of box solutions that can cover the main cases of LandingPages such as Event page, Product page, Promotional page, CV/Portfolio page etc. But I want to provide extremely unlimited options to customize the page.
Please visit this page to take a look on very simple example of Landing page build with that module:
Also you can get more specific technical information in README.txt
I'm not going to write a long post, because one image better than 1000 words.
Please see a quick screencast in that post, it's only an introduction that allow you to catch an idea. I hope I'll do the serious of screencasts to explain how you can use LandingPage Framework, how you can customize LandingPages and how you can do your best in Responsive Design.
Blog tags Planet Drupal LandingPage Drupal 8 Comments
Automatically add a Table Of Contents (TOC) to your Drupal pages to make it easier to navigate long articles.
What it was like being part of the Drupal apprenticeship scheme.