Drupal Planet

How to secure a Drupal website

Fri, 13/01/2017 - 10:45 -- James Oakley

OK - I'll hold my hands up. The title of this post is misleading. I'm not going to give you an ABC on how to secure a Drupal site (maybe another day). I'm responding to a post on the Reseller Club blog entitled How to Secure Your Client's Drupal Website.

There is some good advice in that article, but it's mixed in with some bad advice, and in other parts it's just plain confused. In the hope that it helps people, I'm going to try and untangle things.

Blog Category: 

Be Prepared for Drupal Contrib Security Updates

Tue, 12/07/2016 - 19:33 -- James Oakley

The Drupal Security team has just released a public security announcement, PSA 2016-001.

There will be multiple releases of Drupal contributed modules on Wednesday July 13th 2016 16:00 UTC that will fix highly critical remote code execution vulnerabilities (risk scores up to 22/25).

If you run any Drupal sites, please be prepared, and be ready to update your site as soon as this is released.

Blog Category: 

For Drupal 8, use Drush 8

Sun, 11/10/2015 - 21:45 -- James Oakley

Last week, to appropriate fanfares, Drupal 8 reached Release Candidate stage. That means Drupal 8 tagged releases now have an upgrade path between them, and it also means (very nearly) complete API / hook stability - which means this is the cue for some serious testing and development of contrib themes and modules.

However I made one schoolboy error: I was still using Drush 7.

It's actually quite an understandable mistake - all you had to do was follow the development of Drupal Next, and Drush, but not quite follow it closely enough.

Blog Category: 

Installing the latest version of Drush

Mon, 08/12/2014 - 23:21 -- James Oakley

In case you missed it, Drush has evolved recently.

Quick primer for beginners follows. (Although, if you haven't heard of Drush, the chances are this post was not written with you in mind. I blog about many subjects, and there aren't many readers who are interested in all of them!)

Drush stands for Drupal shell - it's a very powerful shell environment for managing Drupal sites using the command-line shell.

Blog Category: 

Updating Drupal core with bash and drush

Thu, 08/05/2014 - 16:30 -- James Oakley

Yesterday, Drupal 7.28 was released.

People rush to upgrade, knowing that there will be a tranche of bug-fixes that may resolve longstanding issues.

People hesitate to upgrade, because updating Drupal core is not as simple as we'd like.

Other times, the core update is a security release, and you can't afford to wait.

This does not need to be painful!!

Upgrading core in Drupal 7

You have probably read the official documentation on doing this.

Blog Category: 

Drupal development snapshots puzzingly rebuilt

Thu, 03/10/2013 - 14:22 -- James Oakley

Please Update

Earlier this week, I got several automated e-mails from Drupal sites I manage. The e-mails told me that some of the modules I use had a new version, so I was advised to log in and upgrade.


I was puzzled to see that one of the modules I maintain was in the list of pending upgrades. That was puzzling because I hadn't pushed any changes to that module for a little while, so I wasn't expecting any new releases.

Blog Category: 

PHP 5.5 release and Drupal

Sat, 22/06/2013 - 08:35 -- James Oakley

Yesterday, the PHP group announced the first stable release of PHP 5.5. This is great news. I shall compile it very shortly so that it can optionally be used on this server. That will allow me to test my various Drupal sites against PHP 5.5, to see if there are any issues.

However the arrival of PHP 5.5 signals the imminent end of PHP 5.3. Back in December 2012, PHP announced that

Blog Category: 

Useful modules: Spambot

Mon, 20/05/2013 - 15:16 -- James Oakley

Drupal websites don't always need to allow users to register themselves with an account. This site doesn't, for instance. Anonymous commenting is turned on. The contact form is enabled for anonymous users. And those are the only thing that any member of the public would need to do - other than read. So nobody needs to set themselves up with a login.

Blog Category: 

"Real User Monitoring" with Pingdom

Tue, 07/05/2013 - 15:26 -- James Oakley

Pingdom LogoI've used the services of Pingdom for a long time to keep track of how my websites are loading. They will check any website from ten different servers around the world, as often as once a minute. You can look at graphs of how the load time varies with time, and you can be notified as soon as the site goes down.

Blog Category: 


Subscribe to Drupal Planet
Additional Terms