Drupal no longer releases a new version of Core when an upstream dependency fixes a security vulnerability. It is the responsibility of site maintainers to keep track of security advisories for all such dependent libraries. That is no small task, and a way to automate this is needed. This post looks into how this can be done.
Drupal sites contain a settings.php file with site-specific settings, that is based off default.settings.php at the time the site is installed. As Drupal evolves, default.settings.php will change. Sometimes, it's worth incorporating those changes into the settings.php file for an already-installed site. This post runs through a low-friction way to keep on top of this house-keeping.
cPanel offers users a shared hosting environment which could be thought to exclude running NodeJS (and therefore Node driven theming tools like Gulp and Grunt). In fact, this is easily overcome, as I explain here.
I've been putting off learning how to build sites in Drupal 8, and migrating my existing Drupal 7 sites over to Drupal 8. Why? Drupal 8 uses a lot of new tools. I want to learn how to set up a Drupal 8 site in the "right" (optimal) way so that I don't incur technical debt for myself later on. That means I have a lot of tools to learn. That takes time, which I don't have a lot of. So I've procrastinated.
I'm a big fan of Piwik, an open source analytics suite. Think Google Analytics, StatCounter, Sitemeter, etc. … only self-hosted an open source. There are many benefits of using it:
Yesterday, the Drupal Security team issued a Security Advisory for the Mollom module, SA-CONTRIB-2018-038. The module is now marked as "unsupported".
The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer.
Drupal 8 and 9 use Composer for package management, but Composer requires more memory than is available on most shared hosting environments. This post discusses the problem, and explores a way of working around it to get things working.
Yesterday, at 7.13pm, the Drupal Security Team issued a public service announcement: Drupal 7 and 8 core highly critical release on March 28th, 2018 PSA-2018-001.
This needs a bit of background to understand.
Updates to Drupal Core fall into one of new kinds.
Spam is a problem that never goes away. Email spam. Comment spam.
This site has long used Mollom to protect the comment section and the contact form. They're closing down on 2nd April 2018, so lots of webmasters will be looking for alternatives.
I'd like to introduce you to Project Honey Pot.
![(Uninstall) Hook\](https://www.oakleys.org.uk/files/styles/thumbnail/public/blog_images/2017/03/hook.jpg?itok=l2jB8QN6 "(Uninstall) Hook\")
I'll put this here, in case it helps anyone else.
I'm owning up to Drupal Schoolboy Error #1.
I was writing a very simple module. It did so little, that I wanted to keep things as simple as possible — just a .info file, and a .module file.
