Just another 陰陽 site
|
The Drupal Event Organizers Working Group and Drupal Community Working Group are pleased to announce a resource to help make inclusivity easier to build into event planning. Initiated by the Community Working Group and taken over by the Event Organizers Working Group, the new Drupal Event Accessibility Playbook aims to provide guidance and accountability for addressing the accessibility of events with respect, professionalism, and grace.
The Drupal community is composed of and fully reliant on the amazing diverse people who choose to participate. Each individual and their perspective is valued. Our community is already a leader in our attention to the health of its members. This Event Accessibility Playbook is another way that we, as a community, can show respect to all our members. We continue to lead by example by being inclusive and accessible.
The initial release of the Drupal Event Accessibility Playbook has been set up like the Code of Conduct event playbook offered in the community; meant to be customized and refined to meet the needs of the event organizers and the local governmental requirements. This structure offers sample commitment messages, suggested acknowledgments, and ways for users to reach out for additional accommodations as needed. It is our hope that this playbook makes it easier for event organizing teams to build accessibility into their ongoing efforts.
We strongly encourage all Drupal event organizers to review the playbook and implement the suggestions as they see fit to best serve their local community.
The continued commitment to inclusivity and respect are at the forefront of our volunteers’ efforts. If there are additional ways we can help event organizers create better events, please submit your thoughts to the Drupal Event Organizers Working Group via the issue queue.
Each member’s unique perspective makes our global community stronger. We look forward to our continued growth together.
(The EOWG would like to thank April Sides, Donna Bungard, Mike Anello, and the rest of the CWG for their time and dedication to this initiative.)
|
Earlier this week, I attended the 8th edition of Acquia Engage, a two-day event full of learnings and connection opportunities by Acquia, one of the largest contributors to the Drupal open source. We at Evolving Web are proud to be Acquia Silver Partners, allowing us to support our clients with Acquia’s enterprise cloud and marketing solutions, which complement Drupal’s open source content management tools.
This was my first time at Acquia Engage. It gave me excellent insights into how organizations are leveraging Drupal to drive digital transformation, be more relevant to their audiences, and generate impact in their communities. It was truly exciting to see so many success stories, so here I’ll share my main takeaways from the event. Let’s get to it!
Drupal is a powerful tool for businesses—and at Acquia Engage, I got to hear from end-users who pointed out how they’re driving innovation and efficiency in their organizations with Drupal. Those case studies involved more than 40 clients from many industries and sectors, such as house financing (Fannie Mae), food (King Arthur Baking Company), healthcare (WSIB), higher education (Penn State University, EAB), publicly funded media (PBS), and more.
Many of the case studies had a marketing focus:
Others were about digital transformation and using Acquia’s platform to create richer experiences for users. Like King Arthur Baking, which went through a Drupal-powered journey from conventional food industry players to high-value content creators. In the end, they all were clear evidence that you can leverage Drupal as a complete digital experience platform (DXP) and not just as a flexible CMS—as we’ll be discussing in an upcoming webinar in November.
👩💻 [Webinar] Register to learn about the future of Drupal as a digital experience platform
One thing I found interesting was the emphasis on low-code and no-code digital platforms, such as Acquia’s Site Studio or Drupal’s Layout Builder and Paragraphs modules. These solutions are uniquely tailored for marketers, editors, and business leaders who want to save time and focus on “real work,” not worrying about technicalities.
Take SoCalGas, for example, the main provider of natural gas to Southern California. Their case study showed how their internal content team previously lacked the flexibility to publish and update content, needing constant technical support due to their unsupported legacy systems. By adopting Drupal 9, they incorporated a low-code approach to their content delivery workflows, helping them become a more customer-centric utility provider.
Acquia Engage 2021 was not only about business, though. It was also about doing good through technology and awakening a sense of purpose. One example was Mick Eberling’s eye-opening note about his work at Not Impossible Labs. Mick and his organization are committed to tackling issues such as food insecurity and accessible healthcare by taking direct action. In the cases he presented, technology was a powerful means for change, like setting up a 3-D printing prosthetic lab based in Sudan.
Mick’s talk made me think about how our work in the digital industry has the power to make people’s lives better, for real. Like Evolving Web‘s recent work with Looking Forward, a mobile-first, bilingual website that provides information for patients recovering from all types of cancer, actively helping them rebuild their lives after completing their treatment.
I also saw some compelling talks about diversity at Acquia Engage. This is one of Evolving Web’s values and crucial in making the Drupal community more plural and innovative.
The Women in Martech panel, for example, mediated by Acquia’s CMO Lynne Capozzi, was an engaging talk about women’s roles in the digital industry. The panellists—Maria Greene, Senior Web Developer at Insulet Corporation, Barbara Von Euw, Director, Business Process – Consumer Data & Insights at PVH, and Hannah Smith, Senior Manager, Global CRM Solutions at MCM—discussed issues like gender equality, career options vs. parenting, and self-esteem, sharing some inspiring success stories and insights.
“Don’t compromise what you want because of expectations. One of the things that being a feminist is about is choosing your own path regardless of what society wants to push you towards.”
— Maria Greene, Senior Web Developer at Insulet Corporation
Watching this panel, it was clear to me that, while many women still have to hurdle the barriers of traditional gender roles, especially in a historically male-dominated industry such as ours, success is up for grabs for women in tech, as long as we promote inclusion. That’s why we at Evolving Web firmly believe that initiatives such as Drupal Diversity & Inclusion (DDI)—a team of Drupalists that provides a safe space to discuss and share resources about diversity, supporting people who feel underrepresented in the tech industry.
For a first-time attendee like myself, Acquia Engage 2021 was a display of innovation, inspiration, and human connection. It’s clear that Acquia not only offers secure, fully supported Drupal-based solutions, but they also know how to put up a fantastic event.
I can’t wait for the next Acquia Engage. See you next year, partners!
|
Two factor authentication (2FA) is an increasingly popular functionality on websites, and this article will teach you how to completely implement it on a Drupal 9 or 8 site.
Two-step authentication is the process of authenticating the user at login, consisting of two verification methods. The first method refers to the well-known login by entering login and password. Along with web development and many services storing sensitive data, such as Facebook or GitHub, the risk of attacks and the possibility that someone unauthorised gains access to your account has increased. To prevent such a situation, the second method of authentication has been introduced. The solution doesn’t guarantee 100% certainty that your data is safe, but it greatly improves data security, for instance, in Drupal.
The most popular methods of the second authentication at login include:
Implementing the basic version of this functionality comes down to installing several modules and their configuration.
The basic version includes:
The extended issues that we’ll describe in this article will concern the generation of codes in the Google Authenticator application and codes sent to an email address.
To build the two factor authentication presented in this article, you’ll need the following modules:
The fastest way to install all the modules you need is to use Composer and execute the shell command:
composer require drupal/tfa
and
composer require drupal/real_aes
If you aren’t using Composer, download each of these modules and unzip them in the directory where the site is hosted – /modules/contrib. If you don’t have a contrib directory, you’ll need to create one.
Now enable all modules.
Drush: drush en key real_aes encrypt tfa ga_login
Or conventionally on the site /admin/modules
The first step is to create a key for encryption. For this purpose, proceed to the Key module configuration and add a new key.
/admin/config/system/keys/add
Give the key a name. Select Encryption as the key type and set the Key size to 256 bits.
In the settings, where the key is taken from, there are three options to choose from. However, for security reasons, I recommend choosing to keep the key in a file outside the website’s main directory or as an environment variable (env).
For a file in File location, you need to specify the path where the file is located. It must already exist because otherwise, you won’t be able to save any changes. See below how to generate such a file.
File path
../keys/tfa.key
Where .. (two dots) means that you are leaving the current directory to go up higher.
A third option, which isn’t recommended, is to keep the key in the configuration files. In this case, you have to be careful because they are in the directory where the site is hosted. They might also be sent to the repository by mistake.
You can see an example of a directory structure presenting the keys’ location in the screenshot below.
How to generate a 256-bit key?
The easiest way to do this is with the Linux command:
openssl rand -base64 32 > tfa.key
or
dd if=/dev/urandom of=keyfile bs=32 count=1 > tfa.key
In both cases, the result will be creating a tfa.key file with the generated key.
After saving the changes, you proceed to the configuration of the Encrypt module, where you’ll need to add an encryption profile.
/admin/config/system/encryption/profiles
Configuration is simple, limited to selecting the encryption method, in this case, provided by the Real AES module, and choosing the key you have just generated.
After these operations, you can proceed to the configuration of the TFA module, which can be found at the site
/admin/config/people/tfa
From here, you manage the entire functionality. You enable and disable 2FA (two factor authentication) for our site, by default, 2FA is disabled. We also select the roles for which 2FA will be required. It’s important that on the site with permissions, the selected role has access to 2FA configuration.
After installing the modules mentioned above, we have three plugins to choose from. Two of them are based on the Google Authenticator application.
The third plugin is available directly from the Two-factor Authentication module.
We can create our own plugins (we’ll mention this later in the article) and introduce new ways of authentication, e.g., via SMS codes.
In the settings, you can also specify how many times a user can skip enabling 2FA. The default is 3 logins. After logging in, the following message will appear.
If the permissions for the role are set correctly, the Security tab will appear on the profile site with the option to configure each of the authentication methods enabled.
Address: /user/UID/security/tfa
To enable two factor authentication, you only need to configure one method. If more than one method is configured, the user will be able to choose which method to use when logging in, and the user won’t have to go through authentication using each method.
We enable the TOTP and HOTP plugins via the mobile app of our choice, namely:
You also need to scan a generated QR code in the application.
After this operation, codes will be generated in the mobile application. Now, generate the first code and confirm it. If it’s correct, the selected method will be enabled.
For Recovery Codes, simply generate and save the codes in a safe place.
This method will be enabled by generating the codes and assigning them to the user’s account – the Save codes to account button.
The TFA module gives you the ability to add your own two factor authentication plugins. This consists in creating appropriate classes with methods.
How else can you authenticate a user who is logging in? You can send the code by SMS, email (there is a ready-made TFA Email module for this) or on Slack.
The whole code presented below isn’t a ready-made plugin but only a description of what it’s built of.
It’s easy to map your own module based on the code from the ga_login module. I recommend reviewing and analyzing it for better understanding.
Let us assume that our module is called tfa_code. The two main classes should be located in the following directories.
TfaCodeValidation Class (name can be freely given)
tfa_code/src/Plugin/TfaValidation/TfaCodeValidation.php
TfaCodeSetup Class (name can be freely given)
tfa_code/src/Plugin/TfaValidation/TfaCodeSetup.php
The TfaCodeSetup class is used to handle the process of enabling a given authentication method, and the TfaCodeValidation class is responsible for the process of authenticating the user at login using the selected method.
The annotation in the class comment contains information that this is the TfaSetup plugin and has a unique id that will be used in the other class.
/**
* Setup for 2FA by SENDING code.
*
* @TfaSetup(
* id = "tfa_code_setup",
* label = @Translation("TFA Code Setup"),
* description = @Translation("TFA Code Setup Plugin"),
* setupMessages = {
* "saved" = @Translation("code saved."),
* "skipped" = @Translation("code not saved.")
* }
* )
*/
class TfaCodeSetup extends TfaCodeValidation implements TfaSetupInterface {
The class inherits from the validation class and implements the interface contained in the TFA module.
Method
public function ready() {
It returns TRUE if the authentication method can be enabled in the given context. When can it, on the other hand, return FALSE? For example, if you implement the sending of codes via SMS, users must first confirm their phone number in their profile. If the user doesn’t confirm their phone number beforehand, they can’t enable this authentication method. The ready() method should then be written in such a way that it returns FALSE.
Method
public function getOverview(array $params) {
Displays information and links about how to enable the authentication method.
Method
public function getSetupForm(array $form, FormStateInterface $form_state, $reset = 0) {
Contains the definition of the form for enabling the given method. It’s here that the requirements to enable the plugin must be included, such as a box of the form to enter the code that will come to the person who wants to enable this authentication method.
Example:
$form['get_code'] = [
'#type' => 'button',
'#value' => t('Get validation code),
'#ajax' => [
'callback' => [$this, 'get'],
'event' => 'click',
],
'#limit_validation_errors' => [],
'#prefix' => '',
'#suffix' => '',
];
A button that activates the get function, defined in the callback.
In the get function, you have to program the sending of the code to the user, e.g., via email or SMS. The name of the function may be freely given here.
Box for entering the sent code
$form['tfa_container']['set_tfa_code'] = [
'#type' => 'textfield',
'#size' => 30,
'#placeholder' => t('Type validation code here'),
'#prefix' => '',
'#suffix' => '',
];
The fact whether the codes match – the one sent with the one entered – is verified in this method
public function validateSetupForm(array $form, FormStateInterface $form_state) {
If everything is correct, the method
public function submitSetupForm(array $form, FormStateInterface $form_state) {
returns TRUE.
The class annotation is analogous to that of TfaCodeSetup.
/**
* Code validation class.
*
* @TfaValidation(
* id = "tfa_code_validation",
* label = @Translation("TFA Code validation"),
* description = @Translation("TFA Code Validation Plugin"),
* setupPluginId = "tfa_code_setup",
* )
*/
Method
public function ready() {
Looks analogous to the previous class.
Method
public function getForm(array $form, FormStateInterface $form_state) {
It is here that the form for the method is created. The user sees the form when logging in and authenticating. As in the previous class, there should be boxes for sending and entering the code. The code is verified in the method
public function validateForm(array $form, FormStateInterface $form_state) {
This concludes the implementation of our own two-factor authentication plugin. Once again, I recommend analyzing the code from the ga_login module, as you will quickly create your own working module based on it.
With this extended article, we wanted to explain the implementation of two factor authentication for a Drupal website as best as possible. Nowadays, more and more Internet users are aware of the risks and loss of data. Enabling 2FA makes their accounts on websites more secure and harder to intercept. Two factor authentication isn’t a 100% guarantee, but it certainly significantly increases both security and the level of trust for the site on which this functionality is implemented. Our Drupal support team can help you implement it and provide more advice on the security of your site.
|
|
[youtube https://www.youtube.com/watch?v=rNWeucGdYMI]
About one month ago I took part in DrupalCamp Poland 2021.
You can find abstract of my presentation there. It’s about possible evolution of CMS like Drupal.
Also, there are a few recomendations how you can use Tome with some dynamic content.
My slides is there. Please, watch the video and let me know your feedback!
Does it make any sense?
|
Once in a while, an opportunity comes along that is so interesting I simply cannot say no. Almost four years ago to the day, that opportunity was to join the Drupal Association as its first Community Liaison. Indeed, I even came up with the title whilst serving on the Drupal Community Working Group.
Working in the Drupal Association has been a wonderful experience, where I have had the pleasure to work with some of the most amazing people I have ever had as colleagues and friends.
|
In this installment of our 20 years of Drupal series, David joins Tag1 Managing Director Michael Meyers to talk about his experience in making contributions – not just upfront contributions like Bakery, but the ones he considers even more important – the behind the scenes performance enhancements and integrations that have helped make Drupal what it is today.
|
As you know, content is one of the most important ranking factors of your website, but it’s the unique and well optimized content that ranks higher on Search Engine Results Pages (SERPs). We’ll get into optimizing, but we’d be skipping a step if we didn’t note that before you get started writing and optimizing your content, the first thing to do is to identify the purpose of it. Some examples might be to gain more backlinks, rank in SERPs, educate your users, drive social engagement or generate leads. Once you’ve identified your purpose, you can move on to content optimization which is, luckily, one of the easiest ways to improve your SEO ranking. In this article, you will learn about our top 11 tips and tricks on writing optimized content for your audience and search engines.
When you plan on writing an article or piece of content, the first thing to do is thorough keyword research. Keyword research will help you determine the set of keywords being searched about your topic. Once you find the keywords you’ll be targeting, you will have to define what kind of content you are going to write. Is it pillar content (content you will use to establish authority) or supporting copy based on other content? With the content type decided, you can map the keywords.
For keyword research there are multiple tools available online like Google Keyword planner, Moz keyword explorer, etc. If you target your content to a specific keyword from the start it will help your rank. Use those tools for keyword research and decide what works as supporting content and what could work as main cornerstone content.
Your key tags are the Title and the Meta description tags. They’re one of the best places to target your keyword. Add your targeted keyword in the first half of the title. In the second half of the title you can use different variants to increase the click through rate.
Meta description is an important element for a well optimized page. Your meta description can help increase the click through rate by making it clear to the visitor what your content is about. You’ll also want to make sure to include your target keyword in the description. It’s a tricky balance, but it should be written in a way that encourages users to click on your page as well as drive the users intent with a call to action. Remember to keep the meta description under 160 characters and title tag under 60 characters to avoid truncation.
URLs should be understandable for humans as well as for search engines. Use clean, search engine friendly URL structure with the target keyword(s) included in the URL. The URL must be short and, just by glancing at the URL, your visitors and search engines should understand what your content is about. Try to use 3 to 5 words in the URL. If it’s longer than that, you likely won’t get much credit with Google’s algorithm.
In most Content Management Systems (CMS) like Drupal, Wordpress, etc. H1 tags are used as the main title of the page. To write a good optimized title, use the target keyword in a title that describes your content in a way that encourages users to read it.
Now that you have used the H1 tag for your title, use the H2 tag for subheadings and H3 to H6 tags for other subheadings.
It is extremely important to use the main target keywords within the content and it’s good practice to have it in the first paragraph. Here’s the hardest part – placing your target keywords naturally within the content flow. Never force it by writing hard-to-read content for the sake of including the keyword. One thing to consider is using bullet points to make important things readable and understandable for the visitor.
It probably goes without saying that images and videos are a great way to make your content consumable. Visual content also engages the audience and helps increase the visit time. Specifically, infographic images or videos in your content will have the biggest impact.
The downside to this is that visual content can make your website heavy. Try to compress the images before uploading and give proper and relevant alternate text for the images and videos. Embedding videos from Youtube, Vimeo or any other streaming platforms instead of uploading video to your server will help reduce page load time. A well optimized video and image will help improve the site performance and load the page faster.
Internal linking is one of the most important factors in creating content. Internal links will help users and search engines navigate to relevant subtopics. In most cases, you’ll want to use relevant target keywords in the anchor text to interlink the pages within your site.
That said, don’t be afraid of linking to external sources. You should link to any external sources that provide value to your content. For example, if you are using a statistic, it is always a good idea to link back to the source. In fact, linking external sources will help search engines to understand the relevancy of your content and thus boost your SEO ranking.
Since Google has moved to mobile first indexing, it’s critical that your content is responsive on mobile devices. If your site is already responsive or has a mobile version then make sure to test out how your content is getting displayed across mobile devices. In most cases it’s more important for your content to look correct there than on a desktop.
As you may already know, page speed is one of the important ranking factors for mobile search. To put it simply, your page needs to load fast. Keep in mind that images and videos play a major role in page speed, so try to optimize all your visual content on the page.
You can use GTmetrix and Google’s page speed insight tools to check your page speed. They also give suggestions for improvement.
When it comes to how many words your content should contain there’s no right or wrong answer. The reality is you shouldn’t worry about the length of the content. Just try to cover your topic in depth and always focus on quality rather than quantity.
Hopefully it doesn’t need to be said, but publish unique content that educates your users and serves the users intent for visiting. At the end of your writing, add a conclusion or final thoughts which helps support that the content is structured properly.
Though it is not considered as a ranking factor, it’s important to have a call to action in the content. For example, if your goal is to get visitors to want to know more about you or to work with your organization, the ability for them to do so should be extremely obvious and easy. You can provide a contact form, email id, phone number or a subscribe form near the top or wherever is easily viewable in the page. Even if you’re doing well on your SEO, poor call to action can waste all that good traffic.
Adding social share buttons in the content will give your users the option to directly share the content with their social network. Most of the CMSes like Drupal provide an option to have social share buttons once you publish the content. If not, you can get it added to your website. A couple things you’ll need to make sure to include are optimized social meta tags with OpenGraph and Twitter card tags. Always test that the correct image and descriptions are shown in social media while sharing the content.
A Drupal powered multi-site, multi-lingual platform to enable a unified user experience at SEMI.
link
Discover how our technology enabled UX Magazine to cater to their massive audience and launch outreach programs.
link
Discover how a Drupal powered internal portal encouraged the sellers at Flipkart to obtain the latest insights with respect to a particular domain.
|
October’s recap will revolve a bit more around Drupal’s release timeline, particularly yesterday’s EOL of Drupal 8. Enjoy the read!
READ MORE|
