The Matomo Analytics Drupal module connects your Drupal site to your Matomo Analytics application and eases the process of modifying the tracking code to better suit your needs without advanced programming experience. The Matomo Drupal module tracking options include: Specifying Drupal blog entries to track Ignoring logged in users while working on web design and Read More >
Drupal
Here you will find helpful documentation about installing and using the Drupal content management system (CMS).
Ready to get started? Check out our Drupal Hosting!
Managing Content with Drupal
Drupal Archive_Tar Vulnerability – 12/18/2019
Issue: On December 18, 2019, Archive_Tar, used in the Drupal content management system (CMS), has many vulnerabilities if a Drupal website is set to allow and process .tar, .tar.gz, .bz2, or .tlz file uploads Versions affected ? 8.8.x-dev8.7.x-dev7.x-dev Recommendation: Update Drupal 8Update Drupal 7 Source: https://www.drupal.org/sa-core-2019-012 Learn more about website security in our Drupal 8 Read More >
How to Update Drupal 8 Manually
There are many ways to update Drupal 8 – manually, automatically, with Drush, or with Composer. Below we cover how to update Drupal 8 manually: Backup Drupal Replace Core Files SSH File Manager Finalize Updates Secure your website and maintain performance with our VPS Drupal Hosting Backup Drupal 8 Backup Drupal with a module or Read More >
Drupal 8 Update Manager Settings
Drupal 8 can send email notifications when updates are available. This helps you update Drupal 8 core (after you create a backup) and modules as soon as possible. Below we share our recommended Drupal 8 Update Manager settings. Drupal 8 Update Manager settings Log into Drupal 8 Click Reports at the top Click Available updates Read More >
Scheduling with the Backup and Migrate Drupal Module
One of the first things you should do once you get started with Drupal 8 is install the Backup and Migrate module. After you create your first backup, you should schedule automatic backups just in case anything goes wrong (for example, the Archive_Tar vulnerability reported in December, 2019) or need to update Drupal core. Schedule Read More >
How to Backup Drupal 8 with the Backup and Migrate Module
Your Drupal 8 security posture should include up-to-date backups. cPanel backups and snapshots are great for full server backups. However, a module to backup only website data can save a lot of time when you need migrate or update Drupal. Below we cover how to install the Backup and Migrate Drupal module and create a Read More >
Add Feature-Policy in Drupal 8 with the Security Kit Module
The Feature-Policy HTTP header specifies what browser features can be used on a website and its <iframe> elements. The most common browser features among a long list are autoplay (for videos), camera, fullscreen, and microphone. Below we’ll cover how to install the Security Kit module in Drupal 8 and enable Feature Policy. Get high performance Read More >
Add X-Frame-Options in Drupal 8 with the Security Kit Module
The X-Frame-Options HTTP header specifies whether your Drupal website can be displayed within other websites with the <frame>, <iframe>, <object>, or <embed> HTML tags. This improves Drupal security against clickjacking and related cyber attacks. Below we’ll cover how to install the Security Kit module and enable X-Frames-Options. Mozilla recommends using the superseding Content Security Policy Read More >
Add HSTS in Drupal 8 with the Security Kit Module
Adding HSTS (HTTP Strict Transport Security) in Drupal 8 forces web browsers to only load your website with a valid SSL certificate. This improves Drupal security against downgrade attacks and similar man-in-the-middle (MITM) attacks. HSTS is similar to a HTTP to HTTPS redirect but within the browser. Below we’ll cover how to install the Security Read More >
Add Content-Security-Policy (CSP) in Drupal 8
The Content-Security-Policy Drupal module helps you configure a Header set Content-Security-Policy header to specify what sources your website should load scripts from – (e.g. your own website, embedded YouTube video, and analytics trackers). This forces supporting web browsers to ignore other external requests to mitigate cross-site scripting (XSS) and other code injection attacks. There are Read More >