Tag Archives: drupal tutorial

ByAlexia Pamelov

Several Reason Why Drupal is The Best CMS For SEO

CheapWindowsHosting.com | Drupal, the open source content management system (CMS) that runs WhiteHouse.gov, MTV Europe, and The Economist, is a very powerful system that can be used for large, complex sites, and it’s the best platform that exists today for SEO. I’ve seen clients triple their traffic within a few weeks of switching from a lesser platform. Drupal’s built-in tools for automating SEO on massive amounts of content, along with granular control that gives you absolute power over every single site element, put it head and shoulders above the rest, including Joomla and WordPress. Additionally, Drupal is the most scalable, configurable system, and major improvements in usability will soon shorten the learning curve for new users and developers.


Here’s why Drupal is the best CMS for SEO:

  1. Search engine optimized URLs. Drupal gives you complete control over URL structure. Each item of content created in Drupal (called a node) can be given a custom URL, called a URL alias. You can even set it to automatically generate user- and search engine-friendly URLs based on content type (blog post, page, user), title of the post, keyword, date, time, or any other information related to the node. In WordPress, you are generally limited to one type of permalink URL for all posts. You can override it, but it’s much less specific than Drupal’s URL aliases. For years, Joomla was lacking in search engine-friendly URLs and the ability to fix them. It now offers a built-in “search engine-friendly” functionality, but it lacks the functionality and control over the URL’s parameters.
  2. Custom content types and views. Without having to write any code, you can use the content construction kit (CCK) and view modules to create new content types and create advanced custom views for those types. Common examples include news stories, blog posts, albums, books, and tutorials, all of which can be created and displayed in a variety of ways. While most content management systems require additional written code for creating these types, no programming knowledge is required to do them in Drupal. To make it even more search engine-friendly, it’s simple to create content silos using a free add-on called Views Attach. Create an automated query to create a list of relevant content and attach it to any other piece of content – all with a point-and-click interface.
  3. Ease of editing and revisions. Even the most professional companies make mistakes. Recently I found two spelling errors on CNN.com’s home page, including the word “errors” (it was spelled “erros” for about an hour before the mistake was corrected). Drupal’s built-in version control allows you to save new versions of your Web pages every time they are edited. This gives you the ability to revert back to old versions at any time. Want to try a new marketing message on your site? Type it in. Didn’t work? Revert to the previous page. Snap.
  4. The organizational wizardry of taxonomy. Drupal has a very powerful, built-in taxonomy (categorization) system that allows you to organize and tag content with keyword-rich terms. While care should be taken that each Drupal “vocabulary” be limited to certain content types, it is an infinitely flexible system. For example, you can use free tagging for types of content like blogs or products, while your news or tutorial sections might have a list of categories that can only be selected from a dropdown that is defined by the webmaster. You can also have hierarchical categories, with single or multiple parent categories. But don’t get crazy and deep with it. It’s a good rule of thumb that no page of content is more than three clicks from the home page. The closer the node is to the home page, the more important Google thinks it is, and the higher that individual page will rank. Drupal’s advanced taxonomy features, combined with CCK and views, also allow you to rank for long-tailed keywords that make up a thorough SEO campaign.
  5. Multiple user management. Drupal is almost as well-known for its community as it is for being easily optimized. That’s because Drupal was designed for community-based websites, and has a strong user role and access control functionality. There are no limits to the user roles and access levels you can create and customize – for example, “anonymous visitor,” “authenticated user,” “editor,” “webmaster,” “admin,” and “moderator.” You can also keep the advanced user management features turned off – like if you have multiple blogs – and enable them later when your site grows.
  6. Page titles. The page title is the single most important on-page thing you can do to improve the SEO of your website. Page titles, the line of text in the HTML of a Web page that summarizes what that page is about, act as the welcome mat for your website. Page titles:
    • Tell visitors that they are in the right place
    • Display in the browser title bar
    • Hold important keywords so that your page can be properly categorized by Google and other search engines
    • Display whenever someone bookmarks your site
    • Are often used by search engines as the heading of the search result

    Drupal can generate a page title automatically by using the site name and site slogan of the front page and the node title for individual nodes, but for more complex content, you may want to rearrange the automated page title for SEO purposes. Drupal’s page title module gives you full control over your page titles throughout your site. You can define a pattern that will create search engine-optimized titles automatically as you create new content, or take control by writing your own page titles anywhere you can create content.

  7. Better integration with Google Analytics. Have you ever wondered how much your own clicking around and working on your website skews your analytics data? Not if you have a properly configured Drupal site. Using the free Google Analytics module for Drupal, you can dynamically show and hide analytics code based on several factors, including if the user is logged in as an admin. You can even not track certain sections of your site, not track certain user types (like people logged in as company employees), and cache the Google Analytics code locally, which will speed up your page load times. All within Drupal. No programming required. For free.
  8. Passionate and active community. Drupal has a large community of users and developers who are very active and passionate about the CMS. More than 650,000 user accounts have been created on Drupal.org, and more than 2,000 people have registered developer accounts. You can find hundreds of community-contributed modules that help make Drupal a better experience. Drupal forums offer support and you can find other Drupal users in Drupal Groups.
  9. Free as in beer. Unlike other platforms, Drupal modules (what we call plug-ins, add-ins, or widgets – modular pieces of code that you can easily add to your site) are free. That’s right. You don’t need a license or even a credit card to install any of the functionality that I’ve mentioned in this article. Just go to Drupal.org, click on the “download” tab, and grab anything you need.
  10. Getting started with Drupal SEO is easy. Just download the Drupal SEO checklist module, drop it into your sites/all/modules folder on your server, and turn it on from the modules admin page. Go through the simple, step-by-step instructions, and you’re well on your way to the best SEO experience you’ve ever had on a CMS.


ByAlexia Pamelov

Cheap Windows Tutorial – Tips to Make Drupal Hosting Better

CheapWindowsHosting.com | What is Drupal? Drupal is the #1 platform for web content management among global enterprises, governments, higher education institutions, and NGOs. Flexible and highly scalable, Drupal publishes a single web site or shares content in multiple languages across many devices. Technology and business leaders transform content management into powerful digital solutions with Drupal, backed by one of the world’s most innovative open source communities.


Drupal, the powerful and easy-to-use content management system, written in PHP is extremely popular among web designers. The reason why they go for Drupal hosting is its modular approach – every thing, including the core system files are in the form of modules. Barring the core ones, web admins can install, uninstall any module from the vast list of modules available in the Drupal website.

However, certain small tweaks and modifications can do wonder over and above the existing benefits you get. Here are some of the tips and tricks which can optimize your website:

Maintain the structure of the code

Organizing the program code by maintaining the structure and adding comments can help in further modifications and updates as the program gets larger.

Cron tasks should be done on off-peak hours

If your site needs you to do cron jobs, the preferred time would be when the traffic on the website is minimum.

Use English-readable URLs

Instead of using the default URLs provided by Drupal, one should enable Clean URLs, and install which enable English-readable URLs

Enable the used modules only

More the modules more would be the time to load a page. Thus, modules that are currently in use should be disabled from the administration section.

ASPHostPortal provides fast and reliable Drupal Hosting.

ByAlexia Pamelov

Cheap Windows Tutorial – How To Improved Drupal Security ?

CheapWindowsHosting.com | Today we will learn about how to improved drupal security. As we know Drupal is one of the most popular free and open source web application frameworks. Drupal is almost infinitely extensible through not only various theme possibilities but also the vast library of modules or add-ons. However, this great extensibility is also a point of weakness should insecure or vulnerable code be used in either themes or community contributed modules that can result in compromise. The following guide on best practices for Drupal covers main areas of attention in regards to security for any Drupal web administrator.


How To Improved Drupal Security ?

1. Upgrade to Drupal 8

Even though Drupal 7 is still supported, upgrading to Drupal 8 is recommended for the many security enhancements as well as usability enhancements.

Because of core coding changes in Drupal 8, existing modules have to be re-written to support Drupal 8. This has unfortunately caused a delay in adoption of Drupal 8 as many sites rely on various contributed modules which in some cases have no Drupal 8 counterpart or only experimental versions still testing in Drupal 8.

Drupal 8 finally includes the ability to update modules from the web interface. Drupal 7 security has been perceived as poor in large part because of many sites not updating Drupal core or any associated modules. With Drupal 7, applying updates for general maintenance was somewhat problematic and inconvenient. This is perhaps what led to many sites putting off updates leading to many Drupal installations being compromised. Updating is improved in Drupal 8, and is somewhat similar to the web-based updates that WordPress users have been enjoying.

Other Drupal 8 security benefits include:

  • Stronger security for stored user passwords
    Passwords in Drupal 8 are hashed with phpass, combining multiple rounds and salted hashes. Drupal 7 and prior stored user passwords in MD5 in the database which is now considered weak and easily crackable.
  • Update notifications
    Drupal 8 incorporates automated email notifications of any pending module or core security updates. This is also available in Drupal 7 via a module, but is now built in as functionality in Drupal 8.
  • Login Rate-Limiting
    Drupal 8 now incorporates brute force login protection. Defaults are rate limiting for five failed attempts in a six hour window as well as rate limiting 50 failed attempts from one IP address per hour. This is configurable in modules/user/user.module.

2. Keep Drupal up-to-date

Keeping Drupal up-to-date is the fundamentally most important security consideration.
Drupal security consists of three areas to maintain security updates:

  • Drupal Core updates
  • Contributed Module security updates
  • Theme security updates

Drupal Core update announcements are available from http://drupal.org/security.
As of Drupal 8, every window in the Administration interface notifies of a pending Drupal Core update.

  • Modules
    Drupal module update announcements are available from http://drupal.org/security/contrib. Drupal 8 has built-in email notification for any outstanding module security updates as well to notify admins of pending updates. Resist the temptation to develop or write custom email forms or other elements for Drupal, but rather look for existing well-established modules that are written to serve various purposes. Existing modules have been tested for the most part in a wide install base and have had more eyeballs on the code to check for security flaws.
    Completely remove any disabled modules from the server so as not to have any older vulnerable code live and present in web directories.
  • Check your sources
    In choosing a Drupal theme, consider building upon or using a tested well used theme that has continued updates from the developer. Often users will pick a theme that is ‘pretty’ or meets other cosmetic requirements. However it is critical to inspect if the theme is currently being maintained for security updates. Do not install themes found randomly on the internet; only choose themes from Drupal’s Download & Extend which have been recently maintained. Even then, closely inspect the source to be vetted before launching the code live in a Drupal installation.

Drupal XSS exploits through themes are not uncommon. For example the following theme is susceptible to XSS as one illustration: http://drupal.org/node/1608780

If creating a custom theme, thoroughly test the theme in an installation with various web application scanners, either open source or commercial, that test for XSS or SQLi prior to deployment.

  • Drush
    Drush is the ultimate command line utility to manage Drupal. With drush, it is possible to do such tasks as clearing all Drupal caches, upgrade Drupal core and modules, apply database upgrades (similar to running update.php), enable/disable modules, and much more.
    If not already using drush, this is a valuable tool to be on top of and easily patch any outstanding Drupal security updates. More information is at the following URL http://drupal.org/project/drush/.

3. Enable SSH for Update Manager

The built-in Update Manager for updating through the web interface or installing modules in Drupal 7 has the ability to use SSH to connect to the host. This is of course the preferred way to transfer files instead of FTP. If SSH does not show up as an option in Drupal 8′s Update Manager, install the following PHP library:
Debian / Ubuntu:

$ sudo apt-get install libssh2-php

Red Hat / CentOS:
Red Hat and CentOS do not include ssh libraries for PHP. The required package php-pecl-ssh2 can however be installed from the EPEL repository (http://fedoraproject.org/wiki/EPEL).

4. HTTPS and Drupal

Drupal by default operates only over HTTP, including sending any login credentials in plain text. One solution is to have the entire site operate over HTTPS. But while perhaps having an entire site over HTTPS is not ideal as of date, steps can be taken to at least have credentials and other form submissions in Drupal to occur over HTTPS.
Drupal 7 by default uses the secure flag for HTTPS cookies to prevent session hijacking. The module Secure Login (http://drupal.org/project/securelogin) is a required module to help further take advantage of this feature. The Secure Login module allows not only logins but also form submissions in Drupal to occur over HTTPS and have a unique HTTPS session cookie that cannot be hijacked.

Along with the secure cookie flag, the httponly cookie flag can be set in php.ini on the server for another layer of security. In Debian or Ubuntu, edit the following file:


Red Hat or CentOS, edit the following file:


Use the following values to enforce the httponly flag for PHP session cookies:

session.cookie_httponly = 1
session.use_only_cookies = 1

Without these above changes, one could potentially intercept and steal the authenticated cookie to then gain authenticated access to the Drupal installation.

5. Web server permissions

Permissions of the directories and files in Drupal are critical for security. Files or directories should never be 777, nor are 777 permissions required for Drupal to operate. Directories should be 750 or 755 and files should be 644 or 640.

The Drupal directory and files should be owned by a regular user, and the group of the apache user. This can cause problems for automated updates. Temporarily changing permissions to have the apache user own the Drupal directory so to install updates may be required. Once updates are complete, change the Drupal directory back to be owned by a regular user.

This example command changes the owner to jsmith (example username) and group of the Apache user on Debian and Ubuntu for all files in the Drupal installation:

$ sudochown -R jsmith:www-data /var/www/drupal

To temporarily switch permissions to allow updates, change the owner to the apache user:

$ sudochown -R www-data:www-data /var/www/drupal

Next perform updates, then set permissions back:

$ sudochown -R jsmith:www-data /var/www/drupal

6. Recommended Modules

In the security area, two recommended modules should be part of a Drupal installation.

The Security Review module (http://drupal.org/project/security_review) inspects various aspects of a Drupal installation including file system permissions, user auditing, database and other errors, as well as things such as input formats allowed. This module is also useful in that the interactive results detail how to fix or remedy various issues that apply to the Drupal installation.

Secure Login (http://drupal.org/project/securelogin) as mentioned above is a critical plugin to keep the security of authenticated sessions and form submissions free from session hijacking.

If still on Drupal 6, making use of a phpass module addon (http://drupal.org/project/phpass) will strengthen password hashes for users that are stored in the database.

7. Backups

Regular backups are a part of any system administration and that includes running and administering a Drupal web application. Two backups are required for Drupal: regular full database dumps and also regular snapshot backups of the entire Drupal directory. Should compromise occur, having the ability to roll back to a previous snapshot or compare files to a previous snapshot is invaluable. Creating either automated cron jobs to make backups or using a module such as Backup and Migrate (http://drupal.org/project/backup_migrate) is critical and should be part of the security administration for a Drupal installation.

8. Scanning and Auditing

Regular scanning of the Drupal site with web application scanners or vulnerability scanners is required today to be on top of security. At least monthly scanning at a minimum is a good interval if not more frequently. Many open source as well as commercial web application scanners are able to test sites for XSS and SQL injection which is very relevant to web applications such as Drupal.

9. Operating System Updates and Logs

Drupal security extends to operating system security, which is the host running the web server Apache as well as PHP. If Drupal is installed in a self-managed VPS or other similar installation, staying on top of OS security updates and patches are critical to ensure that the entire host is secure and free from compromise. Subscribe to various Linux distribution security update mailing lists or Twitter feeds to keep on top of any pending updates or security issues for the operating system that is hosting the Drupal installation.

Reviewing Apache or other operating system server logs daily is part of general security no matter what application or software is in use. Make use of logwatch or other automated log alert software to be on top of any trending patterns in logs from would-be attackers.


Drupal security is achievable by keeping on top of security updates for Drupal core and contributed modules as well as taking advantage of SSH and HTTPS options that are available. Most default Drupal installs provided by scripts in hosting companies do not have many of the above mentioned security notes installed or available, which leaves most Drupal users unknowingly connecting and managing their site via insecure protocols. Upgrading to Drupal 8 as soon as possible is strongly encouraged by this author for the many security benefits outlined. The problematic maintenance and upgrading of Drupal 7 is much improved in Drupal 8 which will help users to keep sites and code more up-to-date against today’s seemingly growing threat of attack against web applications. For a deeper look into Drupal and other web application security, check out the web application penetration testing course offered by the InfoSec Institute.