Now that Drupal 8 is over a year old, many organizations are more comfortable than ever upgrading their website to this dynamic and powerful content management system (CMS) solution. Several organizations with existing Drupal websites are switching over to this latest version of the Drupal software, others have converted from competitor open source software, such as WordPress, because of the additional functionality that comes baked into the Drupal 8 platform. However, there are important considerations, including upgrades, requirements and security features in Drupal 8 that every organization should know before taking the plunge.
Origins of Drupal 8
In October 2015, Drupal 8 became the latest and greatest version of the Drupal software to hit the market. The open source platform is the product of countless hours dedicated by a team composed almost entirely of volunteer developers who upgrade to the software, make any necessary fixes and address security concerns.
Thanks to the tireless work of Drupal’s core development team, there are currently over one million Drupal sites and the Drupal software remains a top competitor on the CMS market. Drupal’s advanced software, flexibility and functionality are a few of the many reasons why so many organizations are choosing this cutting edge technology for their websites. But before you make your decision, here are some key points to bear in mind.
The Drupal platform has advanced in leaps and bounds over the years. While Drupal 8 has many similarities to its predecessor, Drupal 7, there are several significant differences you need to know about before migrating your content or creating a Drupal 8 website from scratch.
Finding A Hosting Home
Now that Drupal 8 has reached a greater level of maturity, you can choose from numerous dedicated Drupal webhosting solutions. A basic web search will show you just how many companies are out there! However, it’s essential that you find a hosting company that can support the technical requirements – such as PHP 5.5 and MySQL 5.5 – of a Drupal 8 website.
Some main points of consideration to help you select a web host for your site:
- For newbies, you might want to start small with a shared hosting account
- Consider the present and near-future needs of your organization and website
- Learn about options for upgrading and growing your hosting services
- Assess the webhosting company’s reliability, security and customer service
- Compare initial and renewal pricing and services to get the best bang for your buck
- Find out if the hosting company will be able to meet your additional domain needs
- Double-check that your host will backup your website
- Check whether or not their hosting control panel is user-friendly
Installation Is Easier Than Ever
One of many highly welcome improvements that makes Drupal 8 a superior product is how it’s much easier to install than previous versions. For those wanting to update a Drupal 6 or 7 website, Drupal’s Migrate API can help you to easily move into a Drupal 8 site and track the changes made. The Migrate Plus module, new for Drupal 8, also includes sub-modules that can assist with migrations from non-Drupal, as well as Drupal, sources. Migrate Tools gives you even more support to run and manage migrating your content to Drupal 8.
A new system of storing core files in Drupal 8 also speeds up the installation process and creates an additional safeguard against your site’s files being overwritten when installing future updates.
As an added bonus, several modules that once needed to be downloaded separately – such as Views and Entity API – are now included in Drupal 8 core. So there’s much less you need to install out of the box!
Drupal 8 core’s Configuration Management tool helps with synchronizing, importing and exporting items. Its main purpose is to make it easier for developers to take a copy of your live site to create a development site where changes can be made without affecting what appears online – before importing those changes to the live site. One of the drivers behind Drupal 8’s Configuration Management Initiative was the multilingual capabilities developers can now access in Drupal 8 to create sites in a variety of different languages. These enhancements found in Drupal 8 dramatically simplify the website migration and development process for many organizations.
Switching to a new platform for your website can be intimidating, particularly when it comes to understanding its security features. Many organizations need to know that their new website will be able to comply with organizational policies, protect sensitive information and guard against threats. Right out of the box, Drupal 8 has enhanced security features that make it an enticing CMS solution, even for large financial institutions like Nasdaq Corporate Solutions Investor Relations, which uses Drupal 8 for their website.
But before you embrace Drupal 8, it’s important to familiarize yourself and/or your development team and staff with your organization’s online security needs and create a plan for building safeguards into the framework of your website. Here are some major considerations to bear in mind as you map out your new site.
Getting Your Development Team Ready For Drupal 8
Some big changes come packaged with Drupal 8. Before you get started on locking down the security of your site, make sure that your development team is ready to work with Drupal 8’s object-oriented programming (OOP) design. Drupal 8 has moved away from the specialized core architecture of previous versions, to using cleaner and industry standard development tools, such as OPP, Symfony PHP and Twig. Symfony’s routing replaces Drupal-specific routing in previous versions and makes it easier to include more third party PHP components in Drupal 8. OOP and Symfony may present a learning curve for some developers. However, the inclusion of these modern programming tools in Drupal 8 opens the door for further security enhancements and gives you access to a broader talent base of developers who can confidently work with them.
A couple of security enhancements found in Drupal 8 worth noting, which we cover in-depth in this blog post, include:
- More flexible and enhanced security controls against hackers and trolls thanks to the introduction of Symfony PHP and Twig
- Configuration API and YAML for tracking configuration changes
The official Drupal Security Support Team also shares information about bugs and makes available fixes that you and your development team can access through project pages on the drupal.org website.
The standard Drupal 8 installation comes with more built-in modules than previous versions, meaning that many important security features are already baked in. However, there are also thousands of actively maintained modules – and over a 100 that have met a development status of “maintenance fixes only” as of early 2017 – available for Drupal 8. Community contributed modules can be a safe bet when they are actively maintained, but look for stable releases from the Drupal team as a failsafe when in doubt.
Warning For Drupal 6 And Earlier Sites
Something you need to know if you’re an organization using Drupal 6 or an earlier version for your website is that your site is no longer protected by Drupal’s Security Support Team. This means that Drupal 6 and earlier websites are more vulnerable to attacks from malware and bugs in the software. Upgrading to either Drupal 7 or 8 is recommended in this situation to benefit from the additional support and security afforded to these more recent versions of Drupal. Of course, once Drupal 9 is released, Drupal 7 websites will also have a limited time in which to update their software to Drupal 8 or 9 before they also lose access to Drupal’s Security Support Team. In terms of longevity, it makes a lot of sense to upgrade your website to the most recent version, currently Drupal 8, to give your team more time to upgrade once Drupal 9 is released.
UNDERSTANDING DRUPAL’S NEW RELEASE CYCLE
The Drupal development team has committed to a regular release cycle with the advent of Drupal 8. Designed to enhance the predictability and speed of updates to the software, Drupal 8 ships an update – such as 8.1, 8.2, 8.3, etc. – every six months instead of on an ad hoc basis, as was the case with previous versions. This change improves the predictability of software updates and means Drupal 8 will evolve over time with additional features and fixes.
In the past, there were no clear guidelines regarding when a new release would be made available. For example, Drupal 8 came almost five years after Drupal 7 was released in January 2011, compared with three years between Drupal 6 and Drupal 7. Determining when the next version of Drupal hit the market often hinged on whether there were enough new features ready to go. The present six-month release cycle is designed to address this problem by establishing predictable timelines for when new features will be added to the software, and to provide an estimated release date for the next version of Drupal, which will be Drupal 9.
Pro tip: Because of Drupal 8’s regular release cycle, it’s best to use stable APIs and well-maintained contributed modules to avoid any problems when the next version of Drupal – for example Drupal 8.3 or 8.4 – is released.