Migrating to a new platform—whether upgrading from an older version or moving to Sitecore XM Cloud—is an great time to modernize your digital experience. Beneath the surface, a major challenge presents itself that some do not consider or put enough though into, content migration. Many organizations assume that migrating content is as simple as scripting your existing site, or copying and pasting, but messy, outdated, or disorganized content can lead to long-term problems and debt. If bad data makes its way into the new CMS, it can create tech debt, slow down performance, and impact the ability to deliver a seamless digital experience. So how do you ensure a migration sets you up for success? Understanding the biggest challenges and how to tackle them is the first step.

Not All Content Should Be Migrated

One of the most overlooked issues in a Sitecore migration is the quality of the content itself. Many organizations take an “everything must go” approach, assuming all existing content should move to the new platform. This often results in duplicate pages, outdated messaging, and unstructured data that doesn’t fit into the new CMS. Without a clear strategy, the antiquated content & media from the old system follows into the new one, making it harder to manage content effectively. Before migration, conducting a content audit can help determine what should be migrated, archived, or rewritten. A thoughtful approach ensures that only clean, relevant, and well-structured content moves into the new CMS, improving efficiency for marketing teams and enhancing the user experience.

Content Structure and it’s Significance

Sitecore is a powerful platform, but its effectiveness depends on how well content is structured. If the previous site had inconsistent templates, scattered media assets, or missing metadata, those issues will carry over—leading to a disorganized backend that slows down teams. Without a solid content model, marketers may find themselves constantly working around a flawed system rather than leveraging Sitecore’s capabilities to their full potential. Defining a content structure before migration ensures that pages are organized properly, metadata is applied consistently, and assets are easy to find and manage. Working closely with content strategists and developers to create a structured approach will make content creation and personalization more efficient in the long run.

SEO Challenges Without Planning

SEO can also take a hit during a poorly planned migration. When URLs change, internal links break, or metadata is lost, search rankings can suffer. Many teams assume that simply moving content over will maintain visibility, but a lack of planning often leads to missing redirects, duplicate pages, and unexpected drops in organic traffic. To prevent this, mapping high-value URLs and ensuring proper redirects are in place before migration is critical. Sitecore’s built-in SEO tools and third-party integrations can help manage metadata, maintain ranking authority, and provide a seamless experience for users who arrive from search engines.

Bad Data Creates Long-Term Debt

Beyond content structure and SEO, there’s also the issue of tech debt. When bad data moves into a new CMS without being cleaned up, it creates inefficiencies that affect content teams and developers alike. Pages become slow due to unnecessary assets, content authors struggle to find or reuse existing components, and site performance suffers. Over time, these issues compound, making it harder to scale digital efforts. A Sitecore migration shouldn’t just be about moving content; it should be about improving it. Taking the time to optimize workflows, remove outdated content, and implement governance ensures that the new environment is built for long-term success.

A Migration Empowers Future Growth

A successful migration isn’t just about getting content into the new CMS—it’s about setting the foundation for better user experiences, stronger SEO, and a scalable Sitecore implementation that supports business goals. By treating migration as an opportunity to refine content strategy, organizations can prevent common pitfalls and make the most of their investment. The key takeaway is simple: invest in content hygiene before migration to avoid long-term headaches. A little effort upfront will pay off in a cleaner, more efficient Sitecore environment that drives real results.

Software development techniques have rapidly improved because of the quick growth of technology, with Content Management Systems (CMS) and MVC (Model-View-Controller) frameworks performing a key role in the creation of contemporary online applications. These approaches do, however, have challenges in the fast-paced, high-demanding technological environment of today. Some of the significant limitations of CMS platforms and MVC frameworks in recent years are listed below.

1. Scalability Challenges

MVC Frameworks:

In general, MVC frameworks are created to manage applications of a moderate size. The standard MVC architecture may find it difficult to sustain performance when applications reach a high scale, such as maintaining large databases or millions of concurrent users. Components that are tightly coupled may experience bottlenecks, which makes scalability an expensive and difficult task.

CMS Platforms:

A huge user base is the goal of many CMS platforms, especially WordPress, Drupal, and Joomla. Since they provide extensions and plugins that improve scalability, these add-ons frequently result in performance overhead, which raises the consumption of resources and response times.

2. Performance Overhead

MVC Frameworks:

Even though MVC frameworks are hierarchical, they frequently need several levels of abstractions and database queries in order to handle requests. Slower responses may result from this extra complexity, particularly when processing complicated activities or in high-traffic areas.

CMS Platforms:

CMS platforms are heavy by nature because of their “one-size-fits-all” design. Features that serve a large number of users, even if they are not used, use resources. Multiple plugins enabled, for example, may result in conflicts, slow down page loads, and impact server performance.

3. Security Vulnerabilities

MVC Frameworks:

An important consideration for MVC frameworks is security. Problems like SQL injections, cross-site scripting (XSS), and cross-site request forgery (CSRF) must be addressed by developers. Although frameworks offer instruments to lessen these risks, careful execution is crucial to their efficacy, which leaves room for flaws.

CMS Platforms:

CMS platforms are so widely used, they are often the target of attacks. Systems are frequently at risk from incorrect configurations, delayed updates, and flaws in third-party themes and plugins. To increase the threat level, automated bots deliberately search for common CMS exploits.

4. Complexity in Customization

MVC Frameworks:

Especially when working with intricate business requirements, customizing applications built on MVC frameworks frequently takes a substantial amount of labour. It can become difficult and expensive to change the way the model, view, and controller work together.

CMS Platforms:

Although CMS platforms are easy to use, it might be difficult to achieve very particular features. Frequently, developers must modify default behaviors or write custom plugins, which can lead to maintenance headaches and compatibility problems.

5. Dependency on Third-Party Tools

MVC Frameworks:

For additional functionality, a lot of MVC frameworks rely significantly on third-party libraries. Compatibility problems may arise from this reliance, particularly if certain libraries are no longer actively maintained or are deprecated.

CMS Platforms:

For further functionality, CMS platforms rely significantly on plugins and extensions. But not all third-party tools are built with the same quality standards, and relying on them increases the risk of technical debt, security vulnerabilities, and broken functionality during updates.

6. Rigid Architecture

MVC Frameworks:
Although advantageous, the rigid division of responsibilities in MVC frameworks may prove to be a drawback in situations that call for strange workflows. These limitations frequently force developers to create code that is more difficult to maintain and debug.

CMS Platforms:

CMS systems frequently force users to adhere to preset procedures and frameworks, which might inhibit innovation and adaptability. They are less appropriate for projects that call for innovative designs or highly customized user experiences because of their rigidity.

7. Lack of Modern Features

MVC Frameworks:

Even while MVC frameworks are reliable, they frequently fall behind in embracing contemporary development trends like real-time processing, serverless architectures, and microservices. Usually, integrating these functionalities takes a lot of work and knowledge.

CMS Platforms:

Many CMS systems were developed with traditional content delivery mechanisms in mind. Extensive customization is frequently necessary to adapt them for contemporary requirements like headless CMS, progressive web apps (PWAs), and personalized user experiences.

8. High Maintenance Costs

MVC Frameworks:

To maintain and upgrade applications created using MVC frameworks, qualified developers are frequently needed. It becomes more expensive to maintain clear, effective, and error-free code as projects get bigger.

CMS Platforms:

Updating core software, plugins, and themes on a regular basis can be expensive and time-consuming. Significant work is also frequently needed for big version updates, including data migration and compatibility testing.

Conclusion
Although CMS platforms and MVC frameworks are still important in contemporary web development, their drawbacks emphasize the need for new solutions. Developers must evaluate these systems’ benefits and drawbacks considering project needs. They should also consider new options like low-code platforms, headless CMS, and microservices. By tackling the issues mentioned above, companies can make better decisions to guarantee performance, scalability, and security in their digital solutions.

When building websites in Optimizely Commerce (Spire), you may need to create sections that span the entire page width. Full-width sections are essential for design elements such as banners, hero images, and background sections. Optimizely Commerce (Spire) provides a flexible framework that makes it easy to configure and implement full-width layouts, allowing developers to create visually engaging designs with minimal effort. This guide will walk you through utilizing this feature to seamlessly create full-width sections.

How to Create Full-Width Sections

Step 1: Folder Structure

• First, ensure you have already created a blueprint under the directory src\FrontEnd\modules\blueprints. For example, you might have a blueprint named CustomBlueprint.
• Navigate to the CustomBlueprint/src. Ensure that a Start.tsx file exists in this directory. If it does not, create and add this file.

Step 2: Understand the Options in Start.tsx

The Start.tsx file is the entry point for setting up the main themes, custom widgets, and pages. It uses Mobius styling principles to ensure everything looks consistent, flexible, and accessible. These principles provide a unified design, allowing for easy customization of themes, colors, typography, and other UI elements while maintaining a seamless, responsive user experience across devices.

In the Start.tsx file, you will find two options for configuring the full-width layout through the style guide:

• setPreStyleGuideTheme: If you add your code under this method, you can update the full-width settings directly from the content admin interface
• setPostStyleGuideTheme: If you use this function, the full-width settings will be fixed, and you won’t be able to modify them from the content admin interface.

Step 3: Full-Width Configuration Code

Optimizely Commerce (Spire) already provides a built-in solution to configure sections like the header, content, and footer to span the full page width. To enable full-width for these sections, use the following code snippet:

Explanation

• header: { isFullWidth: true }: Ensures the header section spans the full width of the page.
• content: { isFullWidth: true }: The main content area extends from edge to edge, perfect for displaying banners or immersive visuals.
• footer: { isFullWidth: true }: Sets the footer to full width, ideal for footers with background colors or design elements that must reach the screen’s edges.

Step 4: Integrate the Code

Add the above code to the Start.tsx file within one of the theme configuration functions (setPreStyleGuideTheme or setPostStyleGuideTheme), depending on whether you want to allow updates to the full-width settings from the content admin interface.

Step 5: How to Update the Full-Width Configuration from the Content Admin

After configuring the full-width settings in the Start.tsx file, Optimizely Commerce (Spire) provides an easy way to manage and update these configurations directly from the Content Admin interface.

• Go to the Content Admin and navigate to the Style Guide
• In the Site Configurations section, you will find the Full Width settings.

• Click on each option (Header, Content, and Footer) to see a toggle that allows you to make the section full-width.

Note: You can only update the full-width setting using the setPreStyleGuideTheme option in the Start.tsx file.

• After updating the value in the Settings modal, ensure you save the changes.

Step 6: How to Use the Full-width Option on Actual Pages

• To use the full-width option on pages, add a Row widget. Edit the Row widget, and you will see a Full Width Checkbox option (by default, this option will be unchecked).

• To make the section full width, check the checkbox.

     Note: Once the checkbox is checked, any content in that row will be displayed at full width.

Conclusion

Optimizely Commerce (Spire) provides a straightforward and flexible solution for creating full-width sections, making it easier to design visually engaging websites. Following the steps outlined in this guide, you can quickly enable full-width layouts for your header, content, and footer. Whether you prefer to manage these configurations through the Content Admin interface or directly in the code, Optimizely Commerce offers the flexibility to create seamless, immersive designs that enhance the overall user experience. With full control over these settings, you can customize your site’s layout to fit your specific design needs while maintaining a consistent and responsive interface across devices.

In the previous blog, Part 1: Sitecore Quick Guide for the Beginner, we covered essential Sitecore topics, including what Sitecore is, its key features, SXA, templates and their types, Standard Values, Helix and Habitat, and how Sitecore interacts with its SQL database. We also introduced important tools like the Content Editor and explained how Sitecore handles content management and delivery.

In this blog, we’ll continue exploring more important topics to help you gain a deeper understanding of how Sitecore works. Let’s dive into the next set of Sitecore concepts…

1. What is CMS (Content Management System) in Sitecore?

Sitecore CMS (Content Management System) is a platform that helps you create, publish, and manage content on your website. It makes it easy to create and update digital content, improving the experience for your users. A CMS is a tool that allows teams to work together to create, edit, and publish digital content like web pages and blogs.

2. What is Versioning in Sitecore?

In Sitecore, versioning lets you create multiple versions of any item, including different languages or variations. Using the Content Editor or Experience Editor, you can create as many versions as needed. There are two types of versions:

1. Numbered versions: These are versions of the item in the same language. For example, you might create a special version of your product page for a promotion, including a new image, and then switch it back after the promotion ends.
2. Language versions: These are versions of the item in different languages. For example, you can add an English version of a page and also create a French version. You would also need to create separate versions of any images to show in both languages.

3. Rendering in Sitecore.

In Sitecore, renderings are used to display content on a page or part of a page. Some types of renderings in Sitecore include:

• View Rendering: This is used for components that don’t need much logic or database interaction. It’s best for displaying content that doesn’t require complex business or presentation logic.
• Controller Rendering: This rendering involves providing a model, controller, and view. It’s used for displaying content that needs more complex business logic or presentation logic and relies on external data.

4. What is meant by the media library in Sitecore?

The Media Library in Sitecore is the place where you can store and organize all your media items, such as images, videos, audio files, and documents. You can upload and organize files like images (jpg, gif, png), documents (PDF, DOC, PPT), and media files, which can later be accessed and used in the Content Editor.

All your media files are kept in one place and can be organized in folders, similar to how content is arranged in the content tree. You can easily find media items using Sitecore’s search or by navigating through the folders in the Media Library.

5. What are tokens? And what types of tokens does Sitecore support?

As Sitecore developers, it’s a best practice to define Standard Values when creating templates. This allows you to set default or sample values for fields.

To achieve this, we can leverage Sitecore Tokens, which enable dynamic value insertion into fields based on the specific item created by the content author.

Sitecore provides several built-in tokens that can be used dynamically, including:

• $name: The name of the newly created item.
• $id: The ID of the new item.
• $parentid: The ID of the parent item.
• $parentname: The name of the parent item.
• $date: The current date in yyyyMMdd format.
• $time: The current time in HHmmss format.
• $now: The current date and time in yyyyMMddTHHmmss format.

Example of tokens

Here’s an example using the $name token. In this case, we have a field called “Heading.” When a new item is created, the value of this field will automatically be set to the name of the item being created.

6. What are the different publishing modes in Sitecore?

There are three types of publishing modes in Sitecore:

1. Incremental Publish: This mode only publishes the items in the publishing queue. This method is quicker because Sitecore doesn’t have to check or compare different versions of items before publishing them.
2. Smart Publish: This mode publishes only modified items since the previous publish. It compares the items in the master database with their versions in the target database, and if any changes are found, those items are published. However, this can be slow because it compares all items, which can take time if there are many items.
3. Republish: This republishes everything, even items that haven’t changed. It replaces every item in the target database with the one from the master database and deletes old versions from the target database. This is useful for updating the website with new content, restoring backups, or adding new languages or targets to the site.

7. Partial designs and Page designs

Partial designs: To reuse similar layouts for sections like the header, footer, and main content of a webpage, you can create partial designs in the page builder. These partial designs consist of components that can later be combined to form full-page designs.

Navigate to the path “/sitecore/content/{Your-Tenant}/{Your-Site}/Presentation/Partial Designs” in the Content Editor. Right-click and select “Insert” to add a “Partial Design” to the header.

Access the newly created “Partial Design” for the Header in the Experience Editor.

Page designs: A page design combines layout elements that help you organize your pages. For example, you can ensure that the header and footer always appear in the same place. You can also create different page designs for specific pages, like a blog page, landing page, or product page. Content authors can then add content to these pre-made layouts.

You can create page designs using the Content Editor and the Experience Editor.

In the Content Editor, go to the path /sitecore/content/{Your-Tenant}/{Your-Site}/Presentation/Page Design. Right-click and choose “Insert” to add a new “Page Design”.

In the Design section, choose the partial designs you wish to add, like header, footer, or metadata, click the right arrow to transfer them to the selected items list, and then save your changes.

The Designing section has a field called “Template to Design Mapping.” This field links page designs to templates. Pages are created under “Home” using the Page template by default. We will map the design accordingly since we want a consistent design throughout the website. I associated the Article page design with both the Home and Page templates.

Now, when you browse the website, you will see your page content along with the content from the partial designs.

8. What is Scriban in SXA?

I’ll provide a quick overview of Scriban, but I strongly recommend reading this great guide by Drew Taylor for more information.

Scriban is used in rendering variants to define your HTML layout and control how the data from your template is applied.

Scriban have their own language and rules for getting data from the source and combining it with logic, HTML, CSS, and JavaScript in a single file.

9. What is Cloning in SXA?

In SXA, you can quickly duplicate a rendering using the clone script. This creates an exact copy of the rendering definition, parameters template, data source templates, and branches. You can then change the name and modify the style. This is helpful, for example, when you need several Promo renderings with different styles.

I strongly suggest you check out Ankit Tawale’s blog for a better understanding of cloning in SXA.

10. What does a pipeline mean in Sitecore?

In Sitecore, pipelines consist of a sequence of steps or processes that are executed in a defined order to achieve a specific task. They are a core component of Sitecore’s architecture. In Sitecore, various processes, including authentication, request handling, publishing, and indexing, are managed through pipelines. Developers can modify these pipelines by altering patch files to add, remove, or change functionality within Sitecore.

To explore and study all the available pipelines in Sitecore, the best approach is to visit the following page:

https://<domain>/sitecore/admin/showconfig.aspx

In the example above, we have a pipeline consisting of three processors. If we need to enhance the functionality, we can insert a new step into the pipeline.

We can also completely replace an existing step, providing greater flexibility to customize the functionality and execution of that step as needed.

This post covers essential Sitecore concepts that will help you create, manage, and optimize your digital experiences. By understanding tools like versioning, rendering, and pipelines, along with features such as media management and SXA, you’re equipped to leverage Sitecore’s full potential. Keep exploring and experimenting to unlock even more possibilities with Sitecore!

In the dynamic world of digital experiences, maintaining a high-performing and secure website is paramount. For organizations leveraging the power of Acquia Cloud, proactive site reviews are essential for optimizing performance, identifying potential risks, and ensuring a smooth and successful digital journey. This blog post will delve into the significance of Acquia Cloud Site Reviews, outlining their purpose, key components, and the invaluable insights they provide.

Why Conduct Acquia Cloud Site Reviews? 

Acquia Cloud Site Reviews offer a comprehensive evaluation of your website’s health and performance within the Acquia ecosystem. These reviews provide valuable insights that can: 

• Enhance Performance: Identify and address performance bottlenecks, such as slow page load times, high resource consumption, and inefficient caching mechanisms. This leads to improved user experience, higher conversion rates, and enhanced search engine rankings. 

• Strengthen Security: Proactively uncover and mitigate security vulnerabilities, including outdated software, misconfigurations, and potential attack vectors. Regular reviews help ensure your website remains protected from malicious threats. 

• Optimize Costs: Identify areas for cost optimization within your Acquia Cloud environment. This may include right-sizing your infrastructure, optimizing resource utilization, and identifying unused services. 

• Improve Stability: Pinpoint potential instability issues, such as code errors, database inconsistencies, and environmental factors that could lead to unexpected downtime. 

• Ensure Compliance: Verify compliance with industry standards and best practices, such as security regulations and accessibility guidelines. 

When to Conduct Acquia Cloud Site Reviews 

Regular Acquia Cloud Site Reviews are recommended at various stages of your website’s lifecycle: 

• Post-Launch: Conduct a thorough review shortly after launching a new website or significant updates to identify any unforeseen issues and ensure smooth operation. 

• Before Major Releases: Prior to major website releases or marketing campaigns, perform a comprehensive review to anticipate potential performance bottlenecks and ensure a seamless user experience. 

• Annually or Biannually: Schedule regular reviews at least annually or biannually to proactively identify and address emerging issues, optimize performance, and ensure ongoing stability. 

• After Significant Changes: Conduct reviews after significant changes to your website’s infrastructure, codebase, or content to assess the impact and ensure continued optimal performance. 

• When Facing Performance Issues: If you experience performance degradation, unexpected downtime, or security incidents, a thorough review can help pinpoint the root cause and implement corrective measures. 

Key Components of an Acquia Cloud Site Review 

A comprehensive Acquia Cloud Site Review typically includes the following key components: 

SLA Impact Assessment: 

• Evaluate potential impacts on Service Level Agreements (SLAs) based on identified issues. 
• Analyze historical performance data to identify potential future risks. 
• Recommend proactive measures to ensure continued SLA adherence. 

Application Information: 

• Gather detailed information about your website’s architecture, including:  

• • Name (Application Name) 

• • Hosting environment (e.g., Acquia Cloud Platform, Acquia Cloud Edge) 

• • Subscription 

• • Organization 

• • Drupal Version 

• • Drush Version 

• • Deployed Code 

Issue Summary: 

• Provide a concise overview of the most critical issues identified during the review. 

• Prioritize issues based on severity and potential impact. 

• Clearly communicate the urgency and importance of addressing each issue. 

 Issues: 

• Detailed descriptions of all identified issues, categorized by severity (e.g., critical, major, minor). 

• Include specific recommendations for remediation and potential workarounds. 

• Provide supporting evidence, such as performance data, code snippets, and security scans. 

Warnings: 

• Identify potential future problems or areas of concern. 

• Provide proactive recommendations to mitigate risks and prevent future issues. 

• Highlight potential areas for improvement in website performance, security, and scalability. 

Audit Synopsis: 

• Summarize the key findings and recommendations of the review. 

• Provide an overall assessment of your website’s health and performance within the Acquia ecosystem. 

• Outline a roadmap for addressing identified issues and improving website performance. 

Benefits of Acquia Cloud Site Reviews 

• Improved Website Performance: Enhance website speed, reduce page load times, and improve user experience. 

• Enhanced Security: Identify and mitigate security vulnerabilities, protecting your website from attacks. 

• Reduced Downtime: Minimize unexpected downtime and ensure business continuity. 

• Optimized Costs: Identify opportunities to optimize resource utilization and reduce hosting costs. 

• Increased Agility: Proactively address issues and adapt to changing business needs. 

• Data-Driven Decision Making: Gain valuable insights into website performance and make informed decisions.

Conclusion 

Acquia Cloud Site Reviews are an invaluable tool for organizations seeking to maximize the value of their Acquia Cloud investment. By proactively identifying and addressing potential issues, you can ensure optimal website performance, enhance security, and deliver exceptional user experiences. I hope this comprehensive blog post provides a valuable overview of Acquia Cloud Site Reviews.

Drupal, a robust and versatile content management system (CMS), powers millions of websites worldwide, including those of major corporations, institutions, and governments. While Drupal offers robust security features, it’s imperative to implement best practices to safeguard your website from cyber threats. 

Understanding the Evolving Threat Landscape 

The digital landscape is continually evolving, and so are cyber threats. As organizations increasingly adopt remote work and digital transformation, the attack surface expands, making it crucial to prioritize security. Drupal, like any software, is susceptible to vulnerabilities, but the active community and dedicated security team work diligently to address them. 

Common Security Risks and Mitigation Strategies 

Cross-Site Scripting (XSS): Malicious code injection into web pages. 

In cross-site scripting (XSS) attacks, malicious code is introduced into client-side scripts using HTML or JavaScript. XSS attacks come in three varieties: reflected (non-permanent), stored (persistent), and DOM-based. There are several strategies to defend against these, including utilising frameworks that steer clear of HTML elements and scanning your databases with online vulnerability scanners. 

Mitigation: Keep Drupal and modules up-to-date, employ input validation and sanitization, and consider a web application firewall (WAF). 

SQL Injection: Exploiting vulnerabilities in SQL queries. 

This assault, which is also referred to as SQL injection, uses malicious SQL code to access and alter back-end databases and obtain data, including personally identifiable information (PII) about clients or business information. By avoiding dynamic queries that employ string concatenation and by preventing user-supplied data that contains malicious SQL from changing the logic of performed queries, developers may reduce the risk of SQL injections. 

Mitigation: Utilize prepared statements and parameterized queries, input validation, and escape user-supplied input. 

Remote Code Execution (RCE): Unauthorized access to execute code on a server. 

By gaining access to systems, hackers are able to remotely run malware or other harmful programs and take control of the compromised systems or devices within an organisation. RCE attacks are characterised by effects that go beyond system penetration, such cryptomining and data theft, and may be carried out from any location in the world, as the name suggests. 

Mitigation: Keep software and modules up-to-date, enforce strong password policies, and conduct regular security audits. 

Cross-Site Request Forgery (CSRF): Tricking users into performing unintended actions. 

CSRF attacks force users to carry out undesirable activities in apps when they are already authenticated. Attacks that are successful can compromise a whole online application or only transfer money and change the addresses and other data. 

Mitigation: Implement CSRF protection tokens, enforce strong session management, and educate users about security best practices. 

Best Practices for Drupal Security 

Let’s move on to the procedures and actions that prevent Drupal vulnerabilities, or what you would call your Drupal security checklist. 

Maintain Up-to-Date Software

Regularly update Drupal core, modules, and themes to address security vulnerabilities promptly. Stay informed about security advisories and releases. Prioritize critical security updates and apply them immediately. 

 If you haven’t installed and updated any of these extensions yet, here is a list.  

1. Content access. Content permissions are decided by this security module according to author and role. 
2. Automated logout : After a predetermined amount of time, users are logged out using this module.  
3. Password policy This module adds an extra degree of protection against login-bots and creates safe password restrictions. 
4. Session limit. The maximum number of sessions per user is restricted by this module. 
5. Security kit (SecKit). By providing a variety of security-hardening choices, this module assists organisations in reducing their vulnerability to application attacks. 
6. Two-factor authentication (2FA). During login attempts, this module provides an additional layer of authentication. 
7. CAPTCHA. By filtering spambot form inputs, this module prevents automated scripts from publishing spam material.  

Secure Your Website with an SSL Certificate 

Protect your website and your users’ data with an SSL certificate. This digital certificate encrypts data transmission, preventing unauthorized access to sensitive information like passwords and credit card numbers. By enabling HTTPS, you enhance your website’s security, improve SEO, and boost user trust. 

Strengthen with Role-Based Access Control and protect file permissions

A variety of user roles, including administrators, editors, and anonymous users, are available in Drupal. Each can be given particular rights, including the ability to view, edit, or change the content and operations of the website.  

Certain positions will require more rights than others, and some will be privileged accounts. The principle of least privilege (POLP) should always be used. An information security standard known as the POLP maintains that a user should only be able to access the information, programs, and resources necessary to do a task. By imposing restrictions, the POLP reduces the number of ways malicious actors might get access to your systems and do damage to your company.  

Choose a trustworthy hosting provider

In addition to storing your data, a web hosting provider will keep your site and apps secure and stable. On-premises, infrastructure-as-a-service (IaaS) (often referred to as do-it-yourself) hosting, and platform-as-a-service (PaaS) providers are available options; each offers varying degrees of protection and support. Unless you choose a supplier, who handles everything, some will carry out the procedures we’ve discussed here, while others will fall under your purview. Think carefully about your demands and what you could give up if you choose with a less expensive choice. Keep in mind the fines that could be applied if your website doesn’t comply with the correct standards. 

Make use of safe connections  

Utilize SFTP encryption if it is available from your web hosting company or secure shell (SSH) client, but be sure to utilize port 22.  

From the client’s perspective, ensure that: Don’t make a master password or keep FTP passwords. Threat actors can access them since they are kept in plain text and are not encoded. Advise users not to visit the website on public networks in places that are seldom secure, such as cafés and airports.  

Be careful on the server side to: Use just the most recent versions of MySQL and PHP from the vendor. Make that the web application firewall is set up and the account is appropriately isolated. Avoid shared hosting, which may lead to shared IPs and overloaded servers. 

Sanitize: Clean up the inputs  

By adding an input validation function or logic, sanitization entails eliminating dangerous characters from user inputs, hardening the upload area. Sanitization guarantees that the data may be uploaded to a database and has an acceptable display format when it is implemented. XSS and SQL injection attacks may be prevented in particular using input sanitization. 

Maintain periodic site backups  

You may restore a backup in case something were to happen to your website, but the recentness of the backup will depend on how frequently you back up your site. Drupal core and all of its related modules and themes, together with the files for your application (such as PDF files of uploaded content), should be included in that backup so that you can promptly recover from an attack.  

Remember: Have a solid backup before making any site upgrades. This is especially crucial when installing a module or theme for the first time. 

Ensure HTTP security headers more robust. 

Although there are other kinds of HTTP headers besides security-related ones, the ones that apply here instruct a browser on how different aspects of your website should be controlled. They are an excellent method of protecting your website or online application against intrusions such as clickjacking and man-in-the-middle (MITM) attacks. 

The following HTTP security headers are suggested to be taken into account: 

• Content-security policy (CSP) : You may fine-tune the permitted content sources and other content settings using this header. 
• Strict-transport-security.   Using encrypted HTTPS connections rather than plain-text HTTP interactions is implemented via this header. 
• X-frame-options. Publishers can prevent intruders from utilising their material in an unseen frame by using this header. The proper CSP directives can now take the place of X-frame-options, which are a holdover from 2008. 

 These are the most important HTTP security headers, while there are more, such public-key-pins and X-XSS-protection. 

Enforce Strong Password Policies 

Mandate strong, unique passwords for administrative accounts. Consider implementing two-factor authentication (2FA) for enhanced security. Encourage users to change passwords regularly and avoid using easily guessable information. 

Monitor Security Logs 

Regularly review server and application logs for suspicious activity. Utilize security monitoring tools to detect and respond to threats. Implement intrusion detection systems (IDS) and intrusion prevention systems (IPS) to identify and block malicious attacks. 

Adding More Security Measures

You could wish to install other security features for even greater protection, like: 

• An IP firewall with the ability to whitelist or restrict particular IPs, ASNs, or even whole nations 
• An SSL certificate that protects online transactions and ensures the privacy and security of consumer data 
• Defence from distributed denial-of-service (DDoS) attacks, which aim to overload a server with internet traffic, blocking users from accessing the server’s supported services and websites. DDoS defence reduces the scope of an attack by preventing harmful traffic from getting to its target. 
• A bot management tool that prevents harmful bot traffic from damaging APIs, mobile apps, and websites 

Conclusion 

By adhering to these best practices and maintaining vigilance, you can significantly enhance the security of your Drupal website and protect your valuable data. Remember, security is an ongoing process, so continuous monitoring and improvement are essential. 

The modern web landscape demands agility and adaptability. Content Management Systems (CMS) that cater to diverse project needs are essential for success. Drupal, a powerhouse CMS renowned for its scalability and robust features, embraces this demand with its impressive headless/decoupled architecture. 

This blog series delves into the world of Drupal’s headless capabilities, exploring how it empowers you to build modern, content-driven experiences.  

Demystifying Headless/Decoupled Drupal 

Imagine a website where the user interface (what users see) operates entirely separate from the back-end content management system (where content is created and stored). This separation defines the essence of headless/decoupled Drupal. 

Drupal acts as a robust content repository, empowering you to create, edit, and manage content seamlessly. This content is then exposed through standardized APIs (Application Programming Interfaces) like JSON:API. These APIs act as messengers, allowing your chosen front-end framework (React, Vue.js, Angular, etc.) to retrieve and display the content in a customized way. 

Unveiling the Benefits of Headless Drupal 

The advantages of embracing Drupal’s headless capabilities are multifaceted: 

Unmatched Flexibility: Build a website with any front-end framework that aligns perfectly with your project’s specific needs. No more limitations! 

Blazing-Fast Performance: Decoupling the front-end from the back-end optimizes performance, delivering a lightning-fast experience for your users. 

Enhanced Scalability: Scale your front-end and back-end independently, ensuring your website remains performant even with high traffic. 

Improved Security: By minimizing the attack surface on your public-facing website, headless Drupal enhances overall security. 

Exploring Drupal’s Headless Arsenal 

Drupal doesn’t hold back on providing the tools you need to embrace headless architecture. Here’s a glimpse into its offerings: 

• JSON:API: This built-in module empowers developers to interact with Drupal content through a RESTful API. 

• GraphQL (graphql.org): As an extension, GraphQL provides an alternative API approach, offering greater flexibility and efficiency for complex data retrieval. 

• REST Services: Drupal core also supports building custom RESTful APIs for tailored content access. 

JSON:API vs. GraphQL 

While both JSON:API and GraphQL function as APIs for headless Drupal, they cater to slightly different needs: 

• JSON:API: Offers a clear, predictable structure for retrieving content resources, ideal for developers familiar with RESTful APIs. 

• GraphQL: Provides a more flexible approach, allowing developers to request specific data fields and build tailored queries, ideal for complex data structures and relationships. 

Headless Drupal – GraphQL 

GraphQL is a query language for APIs and a runtime for fulfilling those queries with existing data. It provides a way to request specific data from an API, and it ensures that only the requested data is returned. This can improve the performance of applications that use APIs, as it reduces the amount of data that needs to be transferred. 

In the context of headless Drupal, GraphQL can be used to create a flexible and efficient API for accessing Drupal content. This API can then be used by a variety of front-end frameworks, such as React, Vue.js, or Angular, to build modern and performant web applications. 

Here are some of the benefits of using GraphQL with headless Drupal: 

• Improved performance: GraphQL can significantly improve the performance of applications that use Drupal content. This is because GraphQL allows you to request only the data that you need, which reduces the amount of data that needs to be transferred. 

• Increased flexibility: GraphQL provides a flexible way to access Drupal content. You can use GraphQL to query for any data that is available in Drupal, and you can structure the data in the way that you need. 

• Simplified development: GraphQL can simplify the development of front-end applications that use Drupal content. This is because GraphQL provides a single API that can be used to access all of the data that you need. 

Getting Started with Headless Drupal

Ready to unleash the power of headless Drupal? Here’s a roadmap to kick-start your journey: 

1. Define Your Project Needs: Identify your project’s specific requirements – content type, desired front-end framework, and API approach. 
2. Set Up Drupal Backend: Install Drupal and configure content types and fields as needed. 
3. Choose Your API Approach: Based on your needs, select either JSON:API (built-in) or install the GraphQL module. 
4. Develop Your Front-End: Using your chosen framework, integrate with Drupal’s API to retrieve and display content. 
5. Deploy and Maintain: Deploy your website and establish a maintenance strategy for both the front-end and back-end components. 

Conclusion 

Drupal’s headless/decoupled architecture unlocks doors to a world of possibilities. By offering a content-centric approach, it empowers you to build modern, performant websites with the flexibility of choosing your preferred front-end framework.  

Whether you’re building a mobile app, a single-page application, or something entirely new, headless Drupal empowers you to deliver exceptional user experiences with efficient content management.  

Here are some helpful resources: 

• Drupal Decoupled Documentation 

• JSON:API vs. core’s REST module 

• GraphQL Module  

In the realm of content management systems (CMS), Drupal reigns supreme for its ability to craft intricate and interactive websites. But what if your needs lean towards a simpler, lightning-fast solution with the ease of Drupal’s backend? Here’s where the surprising world of static sites built with Drupal comes into play! 

This approach might seem unconventional, but it offers a compelling combination of advantages. Traditionally, static site generators (SSGs) create pre-rendered HTML pages, resulting in exceptional performance and security. However, they often lack the intuitive content management features that Drupal boasts. 

This is where Tome, a powerful Drupal extension, steps up to the plate. It acts as a bridge, allowing you to leverage Drupal’s full content management capabilities while simultaneously generating a static version of your website. What does this mean for you? 

• The Best of Both Worlds: Enjoy the user-friendly interface of Drupal for creating, editing, and managing your content. 

• Unmatched Speed: Serve static HTML files, guaranteeing lightning-quick page loads for your visitors. 

• Enhanced Security: Reduce the attack surface for hackers by eliminating the need for a dynamic CMS on your public-facing site. 

The Perfect Fit: When Static Sites with Drupal Shine  

We unveiled the potential of using Drupal as a static site generator with Tome. But when exactly does this approach make the most sense? 

This setup shines for websites primarily composed of static content, like: 

• Brochure: Showcase the essential information about a product, service, or event in a visually appealing and concise manner. 

• Portfolios: Showcase your work in a visually stunning and high-performance portfolio. 

• Landing Pages: Craft conversion-focused landing pages that load instantly, maximizing your impact. 

Furthermore, consider this approach if: 

• Performance and Security are Paramount: Speed and reliability are critical for your website’s success. 

• You Have Existing Drupal Expertise: Utilize your Drupal knowledge for a seamless static site workflow. 

However, it’s crucial to understand some trade-offs. Static sites aren’t ideal for situations involving: 

• Frequently Updated Content: If your content changes daily or even hourly, a dynamic CMS might be a better fit. 

• User Interaction: Features like forms and interactive elements are not readily available in static sites. 

Weighing the Advantages: Considerations for Static Sites with Drupal 

By now, you have a solid understanding of the unique approach of using Drupal for static sites. Before diving in, let’s address some key considerations: 

Benefits: 

• Exceptional Performance: Static HTML files load faster, leading to a significantly improved user experience. 

• Enhanced Security: Reduced attack surface due to the lack of a dynamic CMS on the public-facing site. 

• Scalability: Easily manage large volumes of content with Drupal’s robust backend. 

• Cost-Effective: Static site hosting often requires less expensive hosting options compared to dynamic sites. 

Drawbacks: 

• Limited Interactivity: Forms, user accounts, and other interactive features might need additional workarounds. 

• Content Updates: The workflow for updating content may require regenerating the static files. 

Ultimately, the choice between static sites and a dynamic CMS depends on your specific needs. If your website primarily focuses on static content and prioritizes speed and security, then Drupal with Tome could be the perfect solution. 

Conclusion  

Drupal’s versatility extends far beyond complex websites. By utilizing Tome, you can harness its power for static sites, reaping the benefits of both worlds. Enjoy the familiar Drupal interface, robust content management features, and the exceptional performance and security of statically generated pages. 

So, if you’re looking for a content-driven static website with a powerful backend, consider the unconventional, yet effective, approach of Drupal with Tome. 

Ready to explore further? Here are some helpful resources: 

• Tome Project 

• Drupal Static Site Generator Module  

• Creating a Static Archive of a Drupal Site 

• Static Suite 

• Static Web 

I hope this series has provided valuable insights into the world of static sites with Drupal. This approach can offer a compelling and unique solution for website creation! 

Discover the world of Drupal, a flexible and powerful content management system (CMS) that empowers you to create stunning websites and web applications. This comprehensive guide will introduce you to the core concepts of Drupal, from its modular architecture to its robust security features. Learn how to build dynamic, scalable, and SEO-friendly websites without writing complex code. Whether you’re a beginner or an experienced developer, this blog post will equip you with the knowledge and skills to harness the full potential of Drupal. 

A Mobile-First Approach 

Drupal is built to seamlessly adapt to the diverse landscape of mobile devices. From the initial setup to managing modules, the platform is designed with mobile users in mind. 

Key Features for Mobile Optimization 

• Responsive Design: Drupal incorporates responsive design principles into its core functionality, ensuring that websites built on the platform automatically adjust to different screen sizes and resolutions. 

• Mobile-Friendly Forms: Drupal intelligently adapts form elements like date/time pickers, phone number fields, and email addresses to provide optimal user experiences on mobile devices. 

• User-Centric Interface: The platform is designed to offer a smooth and intuitive user interface, even on smaller screens, making it easy for users to navigate and interact with content. 

By prioritizing mobile-first design, Drupal empowers developers to create websites that deliver exceptional user experiences across all devices. 

A Flexible Foundation for Headless and Decoupled Architectures 

Drupal offers robust support for headless and decoupled architectures, enabling you to create dynamic and flexible digital experiences. 

Key Features 

• JSON:API Implementation: Drupal comes with a built-in implementation of the JSON:API specification, allowing you to easily access and manipulate content via a RESTful API. This makes it simple to integrate Drupal with a wide range of front-end technologies, such as React, Vue.js, and Angular. 

• GraphQL Support: While JSON:API is a powerful tool, Drupal also supports GraphQL through extensions. GraphQL provides a more flexible and efficient way to query and manipulate data, allowing you to tailor your API requests to your exact needs. 

• Content as a Service (CaaS): By decoupling the front-end and back-end, Drupal can serve as a central content store. This approach enables you to deliver content to multiple channels, including websites, mobile apps, and IoT devices. 

With its headless capabilities, Drupal empowers developers to build modern, scalable, and personalized digital experiences. 

From Dynamic to Static 

Drupal’s versatility extends beyond complex, interactive websites. It can also be used to create lightning-fast static sites, offering the best of both worlds: the power and flexibility of a CMS with the performance and security benefits of a static site generator. 

Key Feature: Tome Extension 

The Tome extension enables you to leverage Drupal as a static site generator. This means you can create and manage content within the familiar Drupal interface, and then generate static HTML files that can be deployed to a CDN or web server. 

Benefits of Using Drupal as a Static Site Generator: 

• Performance: Static sites are incredibly fast to load, as they are served directly from a web server without requiring dynamic processing. 

• Security: Static sites have fewer attack vectors, as they do not rely on a complex backend infrastructure. 

• SEO: Search engines can easily index and crawl static content, which can improve your website’s search engine rankings. 

• Scalability: Static sites can handle high traffic loads without requiring additional server resources. 

By combining the power of Drupal with the efficiency of static site generation, you can create high-performance, SEO-friendly, and secure websites. 

Conclusion 

Drupal’s flexibility and adaptability make it a powerful tool for developers of all skill levels. Whether you’re building a simple static site or a complex, interactive web application, Drupal provides the tools and resources you need to succeed. 

With its focus on mobile-first design, headless architecture, and static site generation, Drupal empowers you to create modern, high-performance, and user-centric digital experiences. By understanding the core concepts and leveraging the available features, you can harness the full potential of Drupal to achieve your web development goals. 

In Part 1 of this series, we explored the exact procedures needed in upgrading from Drupal 10 to 11, as well as the crucial platform specs.  

If you haven’t already read it, I recommend starting with Part 1 to get a handle on the Drupal 11 upgrade. In this second part, we’ll look at the upgrade pathways accessible to Drupal 9, 8, and 7 users, as well as give information on how to migrate to Drupal 11.  

For Users of Drupal 9 

Drupal 9 will no longer be supported after November 1, 2023. Users should switch to Drupal 10 as soon as possible. To update to Drupal 11, you must first upgrade to Drupal 10.3. This step cannot be omitted.  

Before commencing the Drupal 10 upgrade, ensure your Drupal 9 site is updated to Drupal 9.5.x. 

Moving to Drupal 11 is not urgent, as previously stated. To upgrade from Drupal 9 to Drupal 10, follow the instructions outlined in the “For Drupal 10 Users” section. Once your site is up to date with Drupal 10, you may transition to Drupal 11 when it’s convenient for your organization. 

For Users of Drupal 8 

In November 2021, Drupal 8 reached its end of life. To upgrade to Drupal 11, your site must first be updated to Drupal 9, followed by Drupal 10. Use the Upgrade Status Module to analyse your site. Drupal Rector automates most custom code changes. 

For Users of Drupal 7 

Drupal 7 will no longer be supported after January 5, 2025. Drupal 11 has migration tools for straight transfer from Drupal 7, and many contributed projects are expected to be compatible with Drupal 11 by the end of its existence.  

Acquia’s Migrate Accelerate solution is now open source, allowing anybody to use it to accelerate migrations with a simple user interface. 

Drupal Module Upgrader identifies necessary code changes for custom modules to be compatible with Drupal 8, 9, 10, and 11. Although it cannot automatically transform code for Drupal 11, the analyser function remains useful. Additional community add-ons in the Migrate Tools and Migrate Plus projects will simplify the upgrade. 

New to Drupal 11? Here’s how you get started. 

Drupal is absolutely free to install and run. This features over 50,000 modules to enhance site functionality and 2,500 themes to customise its appearance. To operate the site locally, you may need to install server, database, and PHP interpreter software (which is used by Drupal). 

SimplyTest.me allows you to quickly test your freshly installed Drupal site. This site provides access to a full Drupal installation for evaluation and customisation. (The assessment site will expire in 12 hours.) 

Conclusion 

Upgrading to Drupal 11 is essential for maintaining security and accessing the latest features. This two-part series has detailed the upgrade paths for Drupal 10, 9, 8, and 7 users. Remember to prioritize security and leverage available tools like Upgrade Status Module, Drupal Rector, and Acquia Migrate Accelerate. 

By following these guidelines and utilizing the vast Drupal community, you can successfully upgrade your website to Drupal 11 and enjoy a more robust and feature-rich platform. 

Upgrades to Drupal versions have been significantly more efficient since Drupal 8 (symfony framework), meaning that site rebuilds are mostly not required. 

 List of Modifications to Platform Specifications: 

1. Symfony: Ensure that you have symfony 7 
2. PHP: PHP 8.3 installed with the zlib extension enabled is required for PHP Drupal 11. This extension will often be enabled by default on most platforms.
3. Drush: Ensure that you upgrade to Drush 13 if you use it. 
4. New specifications for Databases.  The following specifications must be met by the database drivers that Drupal 11 supports:  
   • • MariaDB 10.6 is required for the MariaDB database driver.  
   • • The SQLite 3.45 version with the json1 extension is required for the SQLite database driver. 
   • • PostgreSQL 16 is required for the PostgreSQL database driver.  
   • • MySQL 8.0 is required for the MySQL database driver. 
   • • The syntax unique to MySQL 8 and MariaDB 10.6 is not yet directly used by Drupal 11, although it will be in later iterations. There is a MySQL 5.7/MariaDB 10.3 backport module that you may use in the meantime if you are unable to update to these versions.
5. Web Server:  

• • Apache: The most popular Drupal web server is Apache. Drupal requires at least Apache 2.4.7 or greater. 

• • IIS Support Discontinued: Drupal 11 no longer supports Microsoft Internet Information Services (IIS). Websites currently using IIS should migrate to a supported web server. 

• • Web.config File Removed: Please note that Drupal 11 does not include a web.config file. If you encounter any issues, report them to address compatibility problems with web servers other than IIS. 

For Users of Drupal 10 

All core changes added before 10.3.0 have been deleted from version 11, thus Drupal sites running 10.2.x or older must first update to 10.3.0 or later. Before upgrading to the next major release, websites should generally upgrade to the most recent version of their current major branch. You must be on Drupal 10.3 in order to receive correct upgrade progress information, as the tools only enable code compatibility verification towards the next major version. 

Install Upgrade Status  

To facilitate the transition to Drupal 11, it is a good idea to install Upgrade Status on your development site once you are on 10.3.0 or later.  

Upgrade Status provides you with a checklist of potential next actions, which helps “gamify” the process to some extent. 

This module may be used with Drush’s command line interface or the Drupal back-end user interface. Upgrade Status looks at your setup to assist you in updating your PHP version, database server, and other components to Drupal 11 compatibility. It finds extensions that aren’t being utilised on the website and probably can be taken off. It checks your contributed modules for instances of deprecated code and compatibility problems. It will assist you in updating them when Drupal.org releases suitable versions.  

It directs you to work together on Drupal.org problems to make the projects compliant when the changes are not yet available. In order to greatly speed up upgrading custom code, it will also offer instructions on where to utilise Drupal Rector.

Use Drupal Rector  

To assist with resolving compatibility concerns, Drupal Rector will automatically produce patches. Compared to manually initiating the code updates, this is more straightforward and easy. Drupal Rector can help you get started because it covers the most popular deprecated APIs. The module will point you to material on the necessary adjustments, but any lingering problems found by Upgrade Status will need to be resolved manually. 

Verify Compatibility of Contributed Projects 

The Project Update Bot assists contributed projects in becoming compatible. If a project you’ve contributed isn’t yet compatible with Drupal 11, Upgrade Status can help you correct it. Update the project on your website in the interim by using the Lenient Composer plug-in. If there are uncommitted patches for that project, you may use cweagans/composer-patches to apply them where needed and let the patch authors and module maintainers know how you found them. 

As a consequence, even if its extensions are compatible with Drupal 11, the website will still function on Drupal 10. After that, updating Drupal core is all that is required. 

Furthermore, Acquia offers some rather comprehensive information on the Drupal 11 project deprecation status dashboard’s community module readiness. 

Plan for files managed by the site owner 

The Statistics module is now a contributed module, and its support has been removed from the default.htaccess file. 

Fix the Outdated Custom Code 

Once you have your Upgrade Status report, you will need to review your custom code, just like you would with any submitted code. In reality, any kind of trial run or genuine transfer to Drupal 11 cannot happen until all Drupal application code has been fixed, even if you are lucky enough to only need to make a few changes.  

In many cases, the depreciations simply require minor adjustments (e.g., replacing one function or method with another).  

However, it’s crucial to recognize that these changes are not to be taken lightly. If not carefully handled and validated, even simple word substitutions might cause problems for your website. 

Preparing for a Smooth Drupal 11 Upgrade 

It’s common for Drupal upgrades to encounter initial challenges. To minimize risks, always perform these updates in a controlled environment like a local sandbox or cloud IDE. This way, if something goes wrong, you won’t jeopardize your live site. 

Testing with composer update –dry-run 

Before proceeding with the actual update, use composer update –dry-run to simulate the process without making any changes. This will help you identify potential conflicts or issues. Once you’ve successfully run a dry run without errors, you can proceed with the core composer upgrade. 

Resolving Upgrade Issues: 

If you’re still unable to upgrade to Drupal 11 using composer update drupal/core –with-all-dependencies, try running composer why-not drupal/core 11.0. This command will provide valuable information about any dependencies or conflicts preventing the upgrade. 

Backup Before Deployment 

Before deploying any changes to your production environment, always create a backup of your code and database. This ensures you have a safety net in case something goes wrong during the update process. Even if you’ve successfully tested the upgrade in other environments, it’s still a good practice to have a backup in place. 

Conclusion 

Drupal has significantly streamlined its upgrade process since the introduction of Drupal 8. This means that site rebuilds are becoming less frequent, making the transition to newer versions more efficient. In this blog post, we’ve delved into the specific steps involved in upgrading from Drupal 10 to 11 and outlined the essential platform specifications. 

What’s Next? 

In the second part of this series, we’ll turn our attention to users of Drupal 9, 8, and 7. We’ll explore the upgrade paths available to these users and provide detailed guidance on how to seamlessly migrate to Drupal 11. 

By the end of this series, you will be equipped with the knowledge and tools to confidently upgrade your Drupal website to the latest version 11. 

Unlock Your Website’s Potential with Custom Fonts

In this blog, we’ll explore the importance of typography in enhancing your site’s visual appeal and user experience. You’ll discover step-by-step instructions for integrating custom fonts into your Optimizely CMS Spire. Whether you’re a beginner or an experienced developer, this guide will provide valuable insights to elevate your web design.

So, let’s see below how we can integrate fonts using a third-party URL or by using font files. 

URL Font Help 

If you need to use third-party font URLs, such as Google Fonts or Adobe Fonts, then this option is preferable. 

By default, Optimizely uses this one option to load font.  

Suppose we have already created blueprint (or We can say theme in general) i.e. CustomBlueprint under frontend/modules/blueprints directory. 

We must create the Start.tsx file if it is not already in the CustomBlueprint/src directory. 

There is variable called fontFamilyImportUrl present under typography section of file modules\mobius\src\globals\baseTheme.ts. Use the variable that was copied from the previously specified file location in Start.tsx.

Inside that variable we must update whatever third-party URL we have (Google Font, Adobe Font, etc).

Once you’ve updated the URL as mentioned above, you can start using the font as outlined below. 

Custom Fonts

If you want to load font files from codebase instead of using third-party font URLs. Then this option is preferable.  

Let’s see how we can integrate fonts using custom font files like (woff, woff2, eot, ttf).  

Here also we need CustomBlueprint blueprint and Start.tsx file.  

First, we will see where we must add a custom font file and then how to access and load in our site those files.  

Under CustomBlueprint create the wwwroot/staticContent directory, and inside that directory, add your font files. 

Also, create one CSS file stylesheet.css under wwwroot/staticContent directory. Inside that file we are calling the fonts file using @font-face.

Once font added under directory wwwroot/ staticContent and called in wwwroot/ staticContent/stylesheet.css CSS file, then we have to assign path of CSS file to “fontFamilyImportUrl” variable present in Start.tsx file. 

By using this path /staticContent/stylesheet.css, you can access CSS file.

Once above process done then you can start using font as per below.

By using the above two ways, you can easily integrate fonts in your Optimizely CMS spire site.