Monday April 14, 2014
Your Drupal site was probably affected by
Heartbleed, the encryption bug that opened
security holes on sites across the Internet. Although the bug had nothing to do
with Drupal, you still need to do two things to secure your site.
Step 1 is straightforward: check with your hosting company to see
whether they've secured your server, and whether you need to do
anything. They may tell you to get your security certificate
reissued. If so, follow their instructions.
But Step 2 could easily be missed. After you've followed all the
instructions from your hosting company, here's one more step:
force a password change for all your users.
If your server was vulnerable to Heartbleed, all those user passwords
could (in theory) have been tidily collected somewhere. Again, this
vulnerability isn't specific to Drupal, it's just all part of the
tasty, slightly post-apocalyptic delight we're calling Heartbleed.
Not all sites out there are forcing password changes, but why not? The
tiny hassle is a small price to pay.
Drupal doesn't come with a built-in mechanism for forcing a password
change, but when has that ever stopped us? Check out the excellent
Password Policy module. With a couple
clicks, you can force a one-time password change for every single
Seriously. Go do this now. Internet-wide security breaches don't
happen that often. Wipe those old passwords before one of them wipes
out your site.
Learn more about the Password Policy module.
Monday April 7, 2014
WordPress.com lets you host a
WordPress site for free, but they offer
certain "premium upgrades". Some are
worth paying for, but you
can usually save money by avoiding most premium upgrades.
Every site is different (and in fact, some WordPress sites
should never be hosted on WordPress.com).
In general, though, you can probably skip:
Most of the other upgrades can usually be skipped, too -- you can
review the list to be sure.
Don't be too cheap, though. With a few
"must-have" WordPress.com upgrades,
you can leverage WordPress.com to get excellent, professional-looking,
maintenance-free hosting for your WordPress site.
Related Articles: When Not to Host Your WordPress Site on WordPress.com | Skip the VideoPress Upgrade | Skip the Premium Themes Upgrade | "Must Have" WordPress.com Upgrades
Friday March 28, 2014
Some people love theming their website. Others would rather comparison
shop life insurance. In multiple languages.
Wherever you fall on the theming spectrum, making your CMS look
good just got easier and quicker. In a few short articles, I've
covered essential concepts of choosing or designing a theme. Are you
agonizing over whether to try
paid themes? Wondering what the
basic parts of a "theme" even are? Read on.
These articles apply to almost any CMS, whether it's
WordPress, Drupal or even
biased towards Drupal over Joomla,
personally.) They explain the general concepts that you'll need to
wrestle with themes (or templates) in any CMS.
Get More Theming Joy
Are you planning to use an existing theme? Check out
"Choosing the Right CMS Theme or Template. "
Are you more concerned with getting a custom theme to look just
right? Save time and money with
"Designing a Custom CMS Theme or Template."
If you avoid the pitfalls, theming can be (mostly) a splendid
pleasure. I hope you learn to enjoy it as much as I (usually) do.
Monday March 24, 2014
You want your website to work on phones and tablets, right? To be
"responsive"? You may be thinking that you'd like to use a popular
CMS like WordPress or
Drupal, but you're not sure whether it'll be
"responsive". Good news: any quality CMS can be used to build a
responsive website, because "responsiveness" happens in the
It's true that some CMSs can't be themed to be responsive, but their
theming potential is so limited that you'd probably want to avoid them
anyway. A good CMS can
look like anything, and this certainly
includes both WordPress and Drupal.
So when you're shopping around for themes (such as free
WordPress themes or
Drupal themes), check whether each theme is
responsive. Not all themes are.
A responsive theme will often boast this fact (although responsiveness
is fast becoming a requirement, not a feature, for new themes). But
you can also use a free tool in Firefox to easily
test whether a theme is responsive
at different screen sizes.