Drupal virtual Meetup: Lessons learnt from 250k sites and art gallery showcase

Meetup going global

The benefits of the virtual Meetup format is the ability to have speakers from different locations. This time, we had Scott from Tokyo and Morgan from Brisbane. The Meetup was hosted by Vladimir Roudakov from the Brisbane Meetup and Murray Woodman from the Sydney Meetup.

Lessons learned from over 10 years and 250k sites

The first presentation was by Scott Massey from Pantheon who spoke about the security, performance and workflow lessons he’s learned from running 250,000 websites over the past 10 years. Scott is the General Manager of APAC (Asia-Pacific countries) for Pantheon and is based in Tokyo, Japan - so if you're looking for a good ramen place in Tokyo, he said he’ll be glad to take you there.

Scott pointed out through research done by Verizon’s Data Breach Investigations Report, that 80% of all hacking occurs through the use of credentials being stolen or through brute force such as password packing. The breach itself is often found by security researchers or third parties. Many queries from Pantheon’s customers focus on three areas:

1. How to identify good bots versus bad bots.

2. What DoS (denial-of-service) and DDoS (distributed denial-of-service) attacks look like.

3. How to differentiate between a genuine traffic spike versus an unwelcome attack.

Whether bots are good or bad, they’re here to stay and make up about 30% of traffic. There's also a growing threat of DDoS attacks, with 80% more DDoS attacks since early 2019 (Digital Attack Map).

Scott provided seven main tips for keeping your site secure:

1. Bots - CDN + WAF

2. Keep core up to date

3. Choose modules wisely

4. Do things “the Drupal way”

5. No “cowboy coding”

6. Captcha

7. Https

Salsa's take

Scott's tips of keeping sites secure, while compiled from experience with Pantheon, are relevant to all Drupal installs and hosting architectures. The benefits of GovCMS SaaS in particular are highlighted by the fact that the service inherently provides several of the tips such as keeping core up to date, and wise selection of modules, use of https, etc. GovCMS SaaS takes this burden, complexity and consideration away from agencies using the service.

You can view the full recording of this presentation on the DrupalSouth YouTube channel:

GOMA showcase: Using Drupal, Tome generator and Algolia search

The second presentation was a showcase by Morgan Strong on how he generated a static Art Gallery catalogue using Drupal 8, the Tome module and Algolia search.

Due to COVID-19, museums and art galleries (which tend to be physically based) had to reimagine how they would offer their services. MVPs (minimum viable products), agile and early release frameworks are not commonly used in the publishing and art museum space. However Morgan, who is the Digital Transformation Manager at the Queensland Art Gallery/Gallery of Modern Art, was tasked with redeveloping the online catalogue from the ground up, with an ambitious three week timeframe.

The beta collection site that he built in three weeks used Drupal 8 for generating the site, the Feeds module for importing content into Drupal 8, the Tome module for generating the static site from Drupal, and Views to output formatted JSON and Algolia search for the search and navigation.

Currently there are 180,000 items in the collection. Only half of them are digitised, with the plan to digitise the remainder over the next three years.

He used a static site instead of a standard Drupal site because:

• Museum catalogues are excellent candidates for static web as there’s a lot of content that’s infrequently updated

• Drupal is really good at data modelling

• Drupal has Views

• There are various methods to import data: Feeds, Migrate, Entity Importer

• Drupal is more maintainable than having to manage a server

• Algolia has a React-based app that can be easily inserted as a Drupal block

• He only had three weeks and decided to use familiar tools

You can view the beta version here: https://collection-online-beta.qagoma.qld.gov.au/

Salsa's take

The fact that Morgan was able to compile a beta site in such a short time is impressive. As a more general observation, the Tome implementation highlights the power and premise of static web, which is a present industry trend for doing things smarter, better, faster.

You can view the full recording of this presentation on the DrupalSouth YouTube channel:

---

If you have any feedback or suggestions on what you’d like to see for future Meetups, or if you have something you’d like to present, please contact kristy.devries@salsadigital.com.au.

Sign up to your local Drupal Meetup group to get involved in the community:

• Melbourne

• Sydney

• DrupalACT

• Brisbane

• Gold Coast

• DrupalWA

• Hobart

• Wellington

• Auckland