Easy-to-follow video tutorials help you learn software, creative, and business skills.Become a member
You can build a static traditional web site in Drupal Gardens, but what it's really good at is social sites-- that is, those sites that accept members and let them interact with each other through comments and blog posts and so on. A lot of this course is about how to make Drupal Gardens do what you want, but that's only half the story. If you're going to run a social web site, you also need to know how people interact with it. Then you have to plan to make that interaction easy, safe, and free of abuse. Here are five tips.
First one is to pretend that you're a visitor. I switched over to another browser where I am not logged into the site. I just want to browse around it, make sure that all of the links work. For example, right there, I clicked on the contact link, and I get this Access denied. What that tells me is I have to go back and edit this block so that people who are anonymous users don't see it. I will show you very quickly how to do that. I will go back into my administrative interface, go up to Structure and Blocks, and scroll down to where that block is.
Sidebar A, it's that Need guidance block. Click configure, and then scroll down to the bottom and make it so that only authenticated users and everybody above that can see the block, and save the block. Now if I go back to my front page, I as the administrator can still see it. However, an anonymous user going to that page will see nothing. Very good. We corrected one problem right there, which we would have missed if we hadn't looked at the site as a visitor.
The second tip is to go through the sign-up procedure. Make sure that you understand how people are interacting with your site from the very beginning. To do that go on, again, as an anonymous visitor and click Login or Register. Actually go through the procedure with an e-mail address that you have, for example, on yahoo.com or gmail.com, something that's not really your central e-mail address. This way you'll have some understanding of what people are going through in order to become a part of your site, and that will help direct exactly how much you give to them without going through that procedure.
You'll start to understand how easy or difficult it is, and how much of a barrier it is to get to the content that you want to give them. The third tip is to check roles and permissions. I am going to go back to my administrative site here and click on People and then click Permissions. I mentioned this earlier in the course, but it's worth mentioning again. You should particularly look at what anonymous users and authenticated users can do, because remember, anonymous users is anybody who comes across your site, and authenticated users is anybody who signs up for an account.
In particular, watch out for anything that says it has security implications. If you give those permissions away, you might be allowing people to actually take over your site or destroy things that you've worked hard to create. Going back up to our list of People, take a look at the Roles column and make sure that you've given out the roles the way that you really want them to be. Let's say that califanjoe had gained your trust and became a blogger but then later on did something you didn't like. Well remember to come back here and take away that role. And you can remember how to do that by watching the video about adjusting user permissions.
The fourth tip is to make sure that people aren't abusing your site by checking over the content every once in a while. I'm talking about both the node content, which includes blog posts and news items, and comments that people add in response to those nodes. To find out about that, go up to the Content link here. Once in a while just look over the content that's come in. Make sure that you know what everything is, or at least that nothing looks peculiar. That's especially true if you've given permission to authenticated users to create any nodes, because as I mentioned before, automated spamming programs will go ahead and just create account after account and then start filling up your site with junk nodes.
Also look at the comments, both the published comments and those that haven't been approved yet. To learn more about that, once again, watch the videos about slowing spam and managing comments. The final tip takes a bit of explanation, but it's also an important one, so I am going to go through the whole thing. You need to adjust your text formats to prevent people from entering damaging content into your site. I will show you how that works, by going and adding content, and let's just say basic page.
When you create a node, you'll notice this little pop-up Safe HTML, and it lists
of few other choices.
If somebody chooses Full HTML and then switches from WYSIWYG to HTML, they can
enter all kinds of damaging content. And I'd like to actually go through and
enter some of this content, so you get a sense of what can happen.
Now I am going to show you something that's not all that damaging, but it
will give you a sense.
I am going to call this "Dangerous stuff," and down here I'll enter in
So what does that actually do? Let's go down and take a look. I will save it. And as you can see, it actually frames somebody else's site inside your content. Now, in this case it doesn't matter that much. It's just the Google site. It's not taking up the entire page and so forth. But you can see the sort of mischief that people can do. I am just going to go back now and delete that node. There are ways to allow more tags into your text formats than I've shown you here.
To learn more about that, see my other lynda.com course, "Drupal Essential Training." These five tips will get you started, but don't kid yourself. When it comes to dealing with people, there is a lot to learn. That's especially true on the Internet, where as the old joke says, you don't know who's a dog. New tricks show up every day, so I recommend you also stay in touch with other webmasters who can give you additional tip. One of the best sites that I've found to stay on top of Drupal vulnerabilities is crackingdrupal.com, which is led by longtime Drupal developer Greg Knaddison.
Above all, stay in touch with your users. Some of them will get to know your site better than you do, and they can alert you to any problems that pop up.
Get unlimited access to all courses for just $25/month.Become a member