Drupal announced two vulnerabilities affecting versions 9.2 and 9.3 that could allow an attacker to upload malicious files and take control of a site. The threat levels of the two vulnerabilities are rated as Moderately Critical.
The United States Cybersecurity & Infrastructure Security Agency (CISA) warned that the exploits could lead to an attacker taking control of a vulnerable Drupal-based website.
“Drupal has released security updates to address vulnerabilities affecting Drupal 9.2 and 9.3.
An attacker could exploit these vulnerabilities to take control of an affected system.”
Drupal is a popular open source content management system written in the PHP programming language.
Many major organizations like Smithsonian Institution, Universal Music Group, Pfizer, Johnson & Johnson, Princeton University, and Columbia University use Drupal for their websites.
Form API – Improper Input Validation
The first vulnerability affects Drupal’s form API. The vulnerability is an improper input validation, which means that what is uploaded via the form API is not validated as to whether it is allowed or not.
Validating what is uploaded or input into a form is a common best practice. In general, the input validation is done with an Allow List approach where the form expects specific inputs and will reject anything that does not correspond with the expected input or upload.
When a form fails to validate an input then that leaves the website open to the upload of files that can trigger unwanted behavior in the web application.
Drupal’s announcement explained the specific issue:
“Drupal core’s form API has a vulnerability where certain contributed or custom modules’ forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.”
Drupal Core – Access Bypass
Access bypass is a form of vulnerability where there may be a way to access to a part of the site through a path that is missing an access control check, resulting in some cases a user being able to gain access to levels they don’t have permissions for.
Drupal’s announcement described the vulnerability:
“Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual items of node and media content.”
Publishers Encouraged to Review Security Advisories and Apply Updates
The United States Cybersecurity and Infrastructure Security Agency (CISA) and Drupal encourage publishers to review the security advisories and update to the latest versions.
Read the Official CISA Drupal Vulnerability Bulletin
Read the Two Drupal Security Announcements
Top 10 Essential Website Optimization Strategies
Google officially launched 24 years ago in 1998.
A lot has changed since then, but one thing remains the same. If you simply focus on the basics, you can still be highly successful online.
Of course, the basics in 2022 are much different from the basics in 1998. It’s easy to get overwhelmed and distracted. It has never been more important to be disciplined in one’s approach to SEO.
So, the obvious question is this: What are the factors to concentrate on? How can one boost rankings? How can anyone build traffic in such a competitive environment?
This post will delve into which factors carry the most weight and how to optimize for each.
1. Search Intent
The end goal for Google is to understand the context of a given search query and to serve results consistent with the user intent. This makes advanced-level keyword research and keyword selection more important than ever.
Before spending time and resources trying to rank for a phrase, you will need to look at the websites that are currently at the top of the SERPs for that phrase.
A keyword’s contextual relevance must align with a search query. There will be some keywords and queries that will be impossible to rank for.
For example, if Google has determined that people searching for “Personal Injury Attorney [insert city]” want a list of lawyers to choose from, then a series of trusted law directories will appear at the top of the SERPs.
An individual or single firm will not supplant those directories. In those cases, you will need to refine your strategy.
2. Technical SEO
The foundation for technical SEO is having a solid website architecture.
One cannot simply publish a random collection of pages and posts. An SEO-friendly site architecture will guide users throughout your site and make it easy for Google to crawl and index your pages.
Once you have the right architecture in place, it’s time to perform a technical or SEO audit.
For starters, you should check the following and fix any issues that are uncovered:
- Check for status code errors and correct them.
- Check the robot.txt for errors. Optimize if needed.
- Check your site indexing via Google Search Console. Examine and fix any issues discovered.
- Fix duplicate title tags and duplicate meta descriptions.
- Audit your website content. Check the traffic stats in Google Analytics. Consider improving or pruning underperforming content.
- Fix broken links. These are an enemy of the user experience – and potentially rankings.
- Submit your XML sitemap to Google via Google Search Console.
3. User Experience
User experience (UX) is centered on gaining insight into users, their needs, their values, their abilities, and their limitations.
UX also takes into consideration business goals and objectives. The best UX practices focus on improving the quality of the user experience.
According to Peter Morville, factors that influence UX include:
- Useful: Your content needs to be unique and satisfy a need.
- Usable: Your website needs to be easy to use and navigate.
- Desirable: Your design elements and brand should evoke emotion and appreciation.
- Findable: Integrate design and navigation elements to make it easy for users to find what they need.
- Accessible: Content needs to be accessible to everyone – including the 12.7% of the population with disabilities.
- Credible: Your site needs to be trustworthy for users to believe you.
- Valuable: Your site needs to provide value to the user in terms of experience and to the company in terms of positive ROI.
Multivariate and A/B testing is the best way to measure and create a better experience for website users. Multivariate testing is best when considering complex changes.
One can incorporate many different elements and test how they all work together. A/B testing, on the other hand, will compare two different elements on your site to determine which performs the best.
According to Google Search Central:
“Neither mobile-friendliness nor a mobile-responsive layout are requirements for mobile-first indexing. Pages without mobile versions still work on mobile and are usable for indexing. That said, it’s about time to move from desktop-only and embrace mobile :)”
Here are some basics for making your site mobile-friendly:
- Make your site adaptive to any device – be it desktop, mobile, or tablet.
- Always scale your images when using a responsive design, especially for mobile users.
- Use short meta titles. They are easier to read on mobile devices.
- Avoid pop-ups that cover your content and prevent visitors from getting a glimpse of what your content is all about.
- Less can be more on mobile. In a mobile-first world, long-form content doesn’t necessarily equate to more traffic and better rankings.
- Don’t use mobile as an excuse for cloaking. Users and search engines need to see the same content.
5. Core Web Vitals
In July of 2021, the Page Experience Update rolled out and is now incorporated into Google’s core algorithm, as a ranking factor.
As the name implies, the core web vitals initiative was designed to quantify the essential metrics for a healthy website. This syncs up with Google’s commitment to delivering the best user experience.
According to Google, “loading experience, interactivity, and visual stability of page content, and combined are the foundation of Core Web Vitals.”
Each one of these metrics:
- Focuses on a unique aspect of the user experience.
- Is measurable and quantifiable for an objective determination of the outcome.
Tools To Measure Core Web Vitals:
- PageSpeed Insights: Measures both mobile and desktop performance and provides recommendations for improvement.
- Lighthouse: An open-source, automated tool developed by Google to help developers improve web page quality. It has several features not available in PageSpeed Insights, including some SEO checks.
- Search Console: A Core Web Vitals report is now included in GSC, showing URL performance as grouped by status, metric type, and URL group.
Schema markup, once added to a webpage, creates a rich snippet – an enhanced description that appears in the search results.
All leading search engines, including Google, Yahoo, Bing, and Yandex, support the use of microdata. The real value of schema is that it can provide context to a webpage and improve the search experience.
There is no evidence that adding schema has any influence on SERPs.
Following, you will find some of the most popular uses for schema
If you find the thought of adding schema to a page intimidating, you shouldn’t. Schema is quite simple to implement. If you have a WordPress site, there are several plugins that will do this for you.
7. Content Marketing
It is projected that 97 zettabytes of data will be created, captured, copied, and consumed worldwide this year.
To put this in perspective, that’s the equivalent of 18.7 trillion songs or 3,168 years of HD video every day.
The challenge of breaking through the clutter will become exponentially more difficult as time passes.
To do so:
- Create a content hub in the form of a resource center.
- Fill your resource hub with a combination of useful, informative, and entertaining content.
- Write “spoke” pieces related to your resource hub and interlink.
- Write news articles related to your resource and interlink.
- Spread the word. Promote your news articles on social channels.
- Hijack trending topics related to your content. Promote on social media.
- Use your smartphone camera. Images and videos typically convert better than text alone.
- Update stale and low-trafficked content.
8. Link Building
Links continue to be one of the most important ranking factors.
The best link-building strategies for 2022 include:
9. Test And Document Changes
You manage what you measure.
One recent study showed that less than 50% of pages “optimized” result in more clicks. Worse yet, 34% of changes led to a decrease in clicks!
Basic steps for SEO testing:
- Determine what you are testing and why.
- Form a hypothesis. What do you expect will happen because of your changes?
- Document your testing. Make sure it can be reliably replicated.
- Publish your changes and then submit the URLs for inspection via Google Search Console.
- Run the test for a long enough period to confirm if your hypothesis is correct or not. Document your findings and any other observations, such as changes made by competitors that may influence the outcome.
- Take appropriate actions based on the results of your tests.
This process can be easily executed and documented by using a spreadsheet.
10. Track And Analyze KPIs
According to Roger Monti, the following are the 9 Most Important SEO KPIs to consider:
- Customer Lifetime Value (CLV).
- Content Efficiency.
- Average Engagement Time.
- Conversion Goals by Percent-Based Metrics.
- Accurate Search Visibility.
- Brand Visibility in Search.
- New And Returning Users.
- Average Time on Site.
- Revenue Per Thousand (RPM) And Average Position.
The thing to remember about these KPIs is they are dependent upon your goals and objectives. Some may apply to your situation whereas others may not.
Think of this as a good starting point for determining how to best measure the success of a campaign.
Because the internet has no expiration date, mounds of information and disinformation are served up daily in various search queries.
If you aren’t careful, implementing bad or outdated advice can lead to disastrous results.
Do yourself a favor and just focus on these 10 essentials. By doing so, you will be setting yourself up for long-term success.
Featured Image: Rawpixel.com/Shutterstock