I've been an active member of the Drupal community for many years. We've learned a lot together and solved many technical problems. Even today I follow updates of our local community group and sometimes answer folks' questions.

Last week, one of our members asked for advice. He needed to protect 30 landing pages built with old versions of WordPress/Drupal and third-party plugins. The owner was not going to update the sites himself, but he wanted them to stay operational. The problem was that the sites got hacked regularly and it was a pain to clean them from the hacks. The sites were hosted on VPS and served with Nginx.

Our community group brainstormed possible solutions, and I decided to share them along with my own thoughts in case a similar problem ever pops up for you.

You may need the HTTP basic authentication to protect your secrets/innovations when the app is not ready for production or when your normal authorization mechanism is not yet ready. Let's look at a few possible solutions for the problem in the Next.js context.

In the beginning of the COVID-19 lockdown I made a decision to use the isolation for self-improvement and invest time in something future-proof, so I signed up for OpenJS Node.js Application Developer (JSNAD) certification.

It took me a few weeks and two attempts to pass the exam, and yesterday I finally received my certificate. Now it's time to reflect on the preparation process and test itself.

Stream piping is one of the features of Node which I especially like. It exists to simplify data transfer between two or more streams.

For instance, with pipes, you can read HTTP POST request and write the received data to terminal or a file straight away. If you need to process or transform the transferred data, there are tools that you can integrate through pipes too.

If you have ever touched anything related to security, it's likely you used some third-party tools, such as firewalls, XSS filters, access control modules, etc.

There are three basic modes in which you can work with those tools, such as Black Box, Blacklist and Whitelist. And often developers are given the right and responsibility to make decisions on choosing one of them.

Even though this information may sound obvious for some developers, others can make mistakes which can potentially cost their companies money and their leadership nerves, so it’s a good idea to review your understanding of these three security practices.

Imagine, you inherited a React app from another developer and you need to make sure the existing code is secure. In this post I’ll give you a checklist which can help to secure your app.

Kyle Simpson (@getify) gave a talk on the “economy of keystrokes” at the last MallorcaJS meetup on October 15th, 2019. Kyle's talk was sometimes eye-opening, sometimes encouraging and sometimes controversial but indeed worth listening to.

For those of you who don't know Kyle Simpson, It's an author of the “You don't know JS” book series, speaker, teacher and more. Kyle was invited to Mallorca by Trivago guys and kindly agreed to share his wisdom with MallorcaJS community.

I'd like to share a few takeaways from Kyle's talk with you because I believe it's something that every developer should contemplate.

XConf Europe 2019 took place in Barcelona on July 5th and it collected about 100-150 software-related professionals and I had the chance to attend it too. I'll share my impressions on the conference and its content in this brief post.

I have been told recently that the times when Drupal 8 was slow passed long ago, that increased number of abstractions in Drupal 8 doesn’t affect its performance, and that Drupal 7 hook system worse than Drupal 8 events in terms of speed. When I don’t believe, I measure and encourage others to do so.

Recently I had a task to transfer a few sites secured by Let's Encrypt certificates from one Ubuntu server to another. In this post, I'll share my experience in transferring SSL certificates - or better to say - reobtaining them.