Leveraging the Power of Drupal Without Hacking Core

August 03, 2017 - 14:28

Drupal is a scalable and secure content management framework which help organizations build their digital platforms. In this article I am presenting a situation where Drupal helped implement a feature for one of our client, without affecting the site's scalability and secure nature.

The client’s site went down to maintenance mode for some users unexpectedly. This happens very rarely and there was no immediate visible reason that could point to the cause of it. So it was imperative that we log when the site goes offline in order to debug the issue.

A simple and fast solution would have been to hack the core by adding a line of code that logs the back trace at the time when the site goes offline. But hacking the core leaves us open to security vulnerabilities and may have unintended consequences affecting other contributed modules and make it difficult to update. So it is always a good practice to use Drupal’s high value opportunities for customization, instead of hacking core.

Drupal, as a powerful content management framework gives us the flexibility to do almost any kind of customization by using custom modules and themes without hacking core.

So here we overrode the maintenance page theme in our custom theme to include the back trace log function to find and fix the root cause.

Do you know other reasons why core should not be hacked. Or why is it difficult to update when core is hacked? Share your comments...

Get Drupal updates straight to your inbox

To prevent automated spam submissions leave this field empty.

Post your comments / questions

This is a good article.

I would like to explain a bit more about how it makes difficult to update when the module/core when hacked?

I have seen that, people do hacking not just for fixing or debugging issues but for implementing some features as well. If we are not careful enough, the feature code will be lost while updating the contributed module/core automatically as the code will be replaced which will lead to non-functioning of those features or causing errors. If we know that there are some hacks/patches applied in the module/core then we need to manually make the changes them without affecting the feature code. This will make the updating difficult and time-consuming.

The hacks can go cumulative if the developer is not putting a conscious effort to follow the standards (not hacking core is a Drupal standard). Over a period the code becomes messy and non-manageable. Also, we need to keep proper documentation about the patches applied in each module or core. Otherwise this will result in a vendor lock-in. Since, a new vendor is unable to understand these hacks easily and even a minor update made to the module can break the site.

So, it is always better to follow Drupal standards.

Hope this helps!