Focus on the Basics, Not on the Latest Trends: Benji Fisher | NEDCamp

Benji Fisher

The New England Drupal Camp 2022 is in this weekend. We asked between 5 to 8 questions to every speaker at the camp via email/slack. Some questions were common to all, and some were specific. We also gave them a choice not to answer any particular question. The Drop Times got written responses from most of the speakers. We are publishing those short conversations as a series. Here is the fourth interview.

Benji Fisher is a Senior Developer with Fruition. More than that, he is a provisional member of the Drupal Security Team and also part of the Usability Group. He will lead the session, ‘Security in Drupal: what can go wrong?’ at the NEDCamp 2022. Let us hear from ‘benjifisher.’

TDT: [1] A brief introduction about yourself and your work in Drupal

Benji Fisher: I am a back-end Drupal developer. I work for Fruition, maintaining and troubleshooting client websites. I also contribute to the Drupal project in several ways:

  • I am a member of the Usability team and have been moderating the weekly meeting for over two years.
  • I am one of the maintainers of the migration subsystem (Migrate API) in Drupal core.
  • Since February, I have been a provisional member of the Drupal security team.

TDT: [2] The community parlance is that ‘you come for the code but stay for the community.’ How did you first get introduced to the community?

Benji Fisher: I do not remember how I found it, but I started going to the Boston Drupal meetups while I was still experimenting with Drupal, a year or two before I started looking for a job in the field. I had questions and got good advice from people with more experience.

TDT: [3] Tell us about what you present in the New England DrupalCamp 2022 and who should attend your session.

Benji Fisher: I will be talking about keeping a Drupal site secure. I think that is something that everyone should care about. Some of my slides have a few lines of code, but most of the presentation is accessible to everyone. A big part of security is related to processes, not code.

There is a standard review of security issues from the Open Web Application Security Project (OWASP): the OWASP Top Ten. Each time I give this talk, I cover two of the ten topics and how they apply to a Drupal site. The slide deck is a work in progress.

TDT: [4] Everyone is waiting for the Drupal 10 release this December. What is the most exciting feature of Drupal 10 for you?

Benji Fisher: That is a tricky question!

For one thing, all the exciting new features of Drupal 10 will also be in Drupal 9.5. After years of work, I am glad to see that Claro will be the default back-end theme. Olivero, the new front-end theme, is beautiful and accessible. I have not had a chance to look at CKEditor 5 and the new way of extending core themes, but they look promising. By now, it is old news, but I love that Drupal 9.4 added a permissions page for every content type, vocabulary, etc.

Another thing is that I see a lot of things in development, so I am currently excited about the features that will be added in Drupal 10.1 or later. At a recent usability meeting, we saw a demo of the project browser, and it looks great. Also, I think we are finally going to rearrange the admin pages for managing blocks.

In a sense, the big news about Drupal 10 is what it will not have. Several modules will be moved out of Drupal core and made available as contributed modules. Once we get used to that, we might add some contrib modules, like Pathauto, into core (but not in 10.0). We will not have to support IE11 (nor any other version). That means we can have a better responsive grid in Drupal 10 Views.

TDT: [5] After multiple extensions of Drupal 7 end-of-life, a final sundown is set for November 2023. It has been around for a decade and is the most popular Drupal distribution. Even after extending the deadline, there are a lot of websites that still run on Drupal 7. What is your advice for people staying on Drupal 7?

Benji Fisher: First of all, the last time I checked, there was nothing “final” about the 2023 EOL date for Drupal 7. According to,

[T]he scheduled Drupal 7 End-of-Life date will be re-evaluated annually.

We will know next July whether the EOL will be extended to 2024.

We will announce by July 2023 whether we will extend Drupal 7 community support an additional year.

Either way, my advice to anyone using Drupal 7 is to do some serious long-term planning. Is your site still doing everything you want it to do? What changes will you want to see in 3-5 years? Make some decisions now while you still have options.

There are several options. You can stay on Drupal 7 for quite a while: the EOL is a year away and may be extended, and there will be hosting companies that offer support even after the EOL for community support. You could migrate to Drupal 10 or to Backdrop. You could give up on Drupal and switch to WordPress, Shopify, or SquareSpace.

TDT: [6] As a provisional member of the Drupal security team, can you share your experience there? As Drupal web admins, we all look for Wednesdays.

Benji Fisher: I have to be careful not to say too much about the security team. Since you asked about my experience, I think I can say that it is a treat to work with the other members of the team: they are dedicated, generous, and have a lot of expertise in Drupal and other things. I also want to emphasize that it is a team: there is a lot of work requiring different skills, and for both reasons, no one person can do it all.

TDT: [7] You were also part of the Usability Group. UX/UI is now a significant part of any people-facing pages. What are the latest trends there?

Benji Fisher: I am not a usability expert. I am a back-end developer with an interest in usability, and I moderate the weekly meetings. (If I do that job well, then I let others do most of the talking.) So I am not the right person to ask about the latest trends in usability.

I do have some practical experience in usability, having attended the weekly meeting for several years. More importantly, the weekly meeting includes people with diverse points of view: site builders, developers, front-end and back-end developers, designers, etc. Most of us have a lot of Drupal experience, but sometimes we also get people who are new to Drupal, and that is a valuable point of view.

I like to focus on the basics more than the latest trends. I learned a lot from The Design of Everyday Things. If there is an error message, is it descriptive and actionable? If you want to do a task, is there a way to do it, and are there clues to point you in the right direction? Are descriptions clear and accurate without being too long? You could say that it all comes down to common sense, but we acquire common sense through experience.


Join Benji Fisher for the session 'Security in Drupal: what can go wrong?' in Room: Rhode Island (Gaige 201) from 10:00 am to 10:45 am on 19 November 2022 at Rhode Island College, Providence, RI. Click here to Register.

Disclaimer: The information provided about the interviewee has been gathered from publicly available resources. The responsibility for the responses shared in the interview solely rests with the featured individual.

Note: The vision of this web portal is to help promote news and stories around the Drupal community and promote and celebrate the people and organizations in the community. We strive to create and distribute our content based on these content policy. If you see any omission/variation on this please let us know in the comments below and we will try to address the issue as best we can.

Related Organizations

Related People

Related Events

Advertisement Here