BADCamp has always been a community-first event where ideas, experimentation, and practical knowledge-sharing thrive. This year, it’s also where Drupal’s AI conversation gets very real.
From a focused, three-hour AI Summit to a range of practical sessions across the camp, AI is showing up in force at BADCamp 2025. Whether you're a site builder, developer, themer, or content strategist, there's something here for you.
The AI Summit: Community and Possibility
Friday morning, October 25, BADCamp is hosting a special three-hour AI Summit. This unconference-style session will give the Drupal community a space to explore how we’re using AI in the real world and where we want to take it next.
It’s not a keynote. It’s not a showcase. It’s a collaborative working session where the participants set the agenda. The goal is to move the conversation forward by grounding it in actual experience. What’s working, what isn’t, and what’s needed.
Details here: AI Summit at BADCamp
Drupal AI Initiative in the Spotlight
The Drupal AI Strategic Initiative will also be well represented. I'll be leading a hands-on session that shows how anyone can integrate private AI tools into their Drupal site without writing code:
Getting Hands-On with DrupalAI: Build Smarter Sites with Zero Code
– J. Matthew Saunders, Initiative Marketing Specialist
Kristen Pol will provide a look at the bigger picture, including how the initiative is positioning Drupal for the future:
Accelerating Innovation: The Drupal AI Initiative
– Kristen Pol, Initiative Co-Lead
AI Topics Across the Camp
BADCamp isn’t just featuring AI. It’s threading it through the whole program. Here are some of the other sessions digging into what AI can do in and around Drupal:
3 Ways to Use AI in Drupal: Chatbots, Smart Search, and Code Generation – Salim Lakhani
Building Smart Content Moderation in Drupal: AI-Powered Spam Detection and Community Tools – Prabhakar Singh
AI + Headless Drupal – Jordan Koplowicz
Creating an AI Chatbot in Drupal the Easy Way – Jordan Koplowicz
Preparing Your Pipeline for the AI Revolution – James Sansbury
Quick and Easy Migrations and Upgrades Using AI – Luke McCormick
Preparing for the Future: AI, the Changing Consumption Landscape, and Combating AI Threats – Steve Carlson
AI is no longer on the sidelines. The Drupal community is actively shaping how open source, ethical, and privacy-respecting AI tools can work in real content workflows.
If you're curious about where Drupal and AI meet, BADCamp is the place to see it all in motion. This isn’t about someday. It’s about what you can do right now.
badcamp.orgFile attachments: badcamp-image.png
DrupalCon Nara 2025: Building Tomorrow in One of Japan’s Most Ancient Cities
November 17–19, 2025 | Nara, Japan
The energy is building in Asia. Following July's groundbreaking first-ever Contribution Day in Tokyo—where developers, translators, and UX experts came together to push Drupal forward—that momentum is heading straight to one of Japan's most culturally rich cities.
Innovation Meets Tradition
Set against Nara's stunning temples and serene gardens, DrupalCon Nara offers something truly special: a chance to experience cutting-edge digital innovation in a setting that's steeped in centuries of craftsmanship and attention to detail. It's the perfect backdrop for a community that values both technological excellence and thoughtful design.
What makes Nara unique:
Bilingual sessions in Japanese and English, reflecting Drupal's truly global nature
Vibrant Contribution Day building on Tokyo's success, where every skill level finds a way to make an impact
Cultural immersion opportunities that remind us why diverse perspectives make better software
Intimate scale that makes every conversation meaningful and every connection genuine
Building Bridges Across Asia
The Drupal Asia Agency Leaders Dinner isn't just networking—it's ecosystem building. Agency leaders and service providers from across the region will gather for an evening designed to spark collaborations, share market insights, and explore opportunities that benefit the entire Asian Drupal community.
With limited seats available, this exclusive gathering represents a unique opportunity to shape the future of Drupal adoption across one of the world's most dynamic regions.
Your Gateway to the Asian Drupal Renaissance
Nara represents more than a conference—it's a celebration of how the open source movement thrives when it embraces local culture while maintaining global standards. Whether you're contributing code, sharing strategies, or simply soaking in the unique energy of Japan's Drupal community, you'll leave with perspectives that transform how you approach digital challenges.
The combination of Japan's meticulous attention to detail and Drupal's flexible architecture creates something special. Come see what happens when two cultures of excellence collide.
Ready for Nara? Register now and secure your spot.
Register today
The energy is building in Asia. Following July's groundbreaking first-ever Contribution Day in Tokyo—where developers, translators, and UX experts came together to push Drupal forward—that momentum is heading straight to one of Japan's most culturally rich cities.
Innovation Meets Tradition
Set against Nara's stunning temples and serene gardens, DrupalCon Nara offers something truly special: a chance to experience cutting-edge digital innovation in a setting that's steeped in centuries of craftsmanship and attention to detail. It's the perfect backdrop for a community that values both technological excellence and thoughtful design.
What makes Nara unique:
Bilingual sessions in Japanese and English, reflecting Drupal's truly global nature
Vibrant Contribution Day building on Tokyo's success, where every skill level finds a way to make an impact
Cultural immersion opportunities that remind us why diverse perspectives make better software
Intimate scale that makes every conversation meaningful and every connection genuine
Building Bridges Across Asia
The Drupal Asia Agency Leaders Dinner isn't just networking—it's ecosystem building. Agency leaders and service providers from across the region will gather for an evening designed to spark collaborations, share market insights, and explore opportunities that benefit the entire Asian Drupal community.
With limited seats available, this exclusive gathering represents a unique opportunity to shape the future of Drupal adoption across one of the world's most dynamic regions.
Your Gateway to the Asian Drupal Renaissance
Nara represents more than a conference—it's a celebration of how the open source movement thrives when it embraces local culture while maintaining global standards. Whether you're contributing code, sharing strategies, or simply soaking in the unique energy of Japan's Drupal community, you'll leave with perspectives that transform how you approach digital challenges.
The combination of Japan's meticulous attention to detail and Drupal's flexible architecture creates something special. Come see what happens when two cultures of excellence collide.
Ready for Nara? Register now and secure your spot.
Register today
Meet Glenn Hilton and his vision for the future of Drupal
We’re thrilled to introduce Glenn Hilton, one of the newest members elected to the Drupal Association Board, with his term beginning 1 November 2025.
Glenn is the Founder and CEO of ImageX, a Drupal agency that he established in 2001. Over more than two decades of leadership, Glenn has combined creativity with community to guide both his company and his career. His passion for open source and collaboration has made him an active participant in the Drupal community for more than ten years.
Beyond his role as CEO, Glenn is deeply committed to building strong teams and helping people reach their full potential. He believes that lasting success comes from relationships and from creating environments where individuals and communities can thrive.
We are thrilled to have Glenn bring this perspective to the Board. Here are his thoughts as he begins this new chapter:
What are you most excited about when it comes to joining the Drupal Association Board?
I'm excited to help shape the business strategy that ensures the long-term sustainability of the Drupal ecosystem. It is a unique opportunity to bridge the gap between agencies, contributors, and end clients while keeping Drupal both innovative and commercially viable.
What do you hope to accomplish during your time on the board?
I want to strengthen feedback loops with agencies and enterprise users so that we have stronger data to help us better understand and support the needs of those investing in Drupal. I also hope to help expand Drupal’s reach by improving how we communicate its value and create new paths for commercial growth.
What specific skill or perspective do you contribute to the board?
As CEO of a long-standing Drupal agency, I bring a business-first perspective rooted in delivery, growth strategy, and client expectations. With more than 20 years in leadership, I focus on scalable teams, efficient operations, and long-term partnerships.
How has Drupal impacted your life or career?
Drupal changed the trajectory of my agency and gave me a career grounded in purpose, global collaboration, and community. It is more than a platform, it is a values-driven ecosystem where even competitors work together with integrity and a shared mission.
Tell us something that the Drupal community might not know about you.
Outside of work, I am a real estate and architecture enthusiast and probably spend too much time analyzing floor plans. I have four amazing kids, one grandchild, a wonderful wife, and a deep passion for my faith in Jesus Christ.
Share a favorite quote or piece of advice that has inspired you.
“Leadership is not about being in charge. It is about taking care of those in your charge.” — Simon Sinek
We look forward to the contributions Glenn will make during his time on the Drupal Association Board. Thank you, Glenn, for sharing your time and expertise with the Drupal community. You can connect with Glenn on LinkedIn.
About the Drupal Association Board of Directors
The Drupal Association Board of Directors comprises 13 members with nine nominated for staggered three-year terms, two elected by Drupal Association members, and one seat is reserved for the Drupal Project Founder, Dries Buytaert. One seat is reserved for the immediate past chair as a non-voting member. All Board terms start on 1 November of each year.
The Board meets twice in person for weekend retreat and about 5 times virtually each year. The Board provides strategic guidance to the Drupal Association and oversight of the Association’s management, policy development, management, budget, and fundraising efforts.
Your Drupal AI use case could be featured. Tell us how you are innovating
At the time of writing there are 7,151 reported installs of Drupal AI and adoption is accelerating. Every day, new examples emerge of how Drupal AI helps teams tackle real-world business challenges, optimise content management, streamline workflows, and improve user experiences. Yet, with so many organisations adopting Drupal AI, it can be challenging to uncover every use case.
Be the next Drupal AI success story - Share your innovation
We want to hear from you! If your organization is using Drupal AI—whether you are a Drupal Certified Partner, AI Maker, agency, end customer, or an independent consultant—we invite you to share your story. You could be featured in a guest blog post or invited to participate in a webinar, helping others understand the practical applications of AI.
Get in touch to let us know how you are putting Drupal AI to work.
Drupal AI in action: examples from local government and education
Southwark Council, London: is transforming how it brings content online. Their digital estate holds over 2,000 PDFs, most designed for print rather than web consumption. A new AI PDF Importer, developed for the LocalGov Drupal, is helping convert these static documents into accessible, structured, and user-friendly web content. By integrating AI-powered automation, the project addresses pagination, heading hierarchies, image extraction, and link mapping, reducing a process that previously took hours to just seconds, and making vital information more accessible for residents.
University of Edinburgh, Scotland: has developed an AI tool, created during an internship, integrated into its Drupal-based content management system, EdWeb. Leveraging Drupal AI and a new “AI Agents” framework, the tool allows content editors to interact with specialised AI agents, such as a style guide agent and a site maintenance agent. These agents access trusted university resources, including the editorial style guide and acronym database, to provide context-aware guidance and support for publishers.
Artevelde University of Applied Sciences, Ghent, Belgium: is advancing knowledge on AI-assisted development through student contributions. Witze Van der Straeten has published a tutorial on converting Figma designs into Drupal components, illustrating how Drupal AI can significantly accelerate the process of turning designs into functional solutions.
These examples demonstrate the broad range of applications for Drupal AI, from local government to higher education and the wider ICT community, showing how AI can make content management smarter and more efficient. Of course Drupal AI has many other applications and we want to hear yours!
Share your Drupal AI achievements and help others learn
We want to showcase how organisations are using Drupal AI, whether in research, pilot, beta, or full production. Share your experience and you could be featured in a blog or invited to a webinar, helping others understand the practical impact of AI with Drupal.
Contact us to tell your story.
Be the next Drupal AI success story - Share your innovation
We want to hear from you! If your organization is using Drupal AI—whether you are a Drupal Certified Partner, AI Maker, agency, end customer, or an independent consultant—we invite you to share your story. You could be featured in a guest blog post or invited to participate in a webinar, helping others understand the practical applications of AI.
Get in touch to let us know how you are putting Drupal AI to work.
Drupal AI in action: examples from local government and education
Southwark Council, London: is transforming how it brings content online. Their digital estate holds over 2,000 PDFs, most designed for print rather than web consumption. A new AI PDF Importer, developed for the LocalGov Drupal, is helping convert these static documents into accessible, structured, and user-friendly web content. By integrating AI-powered automation, the project addresses pagination, heading hierarchies, image extraction, and link mapping, reducing a process that previously took hours to just seconds, and making vital information more accessible for residents.
University of Edinburgh, Scotland: has developed an AI tool, created during an internship, integrated into its Drupal-based content management system, EdWeb. Leveraging Drupal AI and a new “AI Agents” framework, the tool allows content editors to interact with specialised AI agents, such as a style guide agent and a site maintenance agent. These agents access trusted university resources, including the editorial style guide and acronym database, to provide context-aware guidance and support for publishers.
Artevelde University of Applied Sciences, Ghent, Belgium: is advancing knowledge on AI-assisted development through student contributions. Witze Van der Straeten has published a tutorial on converting Figma designs into Drupal components, illustrating how Drupal AI can significantly accelerate the process of turning designs into functional solutions.
These examples demonstrate the broad range of applications for Drupal AI, from local government to higher education and the wider ICT community, showing how AI can make content management smarter and more efficient. Of course Drupal AI has many other applications and we want to hear yours!
Share your Drupal AI achievements and help others learn
We want to showcase how organisations are using Drupal AI, whether in research, pilot, beta, or full production. Share your experience and you could be featured in a blog or invited to a webinar, helping others understand the practical impact of AI with Drupal.
Contact us to tell your story.
Beyond Patching: Drupal Association and CrowdSec Team Up to Protect the Open Web
Keeping your site up to date is essential, but it is only the beginning when it comes to web security. For Drupal site maintainers, this comes naturally thanks to a long-standing culture of best practices, code quality, and the dedicated work of the Drupal Security Team. But today’s threat landscape doesn’t just target vulnerabilities in code. It exploits infrastructure, automation, and scale.
This is where the Drupal Association and CrowdSec collaboration comes in. It combines deep application-layer awareness with a community-powered defense system to offer broader, more adaptive protection for the modern web.
Drupal’s Internal Security Culture
Drupal has earned a reputation for prioritizing security from the ground up. Core security practices, frequent updates, and responsible disclosure processes form the baseline. Modules like CAPTCHA, Honeypot, TFA, OAuth, and header hardening tools are widely used across websites to harden attack surfaces.
“We’ve always used a layered security model,” explains Jürgen Haas, a long-time Drupal contributor and maintainer of the CrowdSec Drupal module. “Before using CrowdSec, the Drupal Ban module helped us manually block problematic IPs, and we combined that with host-level tools like Fail2Ban or Apache’s security plugin.”
But that model has limits. For many Drupal sites, especially those with interactive features such as logins, registrations, and comment sections, malicious behavior can’t always be spotted at the infrastructure level. As traffic becomes more dynamic and attackers more sophisticated, another layer of protection is needed.
The Growing Challenge: Spam and Bots
Brute-force logins, spam submissions, scraping bots, and SEO manipulation are not new, but their sophistication is evolving. AI-generated content can now bypass traditional filters. CAPTCHA-bypass tools are widely available. And attacks are no longer personal. They are automated and global.
One Drupal community member running a high-traffic political forum suffered frequent spam attacks that rendered the site nearly unusable. Implementing CrowdSec almost immediately resolved the issue. However, it also revealed new challenges around legitimate traffic coming from sources like Tor. It is a reminder that today’s security work is not only technical but also must be ethical and nuanced.
CrowdSec: A Community Approach to Protection
CrowdSec is a free and open source security engine that detects aggressive behaviors and shares signals with a global network. If a malicious IP is attacking other sites, CrowdSec users benefit from that real-time threat intelligence. The Drupal module brings this collaborative protection directly into the CMS layer.
Initially, Jürgen was skeptical. “I used to think you should block threats early, at the server level,” he admits. “But I came to understand that some patterns of abuse, like brute force or spam, only emerge over time within the application. Drupal is in a unique position to spot them.”
That is where the Drupal integration shines. It enables behavior-driven detection that contributes to our global reputation network, without tracking personal data. The result is smarter, faster protection, especially when combined with traditional host-level defenses.
Why CrowdSec and Why Now
“We were already researching CrowdSec as a potential replacement for Fail2Ban,” Jürgen explains. “It’s easier to configure, and the crowd-sourced decision-making is what really convinced us. The idea that we all benefit from what others observe is a very open source way of thinking.”
The Drupal module allows CrowdSec to gather rich behavioral context from inside the CMS, something not possible from logs alone. Current efforts are focused on building APIs to allow other Drupal modules to contribute signals, from spam protection to user activity patterns.
“There are a dozen modules already doing great work spotting bad behavior,” says Jürgen. “Imagine if they could all contribute signals. The insights we could gain and share would be huge.”
Real-World Use and Future Evolution
Today, the CrowdSec module is running on dozens of Drupal sites, protecting everything from portals to customer platforms and content-rich applications. The roadmap includes:
Richer behavioral context to improve upstream signals
A signal-sharing API that enables other modules to contribute
Enhanced reporting in the Drupal backend to show impact
Improved documentation to help users understand and build on the module
On the infrastructure side, most deployments run on LAMP stacks, with a gradual shift toward Docker-based hosting. Regardless of setup, the goal is the same: stop threats efficiently, collaboratively, and without compromising the openness of the web.
Rooted in Open Source Ethics
What sets this partnership apart is not just the technology. It is the shared values. Drupal Association and CrowdSec are both rooted in transparency, collaboration, and community-driven improvement.
“CrowdSec's approach feels intuitive to people from open source communities,” says Jürgen. “You contribute data, benefit from what others share, and improve things together.”
Security is often treated as a premium feature, locked behind proprietary platforms. This partnership challenges that idea. It shows how powerful, scalable security can be built in the open, shared freely, and improved collectively.
Together, We Can Build a Safer Web
Security is not a static checklist. It is a living, evolving effort. As attackers innovate, so must defenders. That is why this partnership invites not just users, but contributors.
Here’s how to get involved:
Try the CrowdSec Drupal module and explore what it can do
Share your experience with others in the CrowdSec community and Drupal Security Team
Contribute your story to help others improve their defenses
Security is not just about stopping bad actors. It is about protecting the values that make open source and the open web possible. Through this partnership, the Drupal Association and CrowdSec are helping build a more resilient internet. One where collective action protects everyone.
Safer together.
This is where the Drupal Association and CrowdSec collaboration comes in. It combines deep application-layer awareness with a community-powered defense system to offer broader, more adaptive protection for the modern web.
Drupal’s Internal Security Culture
Drupal has earned a reputation for prioritizing security from the ground up. Core security practices, frequent updates, and responsible disclosure processes form the baseline. Modules like CAPTCHA, Honeypot, TFA, OAuth, and header hardening tools are widely used across websites to harden attack surfaces.
“We’ve always used a layered security model,” explains Jürgen Haas, a long-time Drupal contributor and maintainer of the CrowdSec Drupal module. “Before using CrowdSec, the Drupal Ban module helped us manually block problematic IPs, and we combined that with host-level tools like Fail2Ban or Apache’s security plugin.”
But that model has limits. For many Drupal sites, especially those with interactive features such as logins, registrations, and comment sections, malicious behavior can’t always be spotted at the infrastructure level. As traffic becomes more dynamic and attackers more sophisticated, another layer of protection is needed.
The Growing Challenge: Spam and Bots
Brute-force logins, spam submissions, scraping bots, and SEO manipulation are not new, but their sophistication is evolving. AI-generated content can now bypass traditional filters. CAPTCHA-bypass tools are widely available. And attacks are no longer personal. They are automated and global.
One Drupal community member running a high-traffic political forum suffered frequent spam attacks that rendered the site nearly unusable. Implementing CrowdSec almost immediately resolved the issue. However, it also revealed new challenges around legitimate traffic coming from sources like Tor. It is a reminder that today’s security work is not only technical but also must be ethical and nuanced.
CrowdSec: A Community Approach to Protection
CrowdSec is a free and open source security engine that detects aggressive behaviors and shares signals with a global network. If a malicious IP is attacking other sites, CrowdSec users benefit from that real-time threat intelligence. The Drupal module brings this collaborative protection directly into the CMS layer.
Initially, Jürgen was skeptical. “I used to think you should block threats early, at the server level,” he admits. “But I came to understand that some patterns of abuse, like brute force or spam, only emerge over time within the application. Drupal is in a unique position to spot them.”
That is where the Drupal integration shines. It enables behavior-driven detection that contributes to our global reputation network, without tracking personal data. The result is smarter, faster protection, especially when combined with traditional host-level defenses.
Why CrowdSec and Why Now
“We were already researching CrowdSec as a potential replacement for Fail2Ban,” Jürgen explains. “It’s easier to configure, and the crowd-sourced decision-making is what really convinced us. The idea that we all benefit from what others observe is a very open source way of thinking.”
The Drupal module allows CrowdSec to gather rich behavioral context from inside the CMS, something not possible from logs alone. Current efforts are focused on building APIs to allow other Drupal modules to contribute signals, from spam protection to user activity patterns.
“There are a dozen modules already doing great work spotting bad behavior,” says Jürgen. “Imagine if they could all contribute signals. The insights we could gain and share would be huge.”
Real-World Use and Future Evolution
Today, the CrowdSec module is running on dozens of Drupal sites, protecting everything from portals to customer platforms and content-rich applications. The roadmap includes:
Richer behavioral context to improve upstream signals
A signal-sharing API that enables other modules to contribute
Enhanced reporting in the Drupal backend to show impact
Improved documentation to help users understand and build on the module
On the infrastructure side, most deployments run on LAMP stacks, with a gradual shift toward Docker-based hosting. Regardless of setup, the goal is the same: stop threats efficiently, collaboratively, and without compromising the openness of the web.
Rooted in Open Source Ethics
What sets this partnership apart is not just the technology. It is the shared values. Drupal Association and CrowdSec are both rooted in transparency, collaboration, and community-driven improvement.
“CrowdSec's approach feels intuitive to people from open source communities,” says Jürgen. “You contribute data, benefit from what others share, and improve things together.”
Security is often treated as a premium feature, locked behind proprietary platforms. This partnership challenges that idea. It shows how powerful, scalable security can be built in the open, shared freely, and improved collectively.
Together, We Can Build a Safer Web
Security is not a static checklist. It is a living, evolving effort. As attackers innovate, so must defenders. That is why this partnership invites not just users, but contributors.
Here’s how to get involved:
Try the CrowdSec Drupal module and explore what it can do
Share your experience with others in the CrowdSec community and Drupal Security Team
Contribute your story to help others improve their defenses
Security is not just about stopping bad actors. It is about protecting the values that make open source and the open web possible. Through this partnership, the Drupal Association and CrowdSec are helping build a more resilient internet. One where collective action protects everyone.
Safer together.
Beyond Patching: Drupal Association and CrowdSec Team Up to Protect the Open Web
Keeping your site up to date is essential, but it is only the beginning when it comes to web security. For Drupal site maintainers, this comes naturally thanks to a long-standing culture of best practices, code quality, and the dedicated work of the Drupal Security Team. But today’s threat landscape doesn’t just target vulnerabilities in code. It exploits infrastructure, automation, and scale.
This is where the Drupal Association and CrowdSec collaboration comes in. It combines deep application-layer awareness with a community-powered defense system to offer broader, more adaptive protection for the modern web.
Drupal’s Internal Security Culture
Drupal has earned a reputation for prioritizing security from the ground up. Core security practices, frequent updates, and responsible disclosure processes form the baseline. Modules like CAPTCHA, Honeypot, TFA, OAuth, and header hardening tools are widely used across websites to harden attack surfaces.
“We’ve always used a layered security model,” explains Jürgen Haas, a long-time Drupal contributor and maintainer of the CrowdSec Drupal module. “Before using CrowdSec, the Drupal Ban module helped us manually block problematic IPs, and we combined that with host-level tools like Fail2Ban or Apache’s security plugin.”
But that model has limits. For many Drupal sites, especially those with interactive features such as logins, registrations, and comment sections, malicious behavior can’t always be spotted at the infrastructure level. As traffic becomes more dynamic and attackers more sophisticated, another layer of protection is needed.
The Growing Challenge: Spam and Bots
Brute-force logins, spam submissions, scraping bots, and SEO manipulation are not new, but their sophistication is evolving. AI-generated content can now bypass traditional filters. CAPTCHA-bypass tools are widely available. And attacks are no longer personal. They are automated and global.
One Drupal community member running a high-traffic political forum suffered frequent spam attacks that rendered the site nearly unusable. Implementing CrowdSec almost immediately resolved the issue. However, it also revealed new challenges around legitimate traffic coming from sources like Tor. It is a reminder that today’s security work is not only technical but also must be ethical and nuanced.
CrowdSec: A Community Approach to Protection
CrowdSec is a free and open source security engine that detects aggressive behaviors and shares signals with a global network. If a malicious IP is attacking other sites, CrowdSec users benefit from that real-time threat intelligence. The Drupal module brings this collaborative protection directly into the CMS layer.
Initially, Jürgen was skeptical. “I used to think you should block threats early, at the server level,” he admits. “But I came to understand that some patterns of abuse, like brute force or spam, only emerge over time within the application. Drupal is in a unique position to spot them.”
That is where the Drupal integration shines. It enables behavior-driven detection that contributes to our global reputation network, without tracking personal data. The result is smarter, faster protection, especially when combined with traditional host-level defenses.
Why CrowdSec and Why Now
“We were already researching CrowdSec as a potential replacement for Fail2Ban,” Jürgen explains. “It’s easier to configure, and the crowd-sourced decision-making is what really convinced us. The idea that we all benefit from what others observe is a very open source way of thinking.”
The Drupal module allows CrowdSec to gather rich behavioral context from inside the CMS, something not possible from logs alone. Current efforts are focused on building APIs to allow other Drupal modules to contribute signals, from spam protection to user activity patterns.
“There are a dozen modules already doing great work spotting bad behavior,” says Jürgen. “Imagine if they could all contribute signals. The insights we could gain and share would be huge.”
Real-World Use and Future Evolution
Today, the CrowdSec module is running on dozens of Drupal sites, protecting everything from portals to customer platforms and content-rich applications. The roadmap includes:
Richer behavioral context to improve upstream signals
A signal-sharing API that enables other modules to contribute
Enhanced reporting in the Drupal backend to show impact
Improved documentation to help users understand and build on the module
On the infrastructure side, most deployments run on LAMP stacks, with a gradual shift toward Docker-based hosting. Regardless of setup, the goal is the same: stop threats efficiently, collaboratively, and without compromising the openness of the web.
Rooted in Open Source Ethics
What sets this partnership apart is not just the technology. It is the shared values. Drupal Association and CrowdSec are both rooted in transparency, collaboration, and community-driven improvement.
“CrowdSec's approach feels intuitive to people from open source communities,” says Jürgen. “You contribute data, benefit from what others share, and improve things together.”
Security is often treated as a premium feature, locked behind proprietary platforms. This partnership challenges that idea. It shows how powerful, scalable security can be built in the open, shared freely, and improved collectively.
Together, We Can Build a Safer Web
Security is not a static checklist. It is a living, evolving effort. As attackers innovate, so must defenders. That is why this partnership invites not just users, but contributors.
Here’s how to get involved:
Try the CrowdSec Drupal module and explore what it can do
Share your experience with others in the CrowdSec community and Drupal Security Team
Contribute your story to help others improve their defenses
Security is not just about stopping bad actors. It is about protecting the values that make open source and the open web possible. Through this partnership, the Drupal Association and CrowdSec are helping build a more resilient internet. One where collective action protects everyone.
Safer together.
This is where the Drupal Association and CrowdSec collaboration comes in. It combines deep application-layer awareness with a community-powered defense system to offer broader, more adaptive protection for the modern web.
Drupal’s Internal Security Culture
Drupal has earned a reputation for prioritizing security from the ground up. Core security practices, frequent updates, and responsible disclosure processes form the baseline. Modules like CAPTCHA, Honeypot, TFA, OAuth, and header hardening tools are widely used across websites to harden attack surfaces.
“We’ve always used a layered security model,” explains Jürgen Haas, a long-time Drupal contributor and maintainer of the CrowdSec Drupal module. “Before using CrowdSec, the Drupal Ban module helped us manually block problematic IPs, and we combined that with host-level tools like Fail2Ban or Apache’s security plugin.”
But that model has limits. For many Drupal sites, especially those with interactive features such as logins, registrations, and comment sections, malicious behavior can’t always be spotted at the infrastructure level. As traffic becomes more dynamic and attackers more sophisticated, another layer of protection is needed.
The Growing Challenge: Spam and Bots
Brute-force logins, spam submissions, scraping bots, and SEO manipulation are not new, but their sophistication is evolving. AI-generated content can now bypass traditional filters. CAPTCHA-bypass tools are widely available. And attacks are no longer personal. They are automated and global.
One Drupal community member running a high-traffic political forum suffered frequent spam attacks that rendered the site nearly unusable. Implementing CrowdSec almost immediately resolved the issue. However, it also revealed new challenges around legitimate traffic coming from sources like Tor. It is a reminder that today’s security work is not only technical but also must be ethical and nuanced.
CrowdSec: A Community Approach to Protection
CrowdSec is a free and open source security engine that detects aggressive behaviors and shares signals with a global network. If a malicious IP is attacking other sites, CrowdSec users benefit from that real-time threat intelligence. The Drupal module brings this collaborative protection directly into the CMS layer.
Initially, Jürgen was skeptical. “I used to think you should block threats early, at the server level,” he admits. “But I came to understand that some patterns of abuse, like brute force or spam, only emerge over time within the application. Drupal is in a unique position to spot them.”
That is where the Drupal integration shines. It enables behavior-driven detection that contributes to our global reputation network, without tracking personal data. The result is smarter, faster protection, especially when combined with traditional host-level defenses.
Why CrowdSec and Why Now
“We were already researching CrowdSec as a potential replacement for Fail2Ban,” Jürgen explains. “It’s easier to configure, and the crowd-sourced decision-making is what really convinced us. The idea that we all benefit from what others observe is a very open source way of thinking.”
The Drupal module allows CrowdSec to gather rich behavioral context from inside the CMS, something not possible from logs alone. Current efforts are focused on building APIs to allow other Drupal modules to contribute signals, from spam protection to user activity patterns.
“There are a dozen modules already doing great work spotting bad behavior,” says Jürgen. “Imagine if they could all contribute signals. The insights we could gain and share would be huge.”
Real-World Use and Future Evolution
Today, the CrowdSec module is running on dozens of Drupal sites, protecting everything from portals to customer platforms and content-rich applications. The roadmap includes:
Richer behavioral context to improve upstream signals
A signal-sharing API that enables other modules to contribute
Enhanced reporting in the Drupal backend to show impact
Improved documentation to help users understand and build on the module
On the infrastructure side, most deployments run on LAMP stacks, with a gradual shift toward Docker-based hosting. Regardless of setup, the goal is the same: stop threats efficiently, collaboratively, and without compromising the openness of the web.
Rooted in Open Source Ethics
What sets this partnership apart is not just the technology. It is the shared values. Drupal Association and CrowdSec are both rooted in transparency, collaboration, and community-driven improvement.
“CrowdSec's approach feels intuitive to people from open source communities,” says Jürgen. “You contribute data, benefit from what others share, and improve things together.”
Security is often treated as a premium feature, locked behind proprietary platforms. This partnership challenges that idea. It shows how powerful, scalable security can be built in the open, shared freely, and improved collectively.
Together, We Can Build a Safer Web
Security is not a static checklist. It is a living, evolving effort. As attackers innovate, so must defenders. That is why this partnership invites not just users, but contributors.
Here’s how to get involved:
Try the CrowdSec Drupal module and explore what it can do
Share your experience with others in the CrowdSec community and Drupal Security Team
Contribute your story to help others improve their defenses
Security is not just about stopping bad actors. It is about protecting the values that make open source and the open web possible. Through this partnership, the Drupal Association and CrowdSec are helping build a more resilient internet. One where collective action protects everyone.
Safer together.
DrupalCon Vienna 2025: Where Digital Ambitions Meet Community Innovation – Will you be there?
October 14–17, 2025 | Austria Center Vienna
Vienna is calling the global Drupal community home this October, and we can't wait to see what happens when ambitious minds gather in one of Europe's most inspiring cities.
Your Platform for Growth and Connection
DrupalCon Vienna isn't just a conference—it's where the future of digital experiences takes shape. Whether you're a marketer pushing the boundaries of what's possible, a developer crafting the next breakthrough, or a decision-maker charting your organization's digital course, Vienna offers exactly what you need to level up.
What awaits you:
100+ sessions diving deep into site building, design, accessibility, DevOps, and the technologies shaping tomorrow's web
Keynotes from Dries Buytaert and industry leaders sharing insights that will reshape how you think about digital possibilities
Hands-on contribution opportunities where you can directly impact the platform powering millions of websites worldwide
The International Splash Awards, celebrating the most innovative Drupal projects that prove what's possible when creativity meets capability
Beyond the Sessions: Where Magic Happens
The real power of DrupalCon lies in those moments between sessions—the conversations over coffee that spark new partnerships, the late-night discussions that solve complex challenges, and the connections that transform how you approach your work.
Vienna's central location and world-class public transportation make it easy to explore beyond the Austria Center. But honestly? With this community, you might find the most valuable discoveries happen right within the venue walls.
Your Invitation to Shape the Future
This isn't just about attending sessions—it's about joining a movement. From first-time contributors getting mentored on Contribution Day to seasoned professionals sharing battle-tested strategies, Vienna brings together everyone who believes the web should be open, flexible, and built for ambition.
Ready to join us? Regular registration is available until September 15, 2025. Don't wait—Vienna fills up fast, and you won't want to miss being part of this year's most important gathering of digital innovators.
Register today
Vienna is calling the global Drupal community home this October, and we can't wait to see what happens when ambitious minds gather in one of Europe's most inspiring cities.
Your Platform for Growth and Connection
DrupalCon Vienna isn't just a conference—it's where the future of digital experiences takes shape. Whether you're a marketer pushing the boundaries of what's possible, a developer crafting the next breakthrough, or a decision-maker charting your organization's digital course, Vienna offers exactly what you need to level up.
What awaits you:
100+ sessions diving deep into site building, design, accessibility, DevOps, and the technologies shaping tomorrow's web
Keynotes from Dries Buytaert and industry leaders sharing insights that will reshape how you think about digital possibilities
Hands-on contribution opportunities where you can directly impact the platform powering millions of websites worldwide
The International Splash Awards, celebrating the most innovative Drupal projects that prove what's possible when creativity meets capability
Beyond the Sessions: Where Magic Happens
The real power of DrupalCon lies in those moments between sessions—the conversations over coffee that spark new partnerships, the late-night discussions that solve complex challenges, and the connections that transform how you approach your work.
Vienna's central location and world-class public transportation make it easy to explore beyond the Austria Center. But honestly? With this community, you might find the most valuable discoveries happen right within the venue walls.
Your Invitation to Shape the Future
This isn't just about attending sessions—it's about joining a movement. From first-time contributors getting mentored on Contribution Day to seasoned professionals sharing battle-tested strategies, Vienna brings together everyone who believes the web should be open, flexible, and built for ambition.
Ready to join us? Regular registration is available until September 15, 2025. Don't wait—Vienna fills up fast, and you won't want to miss being part of this year's most important gathering of digital innovators.
Register today
Meet Maya Schaeffer and her vision for community growth
We’re thrilled to introduce Maya Schaeffer, one of the newest members elected to the Drupal Association Board, with her term beginning 1 November 2025.
Maya is the lead organizer of EvolveDigital & EvolveDrupal, where she has been instrumental in rebuilding the in-person side of the community post-pandemic, connecting over 1,000 attendees (40% from outside the traditional Drupal space) across summits in Montreal, Ottawa, Toronto, Atlanta, NYC, and Boston (upcoming June 2025). These events highlight the demand for cross-functional community spaces that showcase Drupal’s relevance across industries.
Beyond events, Maya is passionate about contributing to Promote Drupal and helping shape an Association that champions clear storytelling, accessible entry points, and a strong pipeline for the next generation of users and contributors.
We’re excited to have Maya on the Board. Here are her thoughts as she begins this new chapter:
What are you most excited about when it comes to joining the Drupal Association Board?
I'm excited to bring a fresh perspective that bridges the gap between technical and non-technical communities. I want to help Drupal grow by expanding its reach, telling a more inclusive story, and making it easier for new voices to get involved, especially beyond code.
What do you hope to accomplish during your time on the board?
I want to help Drupal reach new audiences, support more inclusive contribution pathways, and strengthen community engagement beyond the developer space. That includes amplifying Promote Drupal, making it easier for newcomers to get involved, and championing voices from underrepresented regions and roles. I also hope to bring a marketing and events lens to our strategy, helping the project tell a clearer, more compelling story to the world.
What specific skill or perspective do you contribute to the board?
I bring a marketing and community-building lens, shaped by leading EvolveDrupal (and EvolveDigital) and engaging non-technical audiences. My background in event management and my administrative experience as an executive assistant in Germany give me the tools to align stakeholders and turn ideas into action, something I’m especially excited to bring to the Board’s work. I thrive at making vision tangible and creating inclusive spaces where more people can see themselves in Drupal.
How has Drupal impacted your life or career?
When I started at Evolving Web, I didn’t even know what Drupal was. But from my very first event, the community welcomed me in. That sense of openness gave me room to grow, build confidence, and discover a whole new path in tech. I’ve found a place where I can connect with people, contribute in meaningful ways, and keep learning every step of the way.
Tell us something that the Drupal community might not know about you.
I started playing ball hockey after moving to Canada, and just 3.5 years later, I made it onto the United Nations team for the 2024 Ball Hockey World Championship in Switzerland. It was an unforgettable experience and a reminder that it’s never too late to try something new and go all in.
Share a favorite quote or piece of advice that has inspired you.
"You miss 100% of the shots you don’t take." — Wayne Gretzky
This quote has guided so many of my big life decisions. I moved to a new country, stepped into a completely new industry, and said yes to opportunities I didn’t feel fully “ready” for, from organizing summits to playing in a world championship. None of it would’ve happened if I hadn’t taken the shot.
We look forward to the contributions Maya will make during her time on the Drupal Association Board. Thank you, Maya, for sharing your time and expertise with the Drupal community. You can connect with Maya on LinkedIn.
Looking ahead to DrupalCon Vienna 2025
With DrupalCon Vienna 2025 on the horizon, join us for the Drupal Association Public Board Meeting. The Board will share updates on upcoming programs, conduct essential business to support the Association’s non-profit mission, and answer questions directly from the community. If you haven’t registered yet, register now and be part of this gathering of the global Drupal community.
About the Drupal Association Board of Directors
The Drupal Association Board of Directors comprises 13 members: nine nominated for staggered three-year terms, two elected by Drupal Association members, one seat reserved for the Drupal Project Founder, Dries Buytaert, and one non-voting seat reserved for the immediate past chair. Terms begin on 1 November each year.
The Board meets twice in person for weekend retreats and about five times virtually each year. It provides strategic guidance to the Drupal Association and oversees the Association’s management, policy development, budget, and fundraising efforts.
