Security Patching
Drupal core and contrib module security advisories applied and tested as they’re released, not batched and forgotten. We monitor the Drupal security advisory feed and apply patches on a defined schedule for retainer clients.
Drupal Support & Maintenance
Senior Drupal Support - Without the Enterprise Agency Price Tag.
Security patches applied on time, custom modules maintained and extended, theme customization handled by someone who knows Drupal’s rendering system, and performance kept sharp - for Drupal 9, 10, and 11. Retainer or project-based, senior-level help without the overhead.
0, 10, 11
Drupal Versions Supported
Full support across current release lines
0
Also Supported for Security Patching
End-of-life but still running, we can help
0+
Years Drupal Development Experience
Modules, themes, migrations, and performance
0hr
Target Response Time on Retainer Plans
Emergency support available
Full-scope Drupal support.
Custom Module Development
New custom modules built to Drupal coding standards, or existing custom modules maintained, extended, and debugged. We work with Drupal’s plugin API, hooks, services, and dependency injection properly.
Theme & Design Customization
Twig template modifications, theme layer customization, responsive fixes, and design updates, implemented within Drupal’s rendering pipeline, not hacked around it.
Performance Optimization
Caching configuration (page cache, dynamic page cache, BigPipe), database query optimization, Views performance, and Core Web Vitals improvements specific to Drupal’s architecture.
Content & Editorial Support
Content type configuration, taxonomy management, editorial workflow improvements, and content migration between environments. We make the editing experience better, not just the frontend.
Drupal Migration
Migration from Drupal 7 to Drupal 10/11, or from Drupal to a modern headless stack. We use Drupal’s migrate API for D7-to-D10 migrations and handle URL mapping, redirect setup, and SEO preservation.
Emergency Break-Fix
Site down? White screen of death? Broken update? We diagnose, fix, and verify, fast. Available to retainer and ad hoc clients.
Accessibility Remediation
WCAG 2.1 AA audits and code-level fixes within Drupal’s theme and module layer. Semantic HTML, ARIA attributes, keyboard navigation, and screen reader testing, no overlay widgets.
Why Drupal sites need dedicated support.
The security reality
Drupal security advisories don’t wait for a convenient time.
Drupal’s security team publishes advisories on a regular schedule, and when a critical vulnerability drops, the window to patch is measured in hours, not weeks. If you’re running contrib modules (and you are), each one is an additional surface that needs monitoring. A dedicated Drupal developer who understands your specific module stack can assess, apply, and test patches without introducing regressions. That’s what retainer-based support is for.
The module ecosystem
Custom modules need ongoing care, not just initial development.
Custom Drupal modules are built against specific API versions and depend on core and contrib services that change between releases. A module built for Drupal 9 may need updates for Drupal 10 compatibility. A module that works fine on PHP 8.1 may throw deprecation warnings on PHP 8.3. Ongoing module maintenance, compatibility updates, bug fixes, feature extensions, is a normal part of running a Drupal site, not a sign that something was built wrong.
Drupal 7 end of life See our migration service →
Still on Drupal 7? You need a plan.
Drupal 7 reached end of life in January 2025. There are no more official security patches from the Drupal security team. If you’re still running D7, you have two options: migrate to Drupal 10/11, or migrate to a different platform entirely. Either way, you need a developer who can assess your current site, plan the migration, and execute it without losing your SEO equity or breaking your workflows. We do both.
How we work
Getting started with Drupal support.
1
Free Drupal Audit
We review your Drupal site, core version, module versions, security vulnerabilities, custom code quality, performance baseline, and hosting environment. You get a clear report of what needs attention now, what can wait, and what the ongoing maintenance load looks like.
2
Engagement Setup
We define the scope, retainer hours and priorities for ongoing clients, or project scope and timeline for one-off work. Retainer clients get a dedicated Slack channel, defined response times, and a monthly report.
3
Proactive Maintenance
Security advisories monitored and applied, module updates tested and deployed, performance monitored, and a backlog of improvements worked through systematically. Not just keeping the lights on, actively improving.
4
Monthly Reporting
A monthly summary of work completed, security patches applied, site health metrics, and recommendations for the coming month. Migration planning included when relevant.
What proper Drupal support looks like.
| Feature | FlintHorn | Generic Dev Shop |
|---|---|---|
| Senior Drupal developer on every engagement | ✓ | – |
| Proactive security advisory monitoring and patching | ✓ | ✗ |
| Custom module development and maintenance | ✓ | – |
| Drupal-specific performance optimization | ✓ | ✗ |
| Defined response times on retainer | ✓ | ✗ |
| Monthly site health reporting | ✓ | ✗ |
| Migration planning (D7 to D10/11 or off-platform) | ✓ | – |
| Accessibility remediation capability | ✓ | ✗ |
What clients say about working with us
“Finding a Drupal developer who actually knows the platform well enough to maintain a complex site is harder than people think. FlintHorn understood our module stack from the first audit call and has been handling security updates and custom development smoothly since.”
“We were on Drupal 7 with no migration plan and growing security concerns. FlintHorn stabilized the site with security patching while helping us plan a migration timeline that worked for our budget. No pressure, just honest technical guidance.”
Drupal support questions, answered.
Do you still support Drupal 7?
Yes, for security patching and critical maintenance. Drupal 7 reached end of life in January 2025, so there are no more official security releases from the Drupal security team. We can keep a D7 site patched and stable in the short term, but we’ll always recommend planning a migration. See our migration servicefor how we handle that.
Can you work on a Drupal site you didn’t build?
Yes, and it’s most of what we do. We’re experienced at picking up unfamiliar Drupal codebases, auditing the module stack, understanding custom code, and working within the existing architecture. We do a thorough audit at the start of every new engagement.
What’s included in a Drupal retainer?
A set number of hours per month, proactive security patching, defined response times, a dedicated communication channel, and a monthly report. Within those hours, we handle security updates, bug fixes, feature requests, performance improvements, and content support, prioritized based on what matters most to your site.
Do you handle Drupal hosting?
We don’t provide hosting directly, but we work with all major Drupal hosting providers. Pantheon, Acquia, Platform.sh, and standard LAMP/LEMP setups. We can advise on hosting decisions and manage deployments as part of a retainer engagement.
Can you build new custom modules?
Yes. Custom module development is a core part of our Drupal practice. We build modules to Drupal coding standards using proper dependency injection, services, plugins, and hook implementations. All custom modules are documented and built to be maintainable by other Drupal developers.
What if we decide to migrate off Drupal entirely?
That’s a conversation we have with many retainer clients. If your Drupal site has served its purpose and a modern stack makes more sense for your goals, we can plan and execute that migration, with full SEO preservation, URL mapping, and content migration. See our migration servicefor the full process.
Drupal resources
Web Design
What is a Headless CMS? And Do You Need One?
A headless CMS separates content management from front-end presentation. It enables faster, more secure websites, but it's not the right choice for everyone. Here's what it actually means and how to decide if you need one.
SEO
What is Structured Data? How Schema Markup Helps Your Site Rank
Structured data tells search engines exactly what your content is about. It powers rich results, helps AI-powered search cite your site, and builds your presence in Google's knowledge graph. Here's how it works and which schema types matter most.
Web Design
How Much Does a Website Cost in 2026? An Honest Answer.
The honest answer is: it depends. But that's not helpful, so here's a realistic breakdown of website costs in 2026, what drives the price, what to expect at every budget level, and the hidden costs most agencies don't mention.