5 Essential Tips to keep Secure Drupal Site
If you or your organization is using Drupal, So must read it.
Drupal urged users to apply an update that fixed a SQL Injection flaw. However, unless that patch was installed within seven hours, Drupal now says it’s best to assume the website was completely compromised.
Securing website is a very important. Even a single vulnerability can result your sites defacing, your data can be stolen and your user’s data can be compromised at that time.
just think about that embaressing movement when your users wants to connect with you and you don’t have control in it.
Here we are sharing some tips and tricks for security your drupal website.
- Keep Drupal updated:
dupal is less with an update manager.
The Update manager of Drupal will periodically check for updates, if there is any newer version of Drupal, it will suggest you to update simply. The good thing is it will tell you to update including contributed modules and all.
Definitely you should turn on functionality and update your code when update become available :).
Here how to update drupal’s newer version.
Follow these steps for updating
1) Download the new version from here
2) Extract it’s content
3) Copy and paste the newly extracted version folder to wherever your old folder currently is.
4) Delete the sites folder from your NEW newer version NOT from your current older version (as your going to copy all your existing content from your current older version in here)
5) Copy the sites folder from your older one version into the newer version folder
6) Delete older folder completely – you will have this named after the website your working on. (again just make sure you’ve copied out your sites folder)
7) Rename the newer version’s folder to whatever you previously had named for your website.
8) Add /update.php when you first login to your new 7.x site just to check to see if any module updates are available.
- Don’t reuse passwords:
This is not only for Drupal but universal.
never ever use old passwords again and again. There are lots of passwords breaches related to old passwords.
researchers have determined that reuse of the same password for low security services is safer than generating a unique password for each Time.
“There are very few situations where password strength really makes a difference,” says Matt Weir
An analysis of the Gawker password set found 76 percent of people reused their passwords
- Use HTTPS for Everything:
over HTTP (Hyper text transfer protocol)
data will be travels in plain text. and over HTTPS (Hyper text transfer protocol Secure) data will travels with SSH (secure shell), that means in encrypted way.
over http protocol people (hacker) are able to sniff data easily.
- Consider 2 Factor Authentication :
Drupal has been doing a great thing with implementing two factor Authentication. Drupal Using TFA Module (Two Factor Authentication).
” As a base module, TFA handles the work of integrating with Drupal, providing flexible and well tested interfaces to enable your choice of various two-factor authentication solutions like Time-based One Time Passwords (TOTP), SMS-delivered codes, pre-generated codes, or integrations with third-party services like Authy, Duo and others.”
Source: Drupal Official
- Understand The Drupal Security Team :
Drupal Security Team is a group of Drupal Experts who help to review Drupal code for security issues and coordinate fixing of reported problems for you.
The main Goals of the Security team as follows:
= providing assistance for resolving security issues.
= providing Documentation for how to write secure code.
= providing Documentation for how to secure your Drupal website.
= Helping infrastructure team to keep drupal infrastructure secure.
If you like our article “5 Essential Tips to keep Secure Drupal Site” please share it 🙂