Take advantage of Drupal’s Status Report functionalityĪ great security feature to take advantage of in Drupal is it’s in-built Status Report page. If you absolutely need to keep inactive users in your Drupal database, change their role to ‘Authenticated user’ in order to limit any actions that could be performed. Users, especially Administrators and others who have the ability to modify content, are possibly one of the weakest points of any site because unfortunately, most users tend to choose weak passwords. Keeping inactive users on your Drupal site increases your attack surface. The more downloads and recent updates the extension has, the more likely it is for a vulnerability found, to be fixed quicker. This prevents you from installing malware or modules that do not fit your purpose.Ĭheck how many downloads the extension has and when it was last updated by its authors. Before installing an extension, read about it (ideally read reviews from other users on websites other than the extension developer’s site). When choosing modules to install, be selective. By avoiding the installation of unnecessary modules, you would automatically be reducing your site’s attack surface. Attackers can try to enumerate installed modules to discover what modules you have installed on your Drupal site. Extending your site’s capabilities and customizing it to your requirements is important, however, it should never come at the price of your website’s security.Įven if your Drupal installation and modules are all up to date, it does not mean that a site is not vulnerable to attack. In doing so, you can make sure your site is covered with the latest security updates by the extension’s author.ĭrupal allows you to extend and customize your site with thousands of modules. Therefore, making sure that your Drupal modules are up-to-date is essential. Modules you install on your Drupal site that contain vulnerabilities will undoubtedly increase your site’s attack surface. Running the latest version of Drupal alone is not enough to secure your site. Updates help your site remain safe against common, easy-to-exploit vulnerabilities. Updates of Drupal not only bring with them new features, but more importantly, bugfixes and security fixes are made available. However, with millions of sites still running old and vulnerable versions of the CMS, this point is still one that needs to be stressed. Running the latest version of any software is probably the most obvious first security measure to take. In this post, we’ve taken some time to detail a few measures which can be taken to address Drupal security, outlining the basic security holes or malpractices that are commonly present in thousands of Drupal sites. Drupal security should be at the forefront of anyone running a Drupal site, especially if running older versions of the CMS or it’s modules, since these are a ripe target for attackers. Drupal is a very popular Content Management System (CMS) on the Internet today.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |