O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.
7 Best Practices for
Exceptional Drupal
Website Security
About Drupal
Drupal is an open-source content
management system (CMS) written in
PHP. It provides a complete framework
for...
Enforce these
measures for
securing your
Drupal
website
3
1. Update to the latest version of Drupal core &
Drupal modules
...
1.
UPDATE TO
THE LATEST
VERSION OF
DRUPAL CORE
& DRUPAL
MODULES
4
“
Whether it is your operating system, your antivirus, your browser or Drupal itself, running
the latest versions is the l...
2.
INSTALL
SECURITY
MODULES
6
There are many modules which help you find any loopholes in the
website code and fix them. T...
Here are
some of the
most useful
Drupal
security
modules:
7
Coder
Secure Pages
Hijack
Prevention
SpamSpan
Username
Enumera...
▪ Password Policy
Using this module, you can establish a set
of rules for passwords. For example, the
site admin can enfor...
▪ Automated Logout
This module allows the administrator to
define a time limit for a session. It means
that the user will ...
▪ Coder
The coder module allows the
administrators to verify that the website
code meets the Drupal coding standards.
10
▪...
3. CHOOSE
A REPUTED
HOSTING
PROVIDER
Drupal works efficiently on MySQL and PHP supported servers. So,
make sure you choose...
4.
DOWNLOAD
RELIABLE
MODULES
12
Granted, modules take the experience of Drupal to the next level.
However, you should be v...
5.
ENABLE
HTTPS
13
“
Be it any website, e-commerce, social media, government or even a small blog, there always exists a
substantial risk of ...
6.
BLOCK
ACCESS TO
YOUR
IMPORTANT
FILES
15
Using .htaccess you can restrict access to some of your highly important
files ...
7.
BACK UP
REGULARLY
16
Last but not the least. This practice is often underrated and ignored
by many website administrato...
Final Words
When it comes to website security, nothing can be guaranteed.
One moment it all runs smooth as silk, and you c...
Thank you very much
for your time
18
If you have any questions about this document please
don’t hesitate to contact us at:...
Próximos SlideShares
Carregando em…5
×

7 Best Practices for Exceptional Drupal Website Security

1.116 visualizações

Publicada em

7 most important modules to improve the Drupal Website Security, significant modules each user must implement to achieve a high level of web security.

Publicada em: Tecnologia
  • Seja o primeiro a comentar

7 Best Practices for Exceptional Drupal Website Security

  1. 1. 7 Best Practices for Exceptional Drupal Website Security
  2. 2. About Drupal Drupal is an open-source content management system (CMS) written in PHP. It provides a complete framework for developers. Around 2.3% of the world’s website have adopted Drupal to manage their content. These websites range from blogs to corporate sites and even some government websites. Drupal is the 3rd most widely accepted CMS in the world. Nonetheless, it doesn’t take anything away from the fact that you need to implement right security measures. Not only Drupal but everything that goes into making your website must be protected. But in this blog, we are going to focus only on best practices for Drupal security. Follow the measures below for remarkable Drupal security. 2 Just like any other major platform out there, there exists security danger on Drupal as well. However, Drupal is a more secure platform compared to its peers. Going by the numbers by CVE Details. Drupal has a low percentage of vulnerabilities compared to its market share. 46% of these vulnerabilities are cross-site scripting. Click here for the detailed breakup of the vulnerabilities.
  3. 3. Enforce these measures for securing your Drupal website 3 1. Update to the latest version of Drupal core & Drupal modules 2. Install security modules 3. Choose a reputed hosting provider 4. Download reliable modules 5. Enable https 6. Block access to your important files 7. Back up regularly
  4. 4. 1. UPDATE TO THE LATEST VERSION OF DRUPAL CORE & DRUPAL MODULES 4
  5. 5. “ Whether it is your operating system, your antivirus, your browser or Drupal itself, running the latest versions is the least you can and should do. The updates not only bring new features, they also improve security by means of bug fixes and hardening. More often than not, the susceptibilities present in the past versions are eliminated in the newer versions. Moreover, you must upgrade your modules as well. This is because the modules are quite often the cause of misery. Therefore, administrators must keep checking the update report at regular intervals and keep updating!!! 5
  6. 6. 2. INSTALL SECURITY MODULES 6 There are many modules which help you find any loopholes in the website code and fix them. These third-party security modules are checked and verified by the extended Drupal community. Therefore, you can be sure that they won’t cause you any trouble. There are tons of Drupal modules which assist you to fortify web security.
  7. 7. Here are some of the most useful Drupal security modules: 7 Coder Secure Pages Hijack Prevention SpamSpan Username Enumeration Prevention Automated Logout Password Policy
  8. 8. ▪ Password Policy Using this module, you can establish a set of rules for passwords. For example, the site admin can enforce the rules demanding one upper case letter, one number, one special character. This module can also help you implement password expiration. Consequently, the user is forced to renew his/her password on regular basis. 8 ▪ Username Enumeration Prevention Sometimes, the attackers try to get access to a website using brute force cracking. In this method, the attacker doesn’t try to crack the code. Instead, he/she tries to guess the username and keeps guessing until valid username isn’t entered. This module stops such attacks by not displaying the error message. This way the attacker won’t be able to figure out if the username exists or not. Thus, failing the brute force attacks.
  9. 9. ▪ Automated Logout This module allows the administrator to define a time limit for a session. It means that the user will get logged out automatically if he/she remains inactive for a specific period. 9 ▪ SpamSpan The SpamSpan module allows the user to obfuscate email addresses so that spambots cannot collect them. This way chances of malware and ransomware attacks by spam emails are reduced drastically.
  10. 10. ▪ Coder The coder module allows the administrators to verify that the website code meets the Drupal coding standards. 10 ▪ Secure Pages Hijack Prevention This module prevents hijacked sessions from accessing pages that are SSL- enabled, while it allows users to stay logged in while they’re on non-SSL pages.
  11. 11. 3. CHOOSE A REPUTED HOSTING PROVIDER Drupal works efficiently on MySQL and PHP supported servers. So, make sure you choose a server that supports Drupal. Opt for a reputable hosting provider even if you have to spend an extra few bucks. The hosting provider must perform regular backups and implements regular fixes. 11
  12. 12. 4. DOWNLOAD RELIABLE MODULES 12 Granted, modules take the experience of Drupal to the next level. However, you should be very mindful before pressing the download button. Make sure that the module has a sizable number of downloads. The chances of a module being insecure are thin if a module has a good number of downloads. Even if some vulnerability occurs, it will be solved quickly as it affects a large population. Also look when it was updated the last time. The higher number of updates it has, the better it is from a security point of view.
  13. 13. 5. ENABLE HTTPS 13
  14. 14. “ Be it any website, e-commerce, social media, government or even a small blog, there always exists a substantial risk of data getting compromised. These attacks have become a common phenomenon nowadays. Every month, we hear news of big data breaches. Such attacks are regarded as man-in-the-middle (MITM) attacks. How do you prevent these attacks? Encryption. To secure the connection between the user and the server, you must install an SSL certificate on the server. As a result, cyber criminals won’t be able to intercept and tamper the information transferred back and forth between the server and the client. Apart from the secure connection, SSL certificates also help you fare better in the search engine rankings. 14
  15. 15. 6. BLOCK ACCESS TO YOUR IMPORTANT FILES 15 Using .htaccess you can restrict access to some of your highly important files such as install.php and upgrade.php. Use the below code to protect your delicate files. <FileMatch “(authorize|cron|install|updgrade).php”> Order deny, allow deny from all Allow from 126.0.0.1 </FileMatch>
  16. 16. 7. BACK UP REGULARLY 16 Last but not the least. This practice is often underrated and ignored by many website administrators. If your website gets hacked or you lose its access because of ransomware attack, you can rebuild your Drupal website if you have the data intact. So back up your site regularly.
  17. 17. Final Words When it comes to website security, nothing can be guaranteed. One moment it all runs smooth as silk, and you could be staring at your own shadow in the blank screen at the very next moment. Let’s face it — you don’t want it, we don’t want it, anybody doesn’t want it — except the culprits. You must do everything in your hands to make sure that it doesn’t happen to you. The aforementioned practices will definitely help you take your Drupal website security to the next level. 17
  18. 18. Thank you very much for your time 18 If you have any questions about this document please don’t hesitate to contact us at: ▪ https://cheapsslsecurity.com/blog/ ▪ https://twitter.com/sslsecurity ▪ https://www.facebook.com/CheapSSLSecurities ▪ https://plus.google.com/+Cheapsslsecurity

×