Nothing can be worse than seeing your web site getting hacked or its security has been broken. Keeping your Drupal site updated is extremely important to ensure the working of your website. Recently, the announcements of some of the vulnerabilities such as SQL injection and automated attacks with 7 hours caused much fear among the Drupal community, taking steps to uncover the parts of attack and security issues.
Also, the open-source nature of Drupal has also made it an attractive target for the cyber criminals. Although, the Drupal Security analysts have done thorough research and audits from third parties to get rid of such kind of security issues. Still users can also take some preventive measures to strengthen the level of security of their site and thus minimize the risk of getting their website hacked.
In this guide, we will discuss about some practical ways through which you can prevent your Drupal site from being getting hacked. By following the strategies in this guide, you will be able to avoid and exploit vulnerabilities.
1. Update Your Website Often
Obviously, it depends on how often your website is updated, and I would suggest at least have a weekly backup. There are various Drupal modules and extensions available that help you perform this task with ease. Also, keep an eye on the update reports released over time. This way, you’ll be better alert about the problems within your Drupal site, including security issues such as date modules, database updates and so on.
2. Implement Security Patches Immediately
Whenever any security update is introduced make sure it is implemented as soon as possible. There had been cases in the past where severe security related issues discovered within the 7 hours after an update is released. This meant you don’t have much time to implement security patches to your site to prevent it from any potential attack.
3. Use Drush To Update Drupal Core
This is a useful option for those who run non-production websites, like local or development servers. Drush commands are an easy way to update your website and save you a lot of time spent on installing modules from drupal.org. It’s very easy to use, all you need to follow some simple steps and you are done.
- Go to the Drupal root in Terminal
- Run the Command “drush up drupal”
- and that’s all!
4. Keep Passwords Strong
Using strong passwords is extremely important to keep website hackers at bay. Make sure you update your password once in every 90 days for all your users, admin, ftps and several other important accounts.
5. Auditing Configurations for Security Problems
The beauty of Drupal lies in its ability of providing facility to perform a variety of things to be done in configuration. However, it also raises potential security problems. Make sure to carefully review the configuration of your website, and especially the permission screen since single mistake can create a lot of troubles. Also, make sure to run the high-end Security Review Module to understand the security related problems within your website.
6. Use Mollom
Websites that invite their readers to interact in the form of comments, posts and messages are quite popular among their users. It is an essential thing that helps your website gain attention. But it has its own set of issues as some cyber criminals can post spam comments, which can hamper the safety of your website. This is where the role of Mollom comes in.
Mollom is a great tool that helps you prevent comment spam and other unauthorized accesses with the help of CAPTCHA analysis. Some of its highlighted features are:
- Block spam comments on articles, pages etc.
- Protect user passwords
- Provide a high level of security to the user registration
7. Audit Your Own Code
No matter how seasoned developer you are, anyone can write incorrect and insecure code. Therefore, it’s extremely important to review your code for detecting potential issues. Automatic tools such as Coder Module can help you find SQL injection issues and an in-depth analysis of your hook_menu and use of user_access() can allow you to find out access bypass problems.
8. Store Code within the Version Control
Saving the code in the version control such as Git has a variety of benefits. Whenever you implement any kind of security update, you can easily see which code is changed if you code is saved in the source control. This is a logical way of determining the potential risk of the update.
To Sum Up
All said and done, the above mentioned tips will surely help you strengthen the security of your Drupal site. This way you will be keep your website absolutely “hack free” and determine common pitfalls.