Drupal Security Configuration (Best Practices)

I was requested to give a complete security configuration for a particular Drupal website installed with the Acquia Drupal flavour. So, I asked myself, what makes a secure Drupal site? Here's my answer.


Common Drupal security tips

  • Read the Online Drupal security docs
  • Use the common functions like check_plain(), check_markup(), and t() for filtering texts and strings.
  • Use the Drupal API hooks where necessary.
  • Write safe form codes.

Recommended best security practices

  • Use Drupal core modules where necessary.
  • Install Mollom module. More information on Mollom can be found here.
  • Do not install dev modules on a live site.
  • Constant upgrade of Drupal to the latest version. Check drupal.org for security updates for Drupal.
  • Constantly check for updates of contributed modules.
  • Configure cron to run automatically at least daily. Click here to see how to configure cron.
  • Use private download method.
  • Enable Drupal core syslog module.
  • Watch "Cracking drupal: Proven strategies for uncovering security threats and protecting your site" Acquia webinar. The recorded webinar can be downloaded here.
  • You can also visit Acquia for support related services.


So, there it is. If you have any questions, suggestions or tips, please use the comment form.


See you on the next one.

Watch "Cracking drupal..."

You may want to update this document, because that webinar is no longer available.

Post new comment

The content of this field is kept private and will not be shown publicly.