Drupal Basics Tutorial
Drupal Advanced
Drupal E-Commerce
Drupal Useful Resources
Selected Reading
- Drupal - Announcements
- Drupal - Site Upgrade
- Drupal - Site Backup
- Drupal - Optimization
- Drupal - User Management
- Drupal - Comments
- Drupal - Taxonomies
- Drupal - Menu Management
- Drupal - Publish Content
- Drupal - Delete Content
- Drupal - Modify Content
- Drupal - Create Content
- Drupal - Create Pages
- Drupal - Create Articles
- Drupal - Create Blog
- Drupal - Static Pages
- Drupal - Front Page
- Drupal - Themes & Layouts
- Drupal - Blocks & Regions
- Drupal - Main Menu
- Drupal - Architecture
- Drupal - Installation
- Drupal - Overview
- Drupal - Home
Drupal Advanced
- Drupal - Site Security
- Drupal - Poll Module
- Drupal - Form Module
- Drupal - Contact Module
- Drupal - Aggregator Module
- Drupal - Book Module
- Drupal - Pane Module
- Drupal - Default Modules
- Drupal - Extensions
- Drupal - Internationalization
- Drupal - Social Networking
- Drupal - Triggers & Actions
- Drupal - Multilingual Content
- Drupal - Error Handling
- Drupal - Site Search
- Drupal - URL Alias
Drupal E-Commerce
- Drupal - Order History
- Drupal - Email Notifications
- Drupal - Invoice Generation
- Drupal - Setup Payments
- Drupal - Setup Shipping
- Drupal - Receive Donations
- Drupal - Setup Discounts
- Drupal - Setup Taxes
- Drupal - Create Categories
- Drupal - Create Products
- Drupal - Setup Shopping Cart
Drupal Useful Resources
Selected Reading
- Who is Who
- Computer Glossary
- HR Interview Questions
- Effective Resume Writing
- Questions and Answers
- UPSC IAS Exams Notes
Drupal - Site Security
Drupal - Site Security
In this chapter, we will study how to secure the Drupal site. This chapter specifies security configuration suggestions for site administrators and alerts the administrator how to secure the site.
There are many contributed modules which help you with security configuration in which Security Review module automates testing the mistakes that makes your site insecure.
You can report a security issue directly with Drupal core, contrib or Drupal.org by sending an e-mail regarding the issue. The security team will help in resolving your issue with the help of project maintainer.
Secure your file permissions and ownership by configuring the server file system, as the web server (e.g. Apache) should not have access to edit or write the files. It should be read only files, which gets executed later.
The security risk levels are based on , so that the organization can verify how to manage the problem. Below are the points that will help you understand the security risk level by assigning the number between 0 to 25 −
0 to 4 − Not Critical.
5 to 9 − Less Critical.
10 to 14 − Moderately Critical.
15 to 19 − Critical
20 to 25 − Highly Critical.
While accepting the sensitive information pke credit card number, the PCI (Payment Card Industry) defines a number of Data Security Standards. Though this is not Drupal specific, it is important for each Drupal developer to be aware of this. To know more about the PCI issues, you can refer this pnk .
The users are allowed to be deleted or even for the users to delete themselves in Drupal site which can lead to an unexpected situation sometimes.
Enable HTTPS, which is more secure to send sensitive information to a website such as−
Credit cards
Sensitive cookies such as PHP session cookies
Passwords and Usernames
Identifiable information (Social Security number, State ID numbers, etc)
Confidential content
Enhance your security using contributed modules. Some standard module categories are −
Security category
User access / authentication
Spam prevention modules
You can disable the roles and permissions of the user by instalpng the Secure Permission module.
The security operation can be improved in the login operation by instalpng the Login Security module.
The site administrator can secure its site by making it private and by restricting the site to pmited access for the users by the role. Due to this process, your site will not be reachable to search engines and other crawlers (to create an index of data in www).