By rick | Tue, 05/21/2013 - 16:00
There’s nothing more important for a website than security. Which is why we want to share with you some tips and tricks for making the most of Drupal security, as put together by the folks over at CodeDiesel.com. Some of the better points on their article include:
Upgrade to Drupal 7
If you’re still using Drupal 6, you really should have upgraded by now. The security advances between the two versions are significant, including stronger security for stored user passwords, automated update notifications, and login rate-limiting technology that protects against brute force logins.
Regularly Perform Updates
Drupal updates contain important security protections. Make sure you get the most value by updating Drupal core, modules or or theme security features every time an update is available.
Consider Security when Choosing Themes
Lots of people choose the theme they think is prettiest, but as any monkey can tell you, the prettiest coat of hair can turn into a tangled mess if it isn’t regularly groomed or maintained. Make sure that the developers you’re relying on actively maintain their products with updates to get the best security for your site. The best Drupal sites are built with security and functionality in mind, not just the prettiest theme.
Make the Most of HTTPS
The CodeDiesel article explains, “Drupal by default operates only over HTTP, including sending any login credentials in plain text. One solution is to have the entire site operate over HTTPS. But while perhaps having an entire site over HTTPS is not ideal as of date, steps can be taken to at least have credentials and other form submissions in Drupal to occur over HTTPS.”
Keep Regular Backups
This is just good common sense for any computer activity. Everyone knows to keep regular backups, and yet so few do. Don’t be one of the dumb ones, keep regular backups!
There is no reason not to get the most out of your Drupal website while staying secure. The most secure websites are designed to maximize the many security benefits available through Drupal web design and development.
What other security procedures do you find work best with your Drupal site?