IN THIS CHAPTER
Security best practices
Keeping up with security notices
Site security is one of the most critical issues faced by Web site owners and administrators. Open-source software like Drupal is neither more nor less secure than any other type of software. The issues that face open-source systems are essentially the same issues that face all software users. Similarly, the steps you need to take to secure your site are common to most server-based software installations.
Site owners who rely on technology alone for their security are doomed to failure. Though I emphasize it throughout the chapter, it is worth mentioning again: People are your biggest risk. To keep your site secure, you must educate users and administrators, and you need to consistently implement common-sense practices and policies.
This chapter looks at security best practices for Drupal and provides advice and tips on how to make your Drupal site secure and how to keep it secure.
Creating and maintaining a secure Web site requires attention to a variety of issues. The process starts at server setup and continues throughout the life of the site. There is no such thing as a site you can create and forget and no such thing as a site that takes care of itself. To keep your site safe, you must take affirmative steps and develop an awareness of the issues. While you cannot protect yourself from every conceivable threat, you can reduce the vulnerability of your site ...