Chapter 31. Securing Your Site


  • Security best practices

  • Keeping up with security notices

Site security is one of the most critical issues faced by Web site owners and administrators. Open-source software like Drupal is neither more nor less secure than any other type of software. The issues that face open-source systems are essentially the same issues that face all software users. Similarly, the steps you need to take to secure your site are common to most server-based software installations.

Site owners who rely on technology alone for their security are doomed to failure. Though I emphasize it throughout the chapter, it is worth mentioning again: People are your biggest risk. To keep your site secure, you must educate users and administrators, and you need to consistently implement common-sense practices and policies.

This chapter looks at security best practices for Drupal and provides advice and tips on how to make your Drupal site secure and how to keep it secure.

Security Best Practices

Creating and maintaining a secure Web site requires attention to a variety of issues. The process starts at server setup and continues throughout the life of the site. There is no such thing as a site you can create and forget and no such thing as a site that takes care of itself. To keep your site safe, you must take affirmative steps and develop an awareness of the issues. While you cannot protect yourself from every conceivable threat, you can reduce the vulnerability of your site ...

Get Drupal® 7 Bible now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.