Drupal Security Best Practices | Drupal 8

Drupal Security Best Practices

By nuwantha, 1 June, 2022
Question

Security tips for drupal

1. Update drupal core and contrib odules to the last version

Example with composer if you use core-recommended:

composer update  drupal/core-recommended:9.3.14 -W

2. Perform Regular Backups of the files and database.

You can use Backup and Migrate module

3. Avoid simple username and passwords

Avoid admin, root, drupal, 1234 ...

4. Block access to important files and unwanted text files using .htaccess file..

RedirectMatch 403 "/core/(.*).php"

RedirectMatch 403 "/core/(.*).txt"

RedirectMatch 403 "INSTALL.txt"

Or

<FilesMatch "(authorize|cron|install|upgrade)\.php">

    Order deny, allow

    deny from all

    Allow from 127.0.0.1

</FilesMatch>

5. Block bad bots using .htacces file.

RewriteEngine On

RewriteCond %{HTTP_USER_AGENT} ^.*(agent1|Wget|Catall Spider).*$ [NC]

RewriteRule .* - [F,L]

6. Enable trusted host from settings.php file.

$settings['trusted_host_patterns'] = ['^www\.example\.com$',];

7. Always use secure connections

8. Check file permissions

 

Tags

Comments

About text formats

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.