![]() Install the site following the Drupal guidelines to secure file permissions and ownership (using the fix-permissions.sh included with the guidelines is a quick way to do this).Configure all servers and environments to use HTTPS.That said, for more comprehensive content and considerations, I recommend learning more about securing your site on and other security sources. This list was reviewed by Lullabot's security team. The information below comes from various sources, including the security recommendations on, articles from Drupal Planet that discuss security, a Drupal security class I took with Gregg Knaddison and his 2009 book Cracking Drupal, a review a numerous internal Lullabot documents regarding security, and other sources. The checklist below should be understood as a thorough, though not exhaustive, guide to securing your Drupal 8 site that contains private data, from development to launch and after. Rather than systems administrators well-versed in the minutia of securing a web server, the list below targets Drupal developers who want to advise their clients or employers with a reasonable list of recommendations and implement common-sense precautions. These suggestions also do not ensure General Data Protection Regulation (GDPR) compliance, a complex subject that is both important to consider and beyond the scope of this checklist. For instance, this article does not cover vulnerabilities beyond Drupal, such as physical vulnerabilities or team members using unsafe hardware, software, or networks. No matter how many precautions we take, we can never guarantee a 100% secure site. ![]() Keeping a Drupal 8 site secure requires balancing various needs, such as performance, convenience, accessibility, and resources. This article provides a checklist to ensure the sensitive data on your site is secure. ![]() Not only do you want to keep your site accessible to you and the site’s users, but you also cannot afford to have private data stolen. A Drupal site with private and confidential data brings with it some unique risks. For some Drupal sites, we must do more than just keep up-to-date with each and every security release. Drupal has a great reputation as a CMS with excellent security standards and a 30+ member security team to back it up.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |