Drupal Security

To strengthen Drupal websites security I decided to disable one-click automatic module updates from Drupal dashboard, unfortunately, it makes it harder not even for bad guys to compromise Drupal website but it also makes it harder for Drupal devs. Now, there are several options you might choose instead, composer being a top of them. But for this article, I will write down how to update modules using SSH. For Windows, we are going to use Putty: From your Drupal installation go to the modules…

There are a couple of great helper modules for Drupal to learn more about failing security holes - Security Review and Hacked.  Security Review The Security Review module automates testing for many of the easy-to-make mistakes that render your site insecure. Security Review runs the following checks: Safe file system permissions (protecting against arbitrary code execution) Text formats don't allow dangerous tags (protecting against XSS) PHP or Javascript in content (nodes and comments…