Security in Drupal

Submitted by admin on
Body

Writing secure code for Drupal

Following best practice while writing your own code can help keep it, and your website, secure

Security of generated PHP files

Drupal 8 generates PHP files programmatically, and attackers need to be prevented from doing the same

Secure configuration for site builders

Following best practices for configuring your site can keep your website secure.

Securing Authentication Credentials

Drupal websites often need API keys to access third party services. These keys need to be securely stored.

Securing file permissions and ownership

The server file system should be configured so that the web server (e.g. Apache) can't edit or write the files which it executes.

Securing the admin super user (#1)

Following best practice to secure the admin super user (#1) can help keep your website secure

US NIST Password Guidelines review

A review of Drupal 8 password storage and usage in relation to NIST guidelines from June 2017

Knowledge Category
Administering a Drupal site