Secure The Drupal Websites At Once
Securing the scripts, servers, database, handling passwords, and users accounts etc of the websites have never been an easy task. However, to ease the task and maintain the solid security of the drupal websites, here are the 10 user-friendly steps:
1) Websites that require the users to create their account are often equipped with automated information. Try to use CAPTCHA on login form. If anyone tries to do something fishy, captcha simply senses it, and restricts such fake logins.
2) Giving permission to various users to write or run the scripts is ignorance towards the security of the websites. Install FTP programs on to the server to restrict the users from re-writing the script without permission of the administrators.
3) The password is the key to the entire vital destinations of a website. Strong password for admin and FTP inhibits the unknown users from entering the control panels, server and, other domain areas.
4) Presence of outdated modules or the modules that are not used are to be instantly discarded from the websites. The underdeveloped modules or modules downloaded from the unknown sources tend to hinder the security of the websites.
5) Never send the password of the users in their emails. Doing so, the owners are compromising the account of users as well as their own websites. If the users email is hacked, the miscreant can simply crawl into the websites and create heavy loss.
6) Most of the hackers often target PHP through web interface, enabling them to overtake the server. To avoid such situations, move the PHP filters into the theme template files from the database into the file system and enforce the security protection on it. This is going to keep the attacker off the websites.
7) The websites based on older or outdated versions of drupal are most vulnerable to be attacked by hacker. The older scripts provide the way into the websites, resulting in loss of data.
8) Block the un-wanted extensions that usually accompany uploads. Images, HTML, scripts etc keep on loading on to the server, causing void in security. Remove such extension before saving uploads.
9) Frequently, try to review the security of the websites as it is going to pin point on any security glitch occurred in the websites. Tools such as Nikto, Skipfish, Security review etc are going to prompt the security breach if any found.
10) Last but not the least; maintain the backup of the websites. The backup is going to re-store the database in case the website runs into a problem.
1) Websites that require the users to create their account are often equipped with automated information. Try to use CAPTCHA on login form. If anyone tries to do something fishy, captcha simply senses it, and restricts such fake logins.
2) Giving permission to various users to write or run the scripts is ignorance towards the security of the websites. Install FTP programs on to the server to restrict the users from re-writing the script without permission of the administrators.
3) The password is the key to the entire vital destinations of a website. Strong password for admin and FTP inhibits the unknown users from entering the control panels, server and, other domain areas.
4) Presence of outdated modules or the modules that are not used are to be instantly discarded from the websites. The underdeveloped modules or modules downloaded from the unknown sources tend to hinder the security of the websites.
5) Never send the password of the users in their emails. Doing so, the owners are compromising the account of users as well as their own websites. If the users email is hacked, the miscreant can simply crawl into the websites and create heavy loss.
6) Most of the hackers often target PHP through web interface, enabling them to overtake the server. To avoid such situations, move the PHP filters into the theme template files from the database into the file system and enforce the security protection on it. This is going to keep the attacker off the websites.
7) The websites based on older or outdated versions of drupal are most vulnerable to be attacked by hacker. The older scripts provide the way into the websites, resulting in loss of data.
8) Block the un-wanted extensions that usually accompany uploads. Images, HTML, scripts etc keep on loading on to the server, causing void in security. Remove such extension before saving uploads.
9) Frequently, try to review the security of the websites as it is going to pin point on any security glitch occurred in the websites. Tools such as Nikto, Skipfish, Security review etc are going to prompt the security breach if any found.
10) Last but not the least; maintain the backup of the websites. The backup is going to re-store the database in case the website runs into a problem.
Source...