Drupal Website Cyber Security
The biggest part of website hosting and maintenance involves warding off of hackers. They are out there, all day, every day, every where. Very similar to search engine bots, hackers can scan the entire internet searching for vulnerabilities. If they scan enough websites they will find one with any easy admin password, or any number of potential website vulnerabilities.
Fundamental to Drupal Website Security
- Stay up to date on Drupal module security updates. Apply new security updates as soon as possible.
- The Drupal Security Review module identifies other vulnerabilities such as file permissions and other settings.
- Change admin and database passwords on a regular basis.
- Configure and test file system and database backups.
- Install Drupal path2ban module, which automatically blocks IP's attempting web scanner attacks.
- Review and when necessary, block "Abnormal Visits".
Block Abnormal Visits
The Drupal Statistics module provides a list of the top website visitors, and a high number of hits from a single IP address can indicate hacking activity.
Any suspicious IP can be checked against http://iplocation.net to obtain information about who owns the IP and where it is located.