Drupal Security

Keep your website secure with Drupal!

Security Audits play a crucial role in an organization’s ongoing effort to address security concerns. After identifying any potential security issues, remedial steps need to adopted; in fact, a Security audit is one of the first steps that need to be taken. No organization in its right mind would want to leave their websites vulnerable to hacking, and conducting a security audit is the best way to tackle security issues.

How to implement Drupal security updates and issues behind the Implementation

May 15, 2015 - 16:17

I had updated a Drupal site recently and do had faced some issues after successful update of the site. Upgrading a Drupal site is an effective way to make sure that your Drupal site is currently updated with all the latest security updates. Before performing any major changes on your Drupal site, remember to take a complete files and database backup of the site.

[Drupal] Information disclosure vulnerability of drupal views

December 11, 2014 - 14:19

Drupal is a stable,reliable, and robust Content Management System. Views is a Drupal module, which provides a flexible method for site designers to control how lists and tables of content, or any other type of content has to be presented. The views module was a contributed one and was later adapted to the core from Drupal 8.

Drupal views are being used by almost 75% of the Drupal based sites to present the elements in a page. Most of the websites still use the Views module versions such as 6.x. Drupal Views versions, 6.x-2.9, 6.x-2.10 and 6.x-2.11, in Drupal 6 are vulnerable.

[Drupal] How to programmatically purify the contents of a Drupal website's feed?

If your Drupal website is delivering content to other third party sites through web syndication mechanisms like the RSS feed you need to purify the HTML markup before delivering it to them to prevent an XSS attack on those sites through your feeds. Read on to know how to programmatically purify the contents of your Drupal website's feed .

Top 7 Security mistakes found in Drupal sites

September 17, 2012 - 16:40

Drupal is inherently secure but as with most secure systems there will always be a few security loopholes that could be utilized by a user with malicious intent to bring down the whole site. As usual most of these security flaws lie mostly with the admin users of the website. We have listed down the top 7 security mistakes commonly found in a Drupal website which can be easily rectified by using a simple Drupal Security Checklist. The easiest way to ensure that your Drupal site is build safe is to have it built by experts. Contact Us to build your drupal site for you.

How to exclude a given file or directory from httpd password protection in apache

Apache allows you to protect contents of specific directories in your website or the whole website from unauthorized access using a mechanism called httpd password protection. During development of new sites the partially built sites are protected from unauthorized access using httpd authentication. This could sometimes interfere with testing of integration with third party services that might expect some of your URLs to be accessible without authentication. Here is how you can exclude a given file or directory from httpd authentication

How to add HTTP Authentication to a Drupal development site using .htaccess and .htpasswd

Password-protecting drupal development site with .htaccess file

There might be few scenarios when we need to protect our site from the general public and make it accessible to a selected group of users. One of the most common scenarios in the development workflow of a Drupal site is when you want to avoid your half-complete drupal site showing up in Google search results.For such needs, it is advisable to go for password-protecting the site using HTTP authentication.

If you have cPanel installed on your hosting server, you can use the ‘Password Protect Directories’ option from the ‘Security’ section on the cPanel home page. Click here to read on How to enable HTTP Authentication using cPanel (link to an article for the same on our site)
For those without cPanel, here’s how to get Apache work your way:

How to log in programmatically as user 1 in Drupal 7

Once in a while you will come across a Drupal site where you have to login to the site without having access to the credentials of user 1. You can easily reset the password of user 1 directly in the database or you can create a small work around to login to the site. Here is how you can login to the Drupal 7 site programmatically as user 1 without knowing user 1 credentials.

How to login programmatically as user 1 in Drupal 6

If you have a Drupal 6 site where you have access to the ftp account but not to the user 1 credentials here is how you can login programmatially to the site as user 1 without resetting the user 1 password. Now that you know that this is possible, remember to not give ftp access to users who do not have access to user 1 credentials as well.

Recovering / Resetting the password of user 1 in Drupal 6 or Drupal 7

Frequently we come across Drupal sites (live or testing) where the user 1 passwords are not known to the owner of the site. You can retrieve the password by changing the email address of user 1 to your email address and then use the forgot password option to reset your password. But if you don't want to change the user 1 email address but instead just want to change the password of user 1 there is an easier alternative via the database.

Simple steps to improve security on your Drupal site

To ensure the security of confidential data in your Drupal site, testing has to be done to determine whether it protects its data and at the same time maintains its functionality. Web applications are always prone to unauthorized access to or modification of sensitive information. The testing done on the applications to remove such anomalies is called security testing.