How to Setup a Secure Drupal site

Submitted by ravisagar on Thu, 12/22/2011 - 14:35

Security is a Process, not a Product. It's an ongoing process for any product or service. As we know Internet is full of spammers and hackers threatening to deface or take down your site or steal confidential data. Everyone should keep security concern in mind when administering site/blog. No doubt Drupal community has developed a solid process to help you avoid major headaches when dealing with security matters.

Sharing Few major thing to make it more secure .

Use Strong Passwords
use strong password for authentication . anyone know your pass can log and perform potentially damaging actions .specially for user id 1 .

Reserve User 1 for Administration Purposes Only
Heading is self explanatory .

Be Cautious when Assigning Permissions
Each user can be given a set of roles , and each role includes a set of permissions . so take care while giving any kind of permission .

Keep Text Formats Tight and secure

User input is evil and should never be trusted . so set it as per as requirement.

Avoid using the PHP Filter Module.