Securing Drupal

Security procedures

There are several things you should do to make your Drupal website more secure, besides making regular updates based on the information provided in http://drupal.org/security.

When deploying to a production server, make sure you have the following rules defined on your .htaccess file.

Painless Analytics

One thing that people that buy domains and serve web pages often forget is to confirm that there is only one single domain pointing to their website. What I mean is, your customers or visitors might reach your page in either your parent domain or subdomain (often www).

Secure login in Drupal

While its ok to serve a blog or a web page in normal HTTP protocol, when you login into your CMS (or any other web application you might use) should be done using a more secure protocol (HTTPS).

Drupal is a great CMS (I'm never tired of writting this :)) and allows you to serve your pages in standard HTTP while forcing the login to be secure.

Use disqus on your Drupal website

As you can see I'm using DISQUS to moderate and allow comments on this blog.

This allows a much easier management of all the comments made on your website, due to several facts:

Using Drush to manage your Drupal website

One of the tools I love the most to mange Drupal websites is Drush, simply because I like using command line tools and mostly when opening the web site and click on several buttons to clear the cache gives me a hard time.

Creating a blog blazing fast using Drupal

Maintaining a site or an application from a version control repository can help the code maintenance workflow. Therefore, I always use the Acquia Drupal git repository from:

git clone git://git.acquia.com/drupal/branches/7.x.git

Now lets install a Drupal using some Drush commands:

Subscribe to RSS - Drupal