Security

Securing Drupal

Security procedures

There are several things you should do to make your Drupal website more secure, besides making regular updates based on the information provided in http://drupal.org/security.

When deploying to a production server, make sure you have the following rules defined on your .htaccess file.

Secure login in Drupal

While its ok to serve a blog or a web page in normal HTTP protocol, when you login into your CMS (or any other web application you might use) should be done using a more secure protocol (HTTPS).

Drupal is a great CMS (I'm never tired of writting this :)) and allows you to serve your pages in standard HTTP while forcing the login to be secure.

Subscribe to RSS - Security