Securing Drupal

Security procedures

There are several things you should do to make your Drupal website more secure, besides making regular updates based on the information provided in

When deploying to a production server, make sure you have the following rules defined on your .htaccess file.

Secure login in Drupal

While its ok to serve a blog or a web page in normal HTTP protocol, when you login into your CMS (or any other web application you might use) should be done using a more secure protocol (HTTPS).

Drupal is a great CMS (I'm never tired of writting this :)) and allows you to serve your pages in standard HTTP while forcing the login to be secure.

Subscribe to RSS - Security