You should take the security of your site very seriously. Fortunately, Drupal is fairly secure by default, but people make mistakes.
The Security Review module automates many of the easy-to-make mistakes that render your site insecure.
Features
Security Review runs the following checks:
- File system permissions
- Input formats
- Content (nodes and comments and fields in Drupal 7)
- Error reporting
- Private files
- Allowed upload extensions
- Database errors
- Failed logins
- Drupal admin permissions
- Username as password
- Password included in user emails
- PHP access
The results of some checks may be incorrect depending on unique factors. This module does not make your site more secure, but it does alert you to problem areas. You should use the results of the checklist and its resources to manually secure your site.
Note that the checks provided by this module do not make for a secure site. Security is a process, so you should work to pass all of the Security Review checks and also audit your site for risks this module cannot check for (see below for info on one provider of those services).
Development and maintenance
Acquia, the developers and maintainers of this module, offers detailed, targeted security review and support for Drupal websites.
Acquia Network and Insight
If you are an Acquia Network subscriber the Acquia Insight service (using the Acquia Network Connector module) provides nearly all of the Security Review checks and many other standard site checks. Signup for a free 30-day trial of the Acquia Network.
More information about security in Drupal
You may also be interested in reading the Drupal Security Report and for discussion of security consider joining Best Practices in Drupal Security on groups.drupal.org.
Project Information
- Maintenance status: Actively maintained
- Development status: Under active development
- Module categories: Security
- Reported installs: 4919 sites currently report using this module. View usage statistics.
- Last modified: January 17, 2012
