Community Documentation

Securing your site

Last updated January 20, 2012. Created by qiqiy on April 9, 2008.
Edited by silverwing, sanjiban, matt2000, greggles. Log in to edit this page.

This section provides security configuration advice for site administrators and includes both "things you should actively do" and "things you shouldn't do". The order of chapters is an attempt at identifying the priority of the configuration based upon the likelihood that it will be helpful and the potential benefit/harm of the configuration.

Site administrators should also sign up for the security mailing list. People interested in discussing security should join Best Practices in Security Group.

There are a number of contributed modules which can help with security, not all of which are documented in this handbook. Among those modules is the Security Review module which provides an analysis of your security configuration.

You can also read documentation for writing secure code.

Login or register to post comments

Looking for support? Visit the Drupal.org forums, or join #drupal-support in IRC.

Drupal’s online documentation is © 2000-2012 by the individual contributors and can be used in accordance with the Creative Commons License, Attribution-ShareAlike 2.0. PHP code is distributed under the GNU General Public License.

Contacting the Security Team

In order to report a security issue, or to learn more about the security team, please see the Security team handbook page.

Writing Secure Code

If you are a Drupal developer, please read the handbook section on Writing secure code.

There are many useful books about Drupal. Here are two that discuss security:

Advertising helps build a successful ecosystem around Drupal.