Drupal | Security

Mature, stable and designed with robust security in mind

More than 1 million developers worldwide contribute to Drupal, making it one of the most secure and stable platforms in existence.

‘Drupal’ is synonymous with advanced security

As an open source project, Drupal has the advantage of scrutiny, maintenance and ongoing input from developers worldwide, as well as a dedicated staff team of security experts collaborating consistently to address and release security fixes.
With more than 1,000,000 developers worldwide contributing — including a large professional service provider ecosystem — the result is one of the most secure and stable platforms on the market.
Drupal is resilient against critical internet vulnerabilities — as evidenced by the proven 15+ year record of the dedicated Security Team identifying and mitigating potential vulnerabilities. Many security problems are prevented entirely by Drupal’s strong coding standards and strict community code review process.

As a result, mission-critical sites and applications choose Drupal, testing its security against the most stringent standards. Banking, governments, public administration and healthcare are the fastest-growing industries adopting Drupal, primarily for the rigorous security.
Recently the European Commission bug bounty program began funding Drupal as an investment in its entities.

Drupal’s security ensures:

  • User Access Control
  • Database Encryption
  • Information sharing via security reports
  • Auto-update and core validation work in partnership with GitHub
  • Prevention of malicious data entry
  • Mitigation of Denial of Service (DoS) attacks
  • Patching of issues before they’re exploited