Hi,
Does anyone know if there is a security checklist for Drupal 7 or Drupal in general that someone could point me at. For example, I am looking for a list of things to check to make sure the site is secure before the site goes live.

Thanks.

Comments

whitingx’s picture

This page;

http://drupal.org/security/secure-configuration

give a useful list of items to work through. Theres some Drupal/SSL info here;

http://groups.drupal.org/node/135824

And information on the Security Team can be found here;

http://drupal.org/security-team

Hope this helps.

drupaldev77’s picture

Perfect, that is exactly what I am looking for.

Thanks.

Patrick_McMahon’s picture

This is just an idea but it would be cool if there was a built in security report in Drupal 7 that can alert the admin of things like folder/file permission problems and possible security problems. Things like users having to many permissions for things they should not have and such.

Justin_KleinKeane’s picture

I've put together a guideline I usually share with clients when they ask about locking down Drupal 7 at http://www.madirish.net/?article=490

hectorplus’s picture

Thanks, I learned a few things there!

greggles’s picture

The security_review module provides just that kind of feature http://drupal.org/project/security_review

There are always other things you can include on the list, but this is a good start.

hamza.gt’s picture

Hello,

I know this thread is quite old. But I'll just leave a link to a post about it here, in case anyone stumbles upon this post while searching :)
https://www.cloudways.com/blog/drupal-7-security-modules-tips/