Drupal is one of the most popular Content Management System (CMS) packages on the Internet today. Unfortunately, that also means that it's one of the most attacked platforms as well. In this article, we'll discuss some simple steps you can do to help protect your Drupal 8 Content Management Systems.
- Update Drupal to the latest version. New attacks are continuously developed and it's important to stay on top of your updates and all security patches.
- Use two-factor authentication for all admin logins. Using Multi-factor authentication is critical for modern password security. There are quite a few MFA plugins for Drupal in the project marketplace.
- Always use TLS to encrypt your traffic. Encrypting traffic to and from your website is critical for you and your customers. Always use a TLS connection with any website when transferring sensitive data.
- Maintain routine backups and test them. A backup can become your last option between restoring your store and going out of business – we've seen it happen. Always maintain full backups of your Drupal site.
- Use the proper hosting provider type. Choosing the right provider can mean the difference between secure and insecure. Make sure you choose the right hosting provider for your business, to include a provider that's compliant with any regulatory requirements you may face.
- Use a Web Application Firewall. Web application firewalls are an industry best-practice used to stop breaches in their tracks. We recommend deploying a Web Application Firewall for all web applications, not just Drupal.
- Use Drupal Scanning Tools. Use a third-party scanning tool to look for issues with your Drupal site. HackerTarget runs one of the most popular scans and has a free version to test.
Protecting your Drupal site is about securing both your business as well as the data of your customers. For more information on this topic, please reach out to us; we're here to help!