This week we’re going to focus on security:
- Keeping your WordPress site safe
- Keeping your Drupal site safe
- (Added bonus) Keeping your mobile phone safe
Today, let’s focus on Drupal.
Top of the list for best practices for Drupal security is keeping your site up to date. Though you may feel a maintenance agreement is an unnecessary expense, especially if you are new to Drupal site, any database-driven site is going to require more work than the “code and ignore” that you can frequently get away with when you have a simple, static HTML site.
We spoke with one of our colleagues, Shane Larrabee at FatLab, which provides support for a range of CMS systems.
“Maintaining a secure Drupal site is a proactive and reactive job. We monitor the Drupal security advisories (http://drupal.org/security) for both the Drupal core and contributed modules, and recommend updating whenever patches become available, and we help our clients handle any issues they may encounter while using their sites.”
There are also a number of non-technical best practices that you can handle without any technical help.
- Visit your website – sounds funny, but the number clients we’ve heard who don’t think to check their own sites regularly is pretty astounding. No-one knows the site better than you and your team. Make sure it’s working as you expect.
- Keep passwords and logins safe – limit the number of people who have access, be sure every team member has his/her own login so you can track down problems more easily. We know it’s kind of inconvenient, but changing passwords regularly makes good sense, too.
- Eliminate the default admin account. Leaving it in place means hackers only have to get your password – you’ve already given them your user name …
Shane points out another reason to keep your site up to date.
“Though most security patches are made without issue, allowing a site to become horribly out of date greatly increases the chances that an update will require a larger (and more expensive) effort.”
Stay current, stay safe, and your site should remain immune to attacks of every stripe.
And don’t forget to back up regularly! If things do go wrong, life’s a lot less stressful if you can roll back to the version of the site you had live yesterday. Talk to you developer or hosting provider for details on how the site is being safeguarded.