Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By sachinbal on
Hi,
I am based out of India and I have a couple of basic sites which I have created in Drupal. I would like to know the steps I need to take to make my sites more secure. I have my sites on hostgator india and very recently my sites were hacked by "Jokr H4xor".
Regards
Sachin
Comments
=-=
first and foremost make sure the sites and all modules in use are update to date.
Thanks. I have taken care of
Thanks. I have taken care of the same. Is there anything else, which you can suggest
Regards
Sachin
check this list as per your
check this list as per your requirement
https://www.drupal.org/node/2368709
Let's Drupal
Use Ip block configuration
As you already got details for drupal security, Just wanted to add some more points :
If some trying to login from a random username and password again and again(using script that you can check from drupal DB logs module) then block their IP's using IP blocker configuration(url: admin/config/people/ip-blocking). I faced the same sometime back.
Best Regards,
Sanjay
skype:er.sanjaysoni
Secure your filepermissions
make sure your files have propper permissions setup:
https://www.drupal.org/node/244924
check for your log files for forced entry. while a giant pain if lots of users need to login i hide the login box and only tell legit users where it is. there are modules that can run a check list of stuff that needs to be secure and that monitor brute tries on login
Thanks....
Thank you for your suggestions. I have blocked a few IP's but I will go through all the suggestions and apply the best option.
Regards
Sachin