How to improve security on Drupal websites

Hiding Drupal Traits

Some users believe that hiding Drupal traits and characteristics may help prevent automated attacks on Drupal sites. This practice is controversial and has been disputed at Hide, obscure, or remove clues that a site runs on Drupal.

That being said, the following is a list of actions that you may take to attempt to conceal the fact that your site is running on Drupal:

Migrate CSV files using intermediary SQL tables

Using migrate-7.x-2.6-RC1.


Have you ever had a problem that certain rows in the CSV files used for Migration were empty, or didn't
need to be imported because of bogus data / empty fields?

Or maybe your CSV data is de-normalised and you want to skip certain rows that would
map to the same entities, but because of the skipping, your migration always shows
Incomplete Migration? Isn't that annoying? Especially if there are other dependent migrations
on the incomplete one, which won't run unless executed with --force.

SpamSpan and the Email Field module

SpamSpan,, works with the Email Field module to provide modified email fields for use in content and Views.

Set up and configure Spamspan. Make sure SpamSpan works as a filter.

Set up and configure the Email Field module, Test the Email Field module by adding an email field to content.

Field storage tables

These tables are used to store values and revisions to values for the fields that are available with a stock installation of Drupal 7. More tables of this format will be added as fields are added to entities such as nodes, users and comments.

Independent tables

These eleven tables do not belong in a group of tables.

Node tables

There are four primary node-related tables. There are many relationships to the node table and another to the node_type table that reach into other table categories.


Subscribe with RSS Subscribe to RSS - Needs copy/style review