Credits & Thanks
Thank you to:
- Ben Jeavons for creating the Security Review module
- Greg Knaddison
- The large number of contributors that help maintain this module
Security Review Module
The Drupal Security Review module automatically tests for many security problems in the configuration of your Drupal site.
The Security Review module reviews your basic security settings and tells you if there need to be any changes that will make your website more secure. More often than not, security breaches come from un-updated Core software or basic settings that are exploited and turned into a breach. If you close those holes, hackers often move on to an easier target.
Install and Enable the Security Review Module
- Install the Security Review module on your server. (See this section for more instructions on installing modules.)
- Go to the Extend page: Click Extend (Coffee: “extend”) or visit https://yourdrupalsite.dev/admin/modules in your browser.
- Select the checkbox next to “Security Review” and click the Install button at the bottom of the page.
If necessary, give yourself permissions to use the Security Review module.
- Click People > Permissions (Coffee: “perm”) or visit https://yourDrupalsite.devadmin/people/permissions .
- Select the appropriate check-boxes for
- “Access security review pages”
- “Run security review checks”
- Click the Save permissions button at the bottom of the page.
Configure the Security Review module
- Go to the Security Review module admin page by clicking Reports > Security Review (Coffee: “security”) or visit https://yourdrupalsite.dev/admin/config/security-review in your browser.
- DO NOT CLICK the Run Checklist button. Instead, go to the Settings tab.
- Set any untrusted roles. The default selections are for typical site visitors. Your site may need to add more.
- Under Advanced, you can skip any tests that aren’t appropriate for your site. If you are unsure, don’t skip any of the tests.
- Click the Save configuration button at the bottom of the page.
Using the Security Review module
- Go to the Security Review module admin page by clicking Reports > Security Review (Coffee: “security”) or visit https://yourdrupalsite.dev/admin/reports/security-review in your browser.
- Expand the RUN section.
- Click the Run checklist button.
- The Security Review module will run. It can take several minutes before it will present its results:
- As you can see, the Security Review module shows where your site might be vulnerable to attack.
You’ll want to work with your developers to fix the items in red to harden your website against malicious attacks.
Did you like this walk through of Drupal's Security Review Module?
Please tell your friends about it!