The Security Review Module

Drupal's Security Review module is of normal difficulty to install and configure.

Warning: As of the date of this writing, this module is still in alpha release, but appears to work as needed. Exercise caution and conduct extra testing should you decide to move forward installing this module during it’s alpha release.

Credits & Thanks

Thank you to:

Security Review Module

The Drupal Security Review module automatically tests for many security problems in the configuration of your Drupal site.

The Security Review module reviews your basic security settings and tells you if there need to be any changes that will make your website more secure. More often than not, security breaches come from un-updated Core software or basic settings that are exploited and turned into a breach. If you close those holes, hackers often move on to an easier target.

Install and Enable the Security Review Module

  1. Install the Security Review module on your server. (See this section for more instructions on installing modules.)
  2. Go to the Extend page: Click Manage > Extend (Coffee: “extend”) or visit in your browser.

    drupal security review module installation
  3. Select the checkbox next to “Security Review” and click the Install button at the bottom of the page.

If necessary, give yourself permissions to use the Security Review module.

  1. Click Manage > People > Permissions (Coffee: “perm”) or visit https://yourDrupalsite.devadmin/people/permissions .

    drupal security review module permissions screen
  2. Select the appropriate check-boxes for  
    • “Access security review pages”
    • “Run security review checks”
  3. Click the Save permissions button at the bottom of the page.

Configure the Security Review module

  1. Go to the Security Review module admin page by clicking Manage > Reports > Security Review (Coffee: “security”) or visit in your browser.
  2. DO NOT CLICK the Run Checklist button. Instead, go to the Settings tab.

    drupal security review module configuration
  3. Set any untrusted roles. The default selections are for typical site visitors. Your site may need to add more.
  4. Under Advanced, you can skip any tests that aren’t appropriate for your site. If you are unsure, don’t skip any of the tests.
  5. Click the Save configuration button at the bottom of the page.

Using the Security Review module

  1. Go to the Security Review module admin page by clicking Manage > Reports > Security Review (Coffee: “security”) or visit in your browser.
  2. Expand the RUN section.

    expand the run checklist section
  3. Click the Run checklist button.
  4. The Security Review module will run. It can take several minutes before it will present its results:

    drupal security review module test results
  5. As you can see, the Security Review module shows where your site might be vulnerable to attack.

You’ll want to work with your developers to fix the items in red to harden your website against malicious attacks.


Did you like this walk through of Drupal's Security Review Module?
Please tell your friends about it!

twiter social icon linkedin social icon pinterest social icon