Check a website for security vulnerabilities with the Security Review Drupal module

May 13, 2020
Check a website for security vulnerabilities with the Security Review Drupal module

Security above all! The Drudesk team would love to help all businesses make their websites secure.

This is why we offer our very popular service — a Drupal website security audit that we offer at affordable prices. During the audit, we perform in-depth checks and find security vulnerabilities. After a good clean-up, we always recommend using helpful tools that will help users keep an eye on website security.

One of these tools is the Security Review module that can quickly check a website for security vulnerabilities. In this post, the Drudesk help team will show how it performs a quick Drupal website security check on a number of important points.

Why is security important for a website?

Hackers use plenty of techniques (SQL Injection, cross-site scripting, remote code execution, and so on) to intrude into websites and manipulate their data for malicious purposes.

Hence the importance of web security checks — they help you discover your site’s weak points. Providing for your website safety allows you to:

  • ensure a crystal clear reputation to build a long-term customer relationship
  • protect your important business information from disclosure
  • keep your customers’ data (names, credit card numbers, etc.) intact
  • avoid being blacklisted by Google or other services due to security vulnerabilities
  • insure yourself from legal proceedings based on sensitive data manipulation
  • safeguard your business against direct money losses related to compromised data
  • keep your overall website performance smooth and never lose your conversions

The best Drupal security practices

If you are using Drupal, your situation with website safety is already favorable because Drupal is rated highly for security. However, to ensure Drupal website security, there are good practices website owners need to observe:

  • keeping your website up-to-date with the security releases published by the Drupal Security Team
  • using the HTTPS protocol for encrypted data transfer
  • setting the right roles and permissions to relevant users
  • taking precautions with the super admin user
  • using strong logins and passwords for admin accounts
  • doing regular backups
  • blocking access to important files
  • removing outdated modules
  • using helpful Drupal security modules

When it comes to this last point, in the collection of modules for checking and improving your Drupal website security, the Security  Review module will perform quick website security checks. Next, we describe its work.

Website security check with the Security Review module

The Security Review Drupal module can quickly check a website for security vulnerabilities. It performs an automated website security check on-demand, with a click on the admin dashboard.

This will give you a quick answer to the question “How secure is my website?” based on a number of factors. The module uses a very nice website security testing checklist:

  • Only safe extensions are used for uploaded files and images.
  • There are no dangerous tags in submitted content.
  • Untrusted roles do not have access to important permissions.
  • Error reporting is set to log only.
  • PHP files in Drupal files directory are not executable.
  • Files and directories are not writable on the server.
  • The private files directory is not in the server root.
  • There are no sensitive temporary files.
  • Untrusted users are not allowed to add dangerous HTML tags.
  • Base_url and trusted_host_patterns are not set.
  • Views are access controlled.

With the module installed and enabled, go to Reports — Security Review and click “Run and review” to start the website security check. After a few seconds of the check, you get a list of things to improve. Each of them can be opened for more details or skipped.

Security Review Drupal module

If you click on the “Settings,” you can select the website security check steps that should be skipped, set the “untrusted roles,” and choose to log the check results and skips.

Security Review Drupal module settings

The module does not do any improvements by itself — it is one of website security scanning tools. Its website security check is meant to inform you of what needs to be improved.

Let us check your website for security vulnerabilities!

Dealing with safety is difficult, even if the website security test runs from just one click on your dashboard. You will also need to know how to properly fix the discovered vulnerabilities in the check. But you can always call Drudesk!

Our Drupal support and maintenance team is here to check your website for security vulnerabilities and increase its safety. We respect your budget and offer very reasonable pricing for all stack of support services, including security tests. After years of experience with various site vulnerabilities, Drudesk devs can quickly find the cause of the problem.

So drop us a line if you would like to:

  • install and configure the security modules that check and/or improve your site
  • interpret their website security check results properly and take measures
  • check the website security comprehensively — with an audit by our experts

Never hesitate to contact us! What could be more affordable than our services? A totally free consultation! Drudesk: here is where your Drupal website security starts.

 Get new blog posts by email