How to protect the security of your Drupal website?

How Drupal is updated

Drupal is an open-source software managed by communities established by amateurs and experts. The community members responsible for security focus on the verification of all modules and Drupal cores on Drupal.org during development. This super-capable community team has a long history in Drupal and has a full understanding of Drupal's core code, past and future plans.

Members are responsible for analyzing existing applications and preventing them from being maliciously threatened, regardless of the source. When a problem is detected, they assess the impact of the problem and determine whether IT is urgent to determine an appropriate solution (an appropriate mode of communication, I do not know if this is an IT term, to meet the needs of the community. This usually indicates that in order to avoid risks, every update is released on the convention's two-week announcement notice.

The security team can work independently and regularly update modules and Drupal cores. The following are some methods you can follow to ensure website security and timely updates.

Security notification

Most Drupal users have accounts on Drupal.org. If you do not have any information, you may have missed it. Register one now. From your account, you have the permission to go to the "subscription" page. On this page, you will be invited to subscribe to the security section and receive updated notifications.


Ps: // logs "/>



Twitter

Like all other awesome technical communities, Drupal's security team also has a Twitter account: @ drupalsecurity.

RSS

You can subscribe to two different RSS sources promoted by the "Drupal core" and "third-party module" security teams.

Your website application maintenance

Whether you have developed your website or made it by a network company, it should be maintained once it is launched. The purpose of maintaining your website is not to turn it into Rolls-Royce, but to prevent errors or security threats, and keep it up with the new features in the Drupal core and updates to some modules you are using. Early and timely updates are very meaningful.

You can also choose the update frequency and method, but the implementation method is always the same: update the core, update the topic and module, test whether all your applications are available before all your Updated projects go online. Before configuration, make sure that your code library, file directory, and database are all backed up to avoid errors.

How can I update my website?

You can use different technical methods to obtain the core, topic, and Drupal module of the latest version. No matter how you use it, you can obtain new files to install them on your website. Here is a rough summary of how to do this (this solution is just an example provided for your project. For details, refer to your frequently used configuration steps ).

Back up your website in a local environment:

Obtain new files or patch updates
View the update log to see which functions on your website will be affected and change, including any new dependencies (new dependency does not know how to translate), small API changes, or another notepad that needs to be manually loaded during the update process.
Replace files or application patches. In this case, the update has been completed, but they have not been applied to your website.
You may be asked to release the database "update", for example:

In this case, start the Drush UPDB drush command or install the "update. php page" to your local backup website. This operation will be applied to the database changes on your website.

To ensure that all updates take effect, clear the website cache. Please note that this may take some time and affect the operation of website navigation. For websites in operation, we recommend that you maintain the existing configuration steps.
Once all are completed, test your website. Check whether all operations are normal.

If you update your Drupal website between two very different core versions, some functions may also be affected. However, the main functional changes will not be felt from a core to the next version. At the same time, if you are confident about the update process, update your website or all websites according to your usual methods.

How to update Security SA-CORE-2014-005-Drupal core-SQL injection

If your website has been well maintained, stable updates will become very easy and will not affect your project functions. You can use this new version of Drupal core as usual: https://www.drupal.org/project/drupal (link is external)

However, if you have not maintained the core of your application for a while (skip some versions) and we do not recommend this. If you have made manual changes to the Drupal core, we recommend that you apply only those updates including security patches. Here https://www.drupal.org/files/issues/SA-CORE-2014-005-D7.patch (link is external)

In both cases, changes in the new version of Drupal will not affect your project functions, because it only affects tables (should forms be translated into tables or formats here ?) Related file.

How can I ensure the security of my shopping website?

Security is the main problem of an e-commerce website. As a businessman, ensuring a safe shopping website is also your responsibility for consumers. To ensure the security of your website, you must first update the Drupal core frequently, whether it is secure or not, or whether it bears the risk consequences.

Then, update your modules on time. In some cases, the performance of your website may be affected.

For updates, refer to the standard update steps of your proxy or host provider. You can use the new platform. sh (link is external) technology to quickly update your website and then test with confidence.

How can business people ensure the security of your project?

Subscribers in the Drupal application support and commercial application resource column have already seen how we protect your website. We promptly update our customer websites and receive 100% protection, whether or not they are on our site.

Our Platform. sh subscribers benefit from using a "Drush make" workflow table to manage code libraries for their websites. This workflow table has the advantage of managing different versions of Drupal core and third-party themes and modules through a separate configuration file containing a series of elements that make up your website. Platform. sh uses this file to create and configure your website through the download module and core, making updates quick and easy.

By creating a Drush Make File, you can automatically restore the latest version of Drupal containing security patches. You save maintenance time and reduce potential problems.

In addition, for the stability of your host, Platform. sh shields HTTP commands without patches. Therefore, there are only stable websites on Platform. sh, and any unprotected websites will be taken immediately.

 

Link: https://commerceguys.com/blog/is-your-drupal-site-protected

Translator: Carol