Upgrade Your Drupal Skills

We trained 1,000+ Drupal Developers over the last decade.

See Advanced Courses NAH, I know Enough

The Security Review Module

Parent Feed: 

https://www.drupal.org/project/security_review

Warning: As of the date of this writing, this module is still in alpha release, but appears to work as needed. Exercise caution and conduct extra testing should you decide to move forward installing this module during it’s alpha release.

Credits & Thanks

Thank you to:

Security Review Module

The Security Review module automatically tests for many security problems in the configuration of your Drupal site.

The Security Review module reviews your basic security settings and tells you if there need to be any changes that will make your website more secure. More often than not, security breaches come from un-updated Core software or basic settings that are exploited and turned into a breach. If you close those holes, hackers often move on to an easier target.

Install and Enable the Security Review Module

  1. Install the Security Review module on your server. (See this section for more instructions on installing modules.)
     
  2. Go to the Extend page: Click Manage > Extend (Coffee: “extend”) or visit https://yourdrupalsite.dev/admin/modules in your browser.

    drupal security review module installation
     

  3. Select the checkbox next to “Security Review” and click the Install button at the bottom of the page.

If necessary, give yourself permissions to use the Security Review module.

  1. Click Manage > People > Permissions (Coffee: “perm”) or visit https://yourDrupalsite.devadmin/people/permissions .

    drupal security review module permissions screen
     

  2. Select the appropriate check-boxes for  
     
    • “Access security review pages”
    • “Run security review checks”
       
  3. Click the Save permissions button at the bottom of the page.

Configure the Security Review module

  1. Go to the Security Review module admin page by clicking Manage > Reports > Security Review (Coffee: “security”) or visit https://yourdrupalsite.dev/admin/config/security-review in your browser.
     
  2. DO NOT CLICK the Run Checklist button. Instead, go to the Settings tab.

    drupal security review module configuration
     </span>

  3. Set any untrusted roles. The default selections are for typical site visitors. Your site may need to add more.
     
  4. Under Advanced, you can skip any tests that aren’t appropriate for your site. If you are unsure, don’t skip any of the tests.
     
  5. Click the Save configuration button at the bottom of the page.

Using the Security Review module

  1. Go to the Security Review module admin page by clicking Manage > Reports > Security Review (Coffee: “security”) or visit https://yourdrupalsite.dev/admin/reports/security-review in your browser.
     
  2. Expand the RUN section.

    expand the run checklist section
     

  3. Click the Run checklist button.
     
  4. The Security Review module will run. It can take several minutes before it will present its results:

    drupal security review module test results
     

  5. As you can see, the Security Review module shows where your site might be vulnerable to attack.

You’ll want to work with your developers to fix the items in red to harden your website against malicious attacks.

Did you like this walkthrough? Please tell your friends about it!

twiter social icon linkedin social icon pinterest social icon

Author: 
Original Post: 

About Drupal Sun

Drupal Sun is an Evolving Web project. It allows you to:

  • Do full-text search on all the articles in Drupal Planet (thanks to Apache Solr)
  • Facet based on tags, author, or feed
  • Flip through articles quickly (with j/k or arrow keys) to find what you're interested in
  • View the entire article text inline, or in the context of the site where it was created

See the blog post at Evolving Web

Evolving Web