Drupal is an open-source content management system and website builder with a unique structure that allows it to be highly flexible and extendible. For these reasons and more, it’s favored by technical developers and many large websites, including .gov and .edu domains.
With its popularity among enterprise and mid-market users, there is a strong focus on security within the community. Even with this, there is no software in the world that can claim to be immune from hacks and vulnerable code.
Last week we wrote about a year-old Drupal database spam campaign that’s evolved to leverage core features and popular modules while hiding itself from website administrators. Three years ago, Drupalgeddon showed the world that unpatched websites can be exploited within several hours of releasing a security update. Only a year ago, we reported that unpatched Drupal sites continue to be exploited by this vulnerability.
The Drupal community is one of the most technically advanced in the CMS ecosystem. In continuing our mission to provide educational content, we created a new guide just for Drupal websites.
A Guide to Fix Hacked Drupal Sites
This guide offers Drupal administrators a foundation for dealing with a hack. We took inspiration from the community and included a long list of Drupal modules that are recommended for enhancing security.
We’d like to thank Chris Teitzel at Lockr for helping with tech review, as well as our in-house Drupal specialists Cesar Anjos and John Castro.
We also plan to release an infographic and webinar to accompany the guide, as we’ve done with our other website security guides over the past year.
Until then, you can also watch this talk at last year’s DrupalCon by Sucuri Co-founder Tony Perez:
Get Help or Contribute
These guides are integral to our vision of becoming a constant force in the evolving landscape of website security. We can’t do that without contributions from our community.
To make this guide even more valuable, we welcome your insights. If you want to suggest an update, get in touch with us by emailing: marketing@sucuri.net
If you have difficulty with the guide, you can usually find help by posting on the Drupal support forums. You can also chat with us to learn how we can help you fix and prevent Drupal hacks.
Tony Perez
Daniel Cid
Puja Srivastava
Marc Kranat
Northon Torga