Drupal is an open-source content management system and website builder with a unique structure that allows it to be highly flexible and extendible. For these reasons and more, it’s favored by technical developers and many large websites, including .gov and .edu domains.
With its popularity among enterprise and mid-market users, there is a strong focus on security within the community. Even with this, there is no software in the world that can claim to be immune from hacks and vulnerable code.
Last week we wrote about a year-old Drupal database spam campaign that’s evolved to leverage core features and popular modules while hiding itself from website administrators. Three years ago, Drupalgeddon showed the world that unpatched websites can be exploited within several hours of releasing a security update. Only a year ago, we reported that unpatched Drupal sites continue to be exploited by this vulnerability.
The Drupal community is one of the most technically advanced in the CMS ecosystem. In continuing our mission to provide educational content, we created a new guide just for Drupal websites.
A Guide to Fix Hacked Drupal Sites
This guide offers Drupal administrators a foundation for dealing with a hack. We took inspiration from the community and included a long list of Drupal modules that are recommended for enhancing security.
Until then, you can also watch this talk at last year’s DrupalCon by Sucuri Co-founder Tony Perez:
Get Help or Contribute
These guides are integral to our vision of becoming a constant force in the evolving landscape of website security. We can’t do that without contributions from our community.
To make this guide even more valuable, we welcome your insights. If you want to suggest an update, get in touch with us by emailing: firstname.lastname@example.org