Drupal is used by 2.1% of all the websites in the world, and with management system market share of 4.0% is the third most widely used CMS, behind WordPress with a 59.9% share and Joomla with a 6.1%.
With an active and committed developer community, constant updates, and a wide variety of available modules, Drupal is a versatile platform suitable for everything from personal blogs to websites.
Even though Drupal is not the platform with the highest number of reported security issues or breaches, because of the recent exploit involving a remote code execution vulnerability, lovingly dubbed Drupalgeddon 2 (following the first one from 2014), this CMS is currently under additional scrutiny.
If you are running a business of any kind and use a Drupal based website for interactions with customers, as an online marketplace, to store or process sensitive personal data on it, or basically, to do just about anything more serious than posting an article every once in a while, you might stand to lose quite a bit if your site is compromised. Here’s how to prevent that from happening.
but if they do happen, allows for greater transparency in user actions. Aside from assigning accountability, this kind of insight is invaluable for the event analysis and identification of vulnerabilities.
While planning for the worst case scenario doesn’t seem like the most proactive way to approach the problem, it is one of the most essential steps you need to take. Naturally, you need to ensure that your backup methods don’t create new vulnerabilities, so be careful how and where you keep your backups.
Despite the recent buzz around a major exploit, Drupal is, on average, just as secure as other CMS platforms. However, just like with other content management systems, you need to stay on your toes when it comes to following security best practices. Among other things, this includes regular updates of your Drupal deployment and individual modules; limiting user authorization; segmenting the data you store; and keeping backups, if everything else fails. Aside from this, make sure to occasionally check out the security page on Drupal.org to see if new vulnerabilities have been discovered, and you shouldn't have too much trouble.