How to Secure a Drupal Site

Security image

With the increase in bots, hackers and malicious scripts on the internet it has become every web developer’s duty to insure site security. As hackers become smarter (and more annoying), here are 4 modules to make your Drupal site bullet proof.


CAPTCHA is a program that protects websites against bots by generating and grading tests that humans can pass but current computer programs cannot. For example, humans can read distorted text but current computer programs can't. The term CAPTCHA (for Completely Automated Public Turing Test To Tell Computers and Humans Apart) was coined in 2000 by Luis von Ahn, Manuel Blum, Nicholas Hopper and John Langford of Carnegie Mellon University.

2. http:BL

http:BL can prevent email address harvesters and comment spammers from visiting your site by using a centralized DNS blacklist. This module provides efficient blacklist look ups and blocks malicious visitors effectively.

3. Honeypot

Honeypot uses both the honeypot and time-stamp methods of deterring spam bots from completing forms on your Drupal site. These methods are effective against many spam bots, and are not as intrusive as CAPTCHAs or other methods which punish the user.

4. Rename Admin Paths

Hackers and spammers are taxing on your web server resources. This module can be effective against registration spam bots or malicious people.  It renames the default admin paths e.g user and user/login so spammers don’t have access to them.

In addition to these modules one should perform the standard, well-known, well-publicized maintenance tasks associated with most information technologies:

  • Regular site back up
  • Update Drupal Core Regularly
  • Update con-tribe modules and themes
  • Pray