Linode VPS Hosting, Starting at $19.95/month!

Get 2GB of Free Space from Dropbox

You are here

Featured Module Friday: Security Review Module

I felt that I have been giving too much attention to Drupal themes recently, so I have decided to do a weekly showcase on a Drupal module that everyone should be using or should use if the need arises. I am dubbing this weekly showcase Featured Module Friday. Hopefully I will be able to stick to the schedule and release an informative post about a great module every Friday. In any case, there over 10,000 modules listed on Drupal.org, so I should not run out of modules to write about in my lifetime.

This weeks featured module is the Security Review module. I chose this module first, as security is one of the most mportant parts of running a successful Drupal website, or any website for that matter. As you may have seen in the news recently, many websites of Fortune 500 corporations, law enforcement agencies, and even top security firms have been compromised by hackers. Obviously it is impossible to always be 100% secure, as new vulnerabilities in Apache, MySQL, PHP, and even Drupal are found every so often. In some cases, they are found by people who will not file a bug report or report a security vulnerability to the Drupal Security team. These people will use this information for malicious activities such as hacking your Drupal website. It is always a good idea to make sure you have the latest updates of all components of your web server stack, your Drupal core, your Drupal modules, and don't forget about your 3rd party libraries like Jquery or CKEditor. There was in fact recently a security announcement sent out by the Drupal Security team, that did not even apply to Drupal contributed files themselves. The vulnerability was in the CKEditor library that is used by the CKEditor module, and the WYSIWYG module.

The Security Review module will help you stay on top of the security within your Drupal website. It runs through the settings on your Drupal website, similar to the checks that Update Status module does for updated modules. It then gives you a nice list of what is secure on your Drupal website and what is not secure. It highlights all the things you are doing right to secure you Drupal website in green, while it highlights Drupal security issues in red to really make them jump out at you. See the graphic below for a screenshot of what you might see when you run the Drupal Security Review module.

Security Review module screenshot

The Security Review module was developed and is maintained by the team at Drupal Scout. Drupal Scout is a company started by Greg Knaddison, a.k.a Greggles, who is also the head of the Drupal Security Team. Drupal Scout offers targeted Drupal security reviews for specific scenarios with much more detailed reporting.

I highly recommed this module for any Drupal website and anyone who is building Drupal websites should have this in their bag of tricks. It is an easy way to make sure that your Drupal installation is as secure as possible at any given time. The Drupal Security Team is constantly testing contributed code against vulnerabilities and trying to find holes where they might show up. I commend them on their efforts as they make the software I use to build websites, Drupal, much more secure than any other CMS out there.

For more information on Drupal Security and Drupal Security best practices, please see the following resources: