With a 10- and 6-year lifespan, Drupal 7 and 8 have received security updates for longer than most competing content management systems, keeping Drupal sites secure without requiring disruptive upgrades. Drupal 7, which was released in 2011, will also be retired in 2021. The Drupal Versionsĭrupal 8, the most recent major version, was released in November 2015 and will reach the end of its life in November 2021. Unlike proprietary content management systems, the Drupal project has no incentive to keep vulnerabilities secret and every incentive to fix them quickly. It is based on an open source web framework (Symfony) that is open to the same scrutiny. In addition to the Security Team, Drupal has a couple of other advantages that businesses should know about when choosing a CMS: it is open source and major versions of Drupal receive security updates for many years.īecause Drupal is open source, its code is open to scrutiny by users, developers, and the wider community. The developers are responsive to vulnerability reports and they release patches quickly. Thanks in large part to the security team, Drupal has an excellent track record. Vulnerabilities should be fixed quickly and a patch released so that users can protect themselves. The way projects handle vulnerabilities when they are discovered is just as important as their commitment to minimizing vulnerabilities in the first place. This is true of all content management systems. Is Drupal Secure Long Term?Īs complex software, Drupal occasionally suffers from bugs that cause software vulnerabilities. We recommend testing any changes on a dev site before sending to a production site. PHP versions can quickly be changed by Nexcess cloud clients in the Client Portal. Drupal is developed in PHP, so all site owners should make it a priority to update their PHP version. 2019 has seen PHP 7.0 and 7.1 reach end of life, meaning they will no longer receive security updates. Learn more about the Nexcess WAF.Īnother exploit that will be taken advantage of is outdated PHP versions. For Drupal site owners, this means that it’s important they secure their sites and ensure they have an up-to-date WAF. Several sources have predicted that injection vulnerabilities will continue to grow in number, largely because it’s possible to make money with these attacks. A properly configured WAF from a hosting provider like Nexcess would have been able to prevent this attack from taking place. While Drupalgeddon3 was just as severe as Drupalgeddon2, it actually resulted in fewer recorded attacks due to requiring the attacker to be authenticated on the attacked host. Again, this was a code execution vulnerability that led to site takeovers. Again attacking the form API, this flaw resided in the destination parameter. Druaplgeddon3ĭrupalgeddon3 then struck in late April. Once discovered, the introduction of a new WAF rule by Nexcess meant that this exploitation was quickly stopped for our clients. In 2018, it was found that only 11% of 2018’s identified vulnerabilities came from Drupal, far below the number attributed to WordPress. According to research by Imperva, Drupal is more secure than most other popular web applications, including WordPress, Magento, and Joomla. At its foundation lies a stable source code with limited vulnerabilities and a sizeable support community. Where you can go for more information and guidance.ĭrupal is often praised as being highly secure.Who is responsible for specific areas of Drupal security and site protection.How to prevent those vulnerabilities from causing damage with Drupal security features.What Drupal security problems are most common with this CMS.Starting with a brief history of Drupal security, this guide looks at the biggest Drupal security problems, what exploits are most commonly attributable to Drupal, how you can protect your site with Drupal security features, and who can help you to protect your Drupal site. In many cases, these attacks would have been prevented if site owners had adhered to Drupal security best practices. These vulnerabilities have often attacked outdated or unmaintained areas of Drupal Code. There have been Drupal security vulnerabilities associated with the CMS - some of which have been severe for site owners. It has its own unique Drupal security problems. For this reason, organizations around the world have decided to rely on Drupal, and its ability to provide the site foundation they need to remain secure. Since its creation in 2000, the web application has seen limited Drupal security vulnerabilities when compared with other popular CMS platforms. Drupal is a secure CMS used by almost 3% of websites worldwide.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |