In the previous https://www.seedem.co/es/blog/drupal-es-sinonimo-de-seguro-avanzada we talked about the advanced security of Drupal. Today we want to expand a little more on the advantages of Drupal in security and give you some recommendations.
Proven high standards
Drupal-based organizations around the world (including enterprise-level brands), leading universities, government, and large nonprofits put Drupal's high security standards to the test every day.
Drupal Security Throughout the Website Process
The Drupal community has built-in security measures to combat threats, which is certainly reassuring. To proactively protect your site, the concept of security should be top of mind when launching campaigns, integrating systems/applications, or when deploying or updating software.
Safety first
A security-first approach means going beyond compliance to better assess risk. There are two paths to achieving this approach:
1) Culture: Adopting a security-minded culture for your organization.
2) Automation: assume a continuous development plan based on process automation.
In other words, start planning for security early and often throughout the website development process.
Don't wait until the project is about to launch to think about security!
Best practices for developers
Here are three ways to secure your Drupal site:
1. Choose the appropriate modules.
If you can imagine a feature for your site, chances are you can find it in the tens of thousands of community-contributed modules available for Drupal. With so many different options to choose from, how do you choose the safest potential modules? Some steps to take are to check how many sites are using the module, review issue queues, and avoid outdated or unsupported modules.
2. Use Drupal APIs
Check out the Drupal API documentation to secure your contribution or custom code in a project. Drupal APIs have been developed by the community and have built-in safeguards for database security. If you're writing new code, whether a small amount or a completely new module, Writing Secure Code for Drupal is a must-have reference guide.
3. Monitor Drupal security advisories
The Drupal security team publishes weekly security advisories on Drupal.org.
To stay up to date with security releases, you can subscribe to receive email or RSS notifications, follow @drupalsecurity on Twitter, or join the Drupal Slack #security-questions
Sleep better with a secure Drupal site