DrupalReady
Back to Knowledge Base
Technical 5 min read

Security Hardening Your Site

Security modules and practices included in every DrupalReady template, and how to strengthen them further.

Built-In Security

Every template includes:

  • SecKit — Content Security Policy headers, XSS protection, clickjacking prevention
  • Honeypot — Anti-spam protection on all forms
  • Config Split — Environment-specific configuration (dev vs. production)
  • HSTS headers — Enforces HTTPS connections

User Permissions

Templates include a curated Content Editor role with minimal permissions. Editors can create and edit content but cannot access site configuration, install modules, or manage users. Only administrators have full access.

Keeping Updated

Run composer outdated drupal/* regularly to check for updates. Apply security patches immediately:

composer update drupal/core-recommended --with-dependencies

Additional Hardening

For production sites, also consider:

  • Two-factor authentication for admin accounts
  • Regular automated backups
  • Web Application Firewall (Cloudflare, AWS WAF)
  • Regular vulnerability scanning

Related Articles

Understanding Drupal Recipes

6 min read

Performance Optimization Guide

7 min read