Drupal is one of the most popular content management systems, and is used by a number of high profile brands and highly trafficked websites.
The Drupal project is an open source software, distributed under the GNU General Public License (GPL), meaning that it is free. As a result, anyone can download, use, work on, share, and develop modules for the platform. Although this has a number of benefits, it does however mean that it is open to abuse, much like any other open source software.
Drupal Vulnerability Monitoring & Scanning
CyberScanner routinely scans and monitors your Drupal website against a database of more than 100,000 known vulnerabilities.
According toCVE Details , there are more than 300 Drupal specific known vulnerabilities affecting the platform, and 41% of these vulnerabilities involve cross-site scripting (XSS).
CyberScanner can help you keep on top of your Drupal security issues and ensures that no development changes compromise your secure status.
You can find out more about CyberScanner’s advanced Drupal application vulnerability scanner here.
Drupal Version Support
CyberScanner can scan and support the Drupal version Drupal 8.3.0 (release date 2017-04-05), as well as all previous versions, patches, and bug fixes.
Not sure which version of Drupal you’re on?
If it’s available, go to Administer (or Administration) > Reports > Status report. This will list your version number if you have Drupal 6.0 or later. In Drupal 5.x and earlier, the path to go to is Administer > Logs > Status report.
Failing that, look for a file named CHANGELOG.txt in the root of your Drupal directory and open it up to find the version that you are running.
If CHANGELOG.txt is missing, you can also check in includes/bootstrap.inc for a line at the top:
Before Drupal 7, this was in modules/system/system.module.
In Drupal 8, the definition of version locates at core/lib/Drupal.php:
const VERSION = '8.4.2';
If one of these is present, it will tell you which version you are running. If not, you have a version earlier than 4.7.2.
Securing your Drupal web application
As Drupal is an open source platform, there are a number of security plugins that have been developed to protect your Drupal site against brute force attacks, malicious networks, rate limits, DNS changes, and much more.
Some of the plugins include protection around:
- Login Security: Limit number of login attempts and deny access by IP address
- ACL: Access control lists for access to nodes
- Password policy: Defines more security password policies for users
- Captcha: Block form submissions from spambots/scripts
- Automated Logout: Allows administrator ability to log out users after specified time period
- Session Limit: Limit the number of simultaneous sessions per user
- Content Access: Permissions for content types by role and author
- Coder: Checks your Drupal code against coding standard and best practices
- SpamSpan filter: Obfuscates email addresses to help prevent spambots from collecting them
- Hacked!: Check to see if there have been changes to Drupal core or themes
Get in touch
We would love to hear from you!