Drupal Archive_Tar Vulnerability – 12/18/2019

Issue: On December 18, 2019, Archive_Tar, used in the Drupal content management system (CMS), has many vulnerabilities if a Drupal website is set to allow and process .tar, .tar.gz, .bz2, or .tlz file uploads Versions affected ? 8.8.x-dev8.7.x-dev7.x-dev Recommendation: Update Drupal 8Update Drupal 7 Source: https://www.drupal.org/sa-core-2019-012 Learn more about website security in our Drupal 8 Read More >

How to Update Drupal 8 Manually

There are many ways to update Drupal 8 – manually, automatically, with Drush, or with Composer. Below we cover how to update Drupal 8 manually: Backup Drupal Replace Core Files SSH File Manager Finalize Updates Secure your website and maintain performance with our VPS Drupal Hosting Backup Drupal 8 Backup Drupal with a module or Read More >

Drupal 8 Update Manager Settings

Drupal 8 can send email notifications when updates are available. This helps you update Drupal 8 core (after you create a backup) and modules as soon as possible. Below we share our recommended Drupal 8 Update Manager settings. Drupal 8 Update Manager settings Log into Drupal 8 Click Reports at the top Click Available updates Read More >

Add X-Frame-Options in Drupal 8 with the Security Kit Module

The X-Frame-Options HTTP header specifies whether your Drupal website can be displayed within other websites with the <frame>, <iframe>, <object>, or <embed> HTML tags. This improves Drupal security against clickjacking and related cyber attacks. Below we’ll cover how to install the Security Kit module and enable X-Frames-Options. Mozilla recommends using the superseding Content Security Policy Read More >

Add HSTS in Drupal 8 with the Security Kit Module

Adding HSTS (HTTP Strict Transport Security) in Drupal 8 forces web browsers to only load your website with a valid SSL certificate. This improves Drupal security against downgrade attacks and similar man-in-the-middle (MITM) attacks. HSTS is similar to a HTTP to HTTPS redirect but within the browser. Below we’ll cover how to install the Security Read More >

Add Content-Security-Policy (CSP) in Drupal 8

The Content-Security-Policy Drupal module helps you configure a Header set Content-Security-Policy header to specify what sources your website should load scripts from – (e.g. your own website, embedded YouTube video, and analytics trackers). This forces supporting web browsers to ignore other external requests to mitigate cross-site scripting (XSS) and other code injection attacks. There are Read More >