Drupal

The Matomo Analytics Drupal module connects your Drupal site to your Matomo Analytics application and eases the process of modifying the tracking code to better suit your needs without advanced programming experience. The Matomo Drupal module tracking options include: Specifying Drupal blog entries to track Ignoring logged in users while working on web design and Read More >

Issue: On December 18, 2019, Archive_Tar, used in the Drupal content management system (CMS), has many vulnerabilities if a Drupal website is set to allow and process .tar, .tar.gz, .bz2, or .tlz file uploads Versions affected ? 8.8.x-dev8.7.x-dev7.x-dev Recommendation: Update Drupal 8Update Drupal 7 Source: https://www.drupal.org/sa-core-2019-012 Learn more about website security in our Drupal 8 Read More >

There are many ways to update Drupal 8 – manually, automatically, with Drush, or with Composer. Below we cover how to update Drupal 8 manually: Backup Drupal Replace Core Files SSH File Manager Finalize Updates Secure your website and maintain performance with our VPS Drupal Hosting Backup Drupal 8 Backup Drupal with a module or Read More >

Drupal 8 can send email notifications when updates are available. This helps you update Drupal 8 core (after you create a backup) and modules as soon as possible. Below we share our recommended Drupal 8 Update Manager settings. Drupal 8 Update Manager settings Log into Drupal 8 Click Reports at the top Click Available updates Read More >

One of the first things you should do once you get started with Drupal 8 is install the Backup and Migrate module. After you create your first backup, you should schedule automatic backups just in case anything goes wrong (for example, the Archive_Tar vulnerability reported in December, 2019) or need to update Drupal core. Schedule Read More >

Your Drupal 8 security posture should include up-to-date backups. cPanel backups and snapshots are great for full server backups. However, a module to backup only website data can save a lot of time when you need migrate or update Drupal. Below we cover how to install the Backup and Migrate Drupal module and create a Read More >

The Feature-Policy HTTP header specifies what browser features can be used on a website and its <iframe> elements. The most common browser features among a long list are autoplay (for videos), camera, fullscreen, and microphone. Below we’ll cover how to install the Security Kit module in Drupal 8 and enable Feature Policy. Get high performance Read More >

The X-Frame-Options HTTP header specifies whether your Drupal website can be displayed within other websites with the <frame>, <iframe>, <object>, or <embed> HTML tags. This improves Drupal security against clickjacking and related cyber attacks. Below we’ll cover how to install the Security Kit module and enable X-Frames-Options. Mozilla recommends using the superseding Content Security Policy Read More >

Adding HSTS (HTTP Strict Transport Security) in Drupal 8 forces web browsers to only load your website with a valid SSL certificate. This improves Drupal security against downgrade attacks and similar man-in-the-middle (MITM) attacks. HSTS is similar to a HTTP to HTTPS redirect but within the browser. Below we’ll cover how to install the Security Read More >

The Content-Security-Policy Drupal module helps you configure a Header set Content-Security-Policy header to specify what sources your website should load scripts from – (e.g. your own website, embedded YouTube video, and analytics trackers). This forces supporting web browsers to ignore other external requests to mitigate cross-site scripting (XSS) and other code injection attacks. There are Read More >