Skip to main content

Drupal Security Updates

Reading time: 1 minute
Drupal logo

Drupal is constantly being updated to fix vulnerabilities. Staying updated with the latest version of Drupal helps prevent websites from being targeted. You can stay in the know by regularly monitoring Drupal’s Security Advisories. In addition, there are several security-related contributed modules that can help. Other best practices include code review or getting a Drupal security audit from a 3rd party.

Security Headers

These security headers can be added to Drupal website to improve pages security rating. Tested on Pantheon.

A generic example, adjust per site requirements:

Ban Bad Bots/IPs/User Agent/Country


If a site's DNS is on Cloudflare, it is already filtering bad bots. To ban IP and User Agent, under Firewall > Firewall Rules

  • Add "Known Bots" equals On > Allow, to avoid accidentally block good bots if using any of the following
  • To ban by IP, add "IP Address" to bank
  • To ban by User Agent, add "User Agent" firewall rule
  • To ban by Country, add "Country" firewall rule
Pantheon/Acquia using settings.php

Refer to

About CK Ng

Chin Kiong "CK" has decades of Drupal development experience and has contributed hundreds of code commits to the Drupal community. He possesses a wild, insatiable talent and drive to solve even the most difficult technical problems in a wide range of technologies, and he brings excellence and elegance in his high-level architectural solutions as well as invaluable direction and advice. He has served as the lead architect for a number of high-profile clients and projects, including The Juilliard School, the University of Minnesota, Cornell, HelpSystems, and Estée Lauder. CK is a full-stack...
Read Full Bio


At O8, a global digital agency based in Minneapolis, MN, USA, we specialize in delivering measurable growth on demand for marketing and sales teams. We pride ourselves on our transparency, agility, and deep technical expertise. In a world that's often stressful and chaotic, we offer experienced, actionable guidance to help you achieve your goals. Our approach is professional, clear, and authentic, ensuring you receive customized, data-driven solutions that drive results.