Skip to main content

Drupal Security Updates

Reading time: 2 minutes
Drupal logo

Drupal is constantly being updated to fix vulnerabilities. Staying updated with the latest version of Drupal helps prevent websites from being targeted. You can stay in the know by regularly monitoring Drupal’s Security Advisories. In addition, there are several security-related contributed modules that can help. Other best practices include code review or getting a Drupal security audit from a 3rd party.

Security Headers

These security headers can be added to Drupal website to improve pages security rating. Tested on Pantheon.

A generic example, adjust per site requirements:

Ban Bad Bots/IPs/User Agent/Country


If a site's DNS is on Cloudflare, it is already filtering bad bots. To ban IP and User Agent, under Firewall > Firewall Rules

  • Add "Known Bots" equals On > Allow, to avoid accidentally block good bots if using any of the following
  • To ban by IP, add "IP Address" to bank
  • To ban by User Agent, add "User Agent" firewall rule
  • To ban by Country, add "Country" firewall rule
Pantheon/Acquia using settings.php

Refer to

About CK Ng

Chin Kiong "CK" has decades of Drupal development experience and has contributed hundreds of code commits to the Drupal community. He possesses a wild, insatiable talent and drive to solve even the most difficult technical problems in a wide range of technologies, and he brings excellence and elegance in his high-level architectural solutions as well as invaluable direction and advice. He has served as the lead architect for a number of high-profile clients and projects, including The Juilliard School, the University of Minnesota, Cornell, HelpSystems, and Estée Lauder. CK is a full-stack...
Read Full Bio

Improve Your Knowledge of Strategic Digital Marketing, Web Design, and Marketing Automation.

  • Email Advice Every Month
  • Info on Our Event Series For Marketing Leaders
  • Free Ebook On The Perfect Digital Marketing Team Structure
  • Support For Marketing Teams


You can follow all of our posts by subscribing to our RSS feed or signing up for our email newsletter above. We also share updates about our content regularly on Facebook, LinkedIn, Twitter, and YouTube.


We have a podcast for marketing leaders called the Digital Marketing Team Huddle that covers topics on digital strategy, web design, and marketing automation.


Offering social bonding, professional networking, and successful case studies, Marketing Leaders Connect (MLC) is the place to connect with professionals like yourself and solve complex marketing challenges together.


O8 is a different kind of agency, offering Fractional Marketing Services, including expert Digital Strategy, Web Design, and Marketing Automation. We understand that digital marketing gets harder each day, which is why we help marketing teams become more efficient, productive, and healthy. Here’s more information about why you might consider working with us.