Drupal Security Updates
Drupal is constantly being updated to fix vulnerabilities. Staying updated with the latest version of Drupal helps prevent websites from being targeted. You can stay in the know by regularly monitoring Drupal’s Security Advisories. In addition, there are several security-related contributed modules that can help. Other best practices include code review or getting a Drupal security audit from a 3rd party.
These security headers can be added to Drupal website to improve pages security rating. Tested on Pantheon.
A generic example, adjust per site requirements:
Need expert help with Drupal?
Ban Bad Bots/IPs/User Agent/Country
If a site's DNS is on Cloudflare, it is already filtering bad bots. To ban IP and User Agent, under Firewall > Firewall Rules
- Add "Known Bots" equals On > Allow, to avoid accidentally block good bots if using any of the following
- To ban by IP, add "IP Address" to bank
- To ban by User Agent, add "User Agent" firewall rule
- To ban by Country, add "Country" firewall rule
Pantheon/Acquia using settings.php