Drupal and Security - How Secure is the Popular CMF?
If you are having second thoughts about Drupal just because it is open source, don’t. The popular content management framework (CMF) has been proven to be just as reliable as its proprietary counterparts, if not even more so. Though many people view open source solutions as inferior in terms of reliability, functionality and security, platforms such as Drupal have proved that open source can rival the most expensive proprietary systems. Here is why:
-
It’s designed to be secure. Even more, security is the priority! The CMF is thus very well equipped against all critical security vulnerabilities by default.
-
It’s continuously reviewed and analysed for security issues. Drupal is used by over 1 million websites. As a result, it is continuously reviewed and analysed for security issues and vulnerabilities by both experts and enthusiasts.
-
Security is further strengthened by the Drupal Security Team. Consisting of about 40 security experts from around the world, the Drupal Security Team continuously works on improving the CMF’s security. The Team responds to concerns and issues reported by the Drupal community but it also works on preventing the issues from arising in the first place. Likewise, experts from the Drupal Security Team provide advice and guidance on the best practises both online and offline.
-
Security can be upgraded by a host of modules and features. Even though the Drupal core is perfectly secure as such, there are a number of modules and features that make the CMF even more secure, for example by additionally protecting passwords, login, encryption, etc.
-
There are easy-to-follow guidelines on how to create secure configuration, code, etc. These very useful guidelines are provided by a number of official and unofficial sites as well as the Drupal Security Team and Drupal community-organised conferences, seminars, webinars, etc. helping users and developers reduce the risk of security vulnerabilities to the minimum.
-
It’s proven to work. Drupal is used to run a variety of websites which include highly reputable organisations, corporations, media and even governments. The CMF even powers the official website of the White House. Do you really think the Cabinet of the U.S. President would use Drupal if it weren’t secure?
As you can see, you are quite secure with Drupal. Nevertheless, you are advised to subscribe to the Drupal security mailing list in order to be informed about the latest security-related news, recommendations and updates.