Page 38 - Cyber Warnings
P. 38
Remove Inactive Users
Keeping inactive users on your Drupal site increases your attack surface. Users, especially
Administrators and others who have the ability to modify content, are possibly one of the
weakest points of any site because unfortunately, most users tend to choose weak passwords.
If you absolutely need to keep inactive users in your Drupal database, change their role to
'Authenticated user' in order to limit any actions that could be performed.
Take advantage of Drupal’s status report functionality
A great security feature to take advantage of in Drupal is it’s in-built status report page. Apart
from allowing you to keep tabs on other areas of your Drupal site, the status report page,
provides you with visibility into some important security controls that you should be placing on
your Drupal site — for example, the screenshot below indicates that we need to set-up a list of
Trusted Host Settings to prevent the possibility of a host header attack from occurring.
38 Cyber Warnings E-Magazine – March 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
