Essential Drupal security modules

We, at Drop Guard, are extremely concerned about all things Drupal security. Security is not something that can be taken for granted after ordering a security review, or passing through a "security checklist", or even after switching to Drop Guard for updates handling. We should always remember that security is a continuous process, and it consists of numerous bits and pieces requiring your attention all the time.

Luckily enough, Drupal is a highly modular system, and instead of reinventing the wheel we can take advantage of the existing and battle tested solutions which are aimed at helping us with ensuring the continuous security for our applications.

We've collected the essential security-related modules in our view, and split them into two categories - passive (designed to monitor and provide information) and proactive (designed to take action or make changes to application configuration to ensure stronger security).

Drop Guard response about insecure update process


6 January 2016 was a memorable day for the Drupal community. Probably for the first time since the Drupalgeddon a vulnerability with potential to affect millions of websites was discovered. The report on the insecure Drupal update process, published by IOActive, got immediate traction and responses from Acquia, Drupal Security Team and major players in the community.

90 sec interview with Sven Culley - Maintaining Drupal sites responsibly

Sven Culley is a professional Drupal expert in Germany. He provides Drupal development and maintenance services for his clients. Sven takes a huge responsibility for every site as he needs to care about security, updates and hassle-free operation. Sven will tell us in this short interview, how he organized his work between development and maintenance tasks and how he wins the trust of his clients.

Spot on Sven Culley

Sven, we want to know how you run your Drupal business and provide maintenance services to your clients. Your answers will be used to present your reliable drupal shop in our Drop Guard Blog and to show others how you care about your client's site security.

When and why did you join the Drupal community?

UPDATED Sneak Peek: Drop Guard's revamped project creation process

We are working tirelessly to make Drop Guard better, faster and more friendly for developer. In this blog post we present you a "sneak peek" of our revamped project creation process, with this end in mind to please you with greater usability for getting started with your project in Drop Guard!

So let's get more detailed: the creation process will be split into 3 independent configuration screens.

Before this first modification, our users had to go through all the steps of the project creation wizard at once. Oh my, that was awful. Now the process is much simpler by allowing to save the project just after entering it's title, connecting to the Git repository and setting up a few very basic settings.

Drop Guard celebrates full Drupal 8 support

Drop Guard - your service for automated Drupal updates, just announced its full support of Drupal 8. This includes the Drop Guard service, client module and our friendly support, of course!
In case you’re up and running with latest and greatest Drupal release (or if you're just a Drupal and Drop Guard enthusiast), you'll enjoy this update support for your D8 projects.

You'll find a very short survey below. Your participation will help us to keep on rocking our Drop Guard optimization, so thank you very much in advance!

Drupal Security Expert Interview - David Snopek about site security

David Snopek makes our "Drupal Security Expert Interview" series round! He is a founder of and a long-time Drupal developer and community member. Among other things, he co-maintains the Panopoly distribution, is a member of the Drupal security team, and co-organizes the local Drupal meetup group in Milwaukee, WI. Enjoy his expert estimation below!


Drupal Security Expert Interview - Meet Mike Gifford!

In this second interview of the "Drupal Security Expert" series we're pleased to welcome Mike Gifford. Mike is the president of OpenConcept Consulting Inc, a Canadian Benefit Corporation that specializes in open-source web development and hosting. He is a Drupal 8 Accessibility Maintainer and also passionate about security and privacy. He is the author of the Drupal Security Best Practices - a practical guide which summarizes many of the ways to tighten the security of your Drupal site, which is available for free -


Drupal Security Expert Interview - focus on Greg Knaddison!

Greg Knaddison is a longtime member of the Drupal Security Team and was the Team Lead for two years. He currently leads the engineering team at, a mobile alternative to traditional branch banks. In 2008, Greg published Cracking Drupal, the only book to cover the topic of Securing Drupal Sites. In the interview below he reveals his security expert assessment of current questions about Drupal 8 - get secure!


Automation is the key to support SLAs

If you want to grow recurring revenue by providing SLAs for your Drupal projects, automation is THE key to offering a reliable response time. Of course, you could build a dedicated 24/7 support team, but the cost will be exorbitant. There are many tools out there for digitizing your support and automating some of the processes.

Automation will save you resources and simultaneously prevent mistakes. Nevertheless, at some points along the support process, there should be people in contact with your client. Support is also a kind of marketing that you get paid for! That's why a well-defined support concept is the key to success.

How to sell Drupal support with value

Selling support is not so easy. Mostly you end up with agreements such as getting paid only if there’s a support request. If you want to provide reliable support with a well-defined response time, you need to allocate resources constantly, and that's why you need to get paid separately for the response time. The value for your customer is clearly that an experienced user, who also knows details of the project, is available whenever he or she is needed. A support contract with a well-defined response time keeps at least some of the project team members available, so the knowledge doesn’t get away.