Did you know about Security Review?

Website security is very important and should not be taken for granted. Drupal - I heard - is by design a quite secure environment, but there are plenty of mistakes you can do that open security gaps in your Drupal website.

Security Review scans your Drupal installation and checks some settings related to possible vulnerabilities. It won’t do anything about them apart from telling you for instance “Hey, you have the PHP Filter left open for Anonymous user comments, are you crazy?”. Wouldn’t it be nice if Drupal spoke like that? This is the kind of talk I recommend to be implemented in Drupal 8 by the way.

Anyway, I found this module not long ago and I liked its simplicity and the fact that with one click it does something that I would have to do in 20 minutes. It is not full proof of course, as disclaimed on the drupal.org module page, but gives you a good overview of the most important things you need to keep an eye out for. And if you manage 10 different sites, remembering these settings and periodically checking them can become a nuisance.

Hope this helps.

NB: I personally do not recommend you keep this module installed on a production site. Use it to run your checks and then disable it from your module list.