Drupal Security

Security is of the utmost concern for every website owner. If your website has ever been hacked, then you know just how disastrous a security compromise can be to the health of your online reputation, customer trust, brand integrity, and revenue.

Commercial Progression's DrupalCare Drupal support and maintenance products focus on PRO-ACTIVE Drupal support. Reactionary support policies can diagnose and fix a security issue after a breach, but in many cases this is already too late and the damage has been done. With a proactive Drupal support stance, your website is updated before there is a problem.

Open Source Security

Like any Open Source software project, Drupal has regular security updates contributed from a worldwide community of developers, programmers, and security professionals. Keeping pace and being an active member of this community is key to staying on top of security concerns before they become public knowledge. Our Drupal developers maintain robust communications with the Drupal Security Team and participate regularly in testing new security patches. By the time the rest of the world has been informed of a Drupal security issue, our team has already applied the patches and prevented any malicious activity.

Drupal Security Services

  • DrupalCare PRO-ACTIVE Drupal Support
  • Full Web Security Audit
  • Web Server / Hosting Security Audit
  • Drupal Security Audit
  • Drupal Security Review
  • Drupal Code Reviews
  • Database Security Audit
  • Comprehensive Website Security Hardening
  • Security Vulnerability Identification and Removal
  • Recurring Website Audits
  • Security Standards Review for HIPAA, PCI DSS, FISMA, STIG, and Others
  • User Training and Security Education
  • Drupal Security Updates
  • Managed Security Updates
  • Drupal Core Updates
  • Drupal Contrib Module Updates
  • Drupal 6 Security
  • Drupal 7 Security
  • Drupal 8 Security
  • Drupal Upgrades and Migrations

Recent Drupal Security Notices


Advisory ID: DRUPAL-SA-CONTRIB-2016-040

Project: RESTful Web Services (third-party module)

Version: 7.x

Date: 2016-July-13

Security risk: 22/25 (Highly Critical) AC:None/A:None/CI:All/II:All/E:Theoretical/TD:All

Vulnerability: Arbitrary PHP code execution


Advisory ID: DRUPAL-SA-CONTRIB-2016-039

Project: Coder (third-party module)

Version: 7.x

Date: 2016-July-13

Security risk: 20/25 (Highly Critical) AC:Basic/A:None/CI:All/II:All/E:Theoretical/TD:All

Vulnerability: Arbitrary PHP code execution


Free Download, 10 Step Drupal Security Audit Guide