Suite of Services

Malicious Password Reset Requests on Drupal Sites – It’s still happening!

Erik Cochran

Erik Cochran

Drupal 6 and 7 sites are still being tarred with what appears to be a malicious password reset request. It’s being reported that the majority of the target accounts are using common usernames such as admin, moderator or user.

We’ve seen no reports that a direct security vulnerability is evident, but this is a good time to do some security checks on your website. Obviously, it’s a great idea to change your username to something tougher to guess. But to be sure, we suggest working with your developer to review site settings and evaluate your security protocols.

Here’s a list of some simple tasks that you can perform at least once per month to help keep your site safe.

  • Review authorized users of your site and look for people that have additional roles. 
  • Sort all users by last login date. Use your security protocols to determine if unused accounts should be revoked.
  • Check to see that all email addresses are correct.
  • Be sure usernames are unique rather than common names like admin, etc.

DIY Security Measures

If you see anything that looks strange or unexplainable, consider contacting a Drupal support agency to help you solve possible issues. Or you can try to solve the issues yourself with this set of steps and tips.

If you’re proficient with Drupal, add Captcha or Honeypot on all forms for non-logged-in users and limit name guessing attempts with Flood Control module.

Peace of Mind

Peace of mind is knowing your site is secure and will operate as expected — ensuring a consistent and positive experience for your site visitors. Drupal is open source, and while open source has a tremendous benefit, it also means that security shouldn’t be taken for granted. Your website is your strongest marketing tool and ignoring Drupal security can have catastrophic consequences.

I hope you’ve found this article helpful. Be sure to follow the tips above and have someone experienced in Drupal security review your website.

If you need assistance from a Drupal security expert, Molly Duggan Associates OnDemand Drupal Support is here to help. We’re fast, friendly—and in some instances, local. Please get in touch with us today for a security audit and ensure your website is secure.

What We're Thinking About

When Should You Upgrade From Drupal 7

All good things come to an end — or at least require a software upgrade to the next version. And so it goes with the beloved open-source CMS, Drupal. Drupal version 7 is reaching the end of its life soon. Drupal 9 is the next iteration of the software. If you haven’t upgraded to Drupal 8 it’s a great time to consider upgrading before Drupal 7 officially reaches its end-of-life in November 2023.

How WebOps will fuel business marketing growth in 2023

WebOps is a methodology that combines web development and operations, with a focus on creating and maintaining a website that is optimized for both users and search engines. By leveraging the power of WebOps, marketers can drive significant growth for their business.