DRUPAL WEBSITE SECURITY PRO SETUP GUIDE

Drupal Website Security - Secure Login / Network Security – This module provides login security, registration security, brute force attack prevention, IP monitoring and IP blacklisting, Rate Limiting (DOS attack prevention) , strong password enforcement, Bot Blocking etc. We provide you enterprise-level security, protecting your Drupal site from hackers and malware, you can download module from here.

If you have any queries or if you need any sort of assistance in configuring the module, you can contact us at drupalsupport@xecurify.com. If you want, we can also schedule an online meeting to help you configure the Drupal Website Security Pro module.

1. Setup miniOrange Website Security Pro module

• Login in your Drupal site’s admin console and click on Extend from the top navigation bar.
• Select the Install new module option to install a new module on your Drupal site.

• Upload the downloaded zip file of the Module and click on the Install button to continue.

• Select Enable newly added modules.

• Scroll down till you find miniOrange Website Security. Click on the checkbox next to it and click on the Install button to enable the module.

• Click on Configuration from the top navigation bar and Select Website Security Configuration.


2. Configure miniOrange Website Security module.

2.1 Brute Force Protection from an IP

• Brute Force Protection protects your site from attacks in which the hacker tries to gain access to a site by using multiple random usernames and passwords in an attempt to login to your Drupal site.

Steps to Enable Brute Force Protection: IP Based Restriction

• To activate, check “Enable Brute Force Protection”

• Set the following configurable fields : -
• Track time to check for security violations : - The time period for which the request is monitored in a cycle.
• Number of login failures before blocking an IP : - The number of login attempts after which the IP is blocked.
• Time period for which IP should be blocked.
• Number of login failures before detecting an attack : - The number of login attempts after which the login attempt is detected as attack.
• Click on “Save IP Configurations” button to save the configuration.

2.2 Brute Force Protection from a User

p >Brute Force Protection protects your site from attacks in which the hacker tries to gain access to a site by using random usernames and passwords and attempting to login repeatedly.

Do the following steps to enable Brute Force Protection from a User : -

• To activate, check “Enable Brute Force Protection”.

• Set the following configurable fields : -
• Track time to check for security violations : - The time period for which the request is monitored in a cycle.
• Number of login failures before blocking a User : - The number of login attempts after which the IP is blocked.
• Time period for which User should be blocked
• Number of login failures before detecting an attack : - The number of login attempts after which the login attempt is detected as attack.
• Show remaining login attempts to user : - Check this checkbox to show remaining login attempts to the user at the login page.
• Click on “Save User Configurations” button to save the configuration.

2.3 IP Blocking

1. Manual Block IP’s

• This feature allows you to block individual IP addresses.
• Check the “Enable IP Blocking” checkbox to enable this feature.



Note: - Enter semicolon(;) separated IP addresses.

• Click on the “Save” button to save the configuration.

2. Whitelist IP’s

• IP whitelisting allows you to create lists of trusted IP addresses or IP ranges from which your users can access your domains.
• Check the “Enable IP Whitelisting” checkbox to enable this feature.


Note: - Enter semicolon(;) separated IP addresses.



• Check the “Enable User whitelisting if IP is whitelisted” to restrict user blocking if the corresponding IP is whitelisted.

2.4 Bot Blocking

This feature monitors the traffic coming to the website, when a bot is detected the request of the bot is blocked so that I could not harvest the website content.


• Check the “Enable Bot Blocking” to enable this feature.
• Click on the “Save” button to save the configuration.

2.5 Rate limiting (DOS Protection)

Rate limiting is a strategy for limiting the network traffic. It puts a cap on how often someone can visit the website within a certain timeframe.

• Check the “Enable Rate Limiting (DOS Protection)” checkbox to enable rate limiting.
• Enter the number of requests per minute you want to allow to a user.
• Select the action you want to take after the limit is exceeded.
• Click on the “Save” button to save the configuration.

After exceeding the limit certain actions are taken :-

• Throttle IP :- It restricts the request to access the website for a certain time period e.g. 60 seconds.
• Block IP :- It blocks the IP so that the request from the same IP could not access the website any further. The admin can remove the entry of a blocked IP to allow access to the website.

2.6 Notification on Email

This feature enables administrators to receive email notifications related to IP or user being blocked or any attempt of attack made by any IP or user.



Note: - Enter semicolon(;) separated email-ids. Also, you need to configure SMTP on your website in order to receive email notifications.

• Click on the “Save” button to save the configuration.



2.7 Report

• This feature displays reports related to login Transactions and Error Report.

24*7 Active Support

If you face any issues or if you have any questions, please feel free to reach out to us at drupalsupport@xecurify.com. In case you want some additional features to be included in the module, please get in touch with us, and we can get that custom-made for you. Also, If you want, we can also schedule an online meeting to help you configure the Drupal Website Security Pro module.

Our Other modules