Search Results :

×

DRUPAL WEBSITE SECURITY PRO SETUP GUIDE


Drupal Website Security - Secure Login / Network Security – This module provides login security, registration security, brute force attack prevention, IP monitoring and IP blacklisting, Rate Limiting (DOS attack prevention) , strong password enforcement, Bot Blocking etc. We provide you enterprise-level security, protecting your Drupal site from hackers and malware, you can download module from here.

If you have any queries or if you need any sort of assistance in configuring the module, you can contact us at drupalsupport@xecurify.com. If you want, we can also schedule an online meeting to help you configure the Drupal Website Security Pro module.

1. Setup miniOrange Website Security Pro module

  • Login in your Drupal site’s admin console and click on Extend from the top navigation bar.
  • Select the Install new module option to install a new module on your Drupal site.
  • Drupal OAuth Client module - Install module
  • Upload the downloaded zip file of the Module and click on the Install button to continue.
  • Drupal Web security module - Upload zip file
  • Select Enable newly added modules.
  • Drupal Web security module - install the module
  • Scroll down till you find miniOrange Website Security. Click on the checkbox next to it and click on the Install button to enable the module.
  • Drupal Web security module - Enable module
  • Click on Configuration from the top navigation bar and Select Website Security Configuration.
  • Drupal web security - select website security pro configuration

    2. Configure miniOrange Website Security module.

    2.1 Brute Force Protection from an IP

    • Brute Force Protection protects your site from attacks in which the hacker tries to gain access to a site by using multiple random usernames and passwords in an attempt to login to your Drupal site.
    • Steps to Enable Brute Force Protection: IP Based Restriction

    • To activate, check “Enable Brute Force Protection”
    • drupal web security pro brust force IP
    • Set the following configurable fields : -
    • Track time to check for security violations : - The time period for which the request is monitored in a cycle.
    • Number of login failures before blocking an IP : - The number of login attempts after which the IP is blocked.
    • Time period for which IP should be blocked.
    • Number of login failures before detecting an attack : - The number of login attempts after which the login attempt is detected as attack.
    • Click on “Save IP Configurations” button to save the configuration.
    • web security pro enable brust protection ip

    2.2 Brute Force Protection from a User

      p >Brute Force Protection protects your site from attacks in which the hacker tries to gain access to a site by using random usernames and passwords and attempting to login repeatedly.

      Do the following steps to enable Brute Force Protection from a User : -

    • To activate, check “Enable Brute Force Protection”.
    • drupal web security pro brust IP
    • Set the following configurable fields : -
    • Track time to check for security violations : - The time period for which the request is monitored in a cycle.
    • Number of login failures before blocking a User : - The number of login attempts after which the IP is blocked.
    • Time period for which User should be blocked
    • Number of login failures before detecting an attack : - The number of login attempts after which the login attempt is detected as attack.
    • Show remaining login attempts to user : - Check this checkbox to show remaining login attempts to the user at the login page.
    • Click on “Save User Configurations” button to save the configuration.
    • Drupal web security pro save user configuration

    2.3 IP Blocking

      1. Manual Block IP’s
    • This feature allows you to block individual IP addresses.
    • Check the “Enable IP Blocking” checkbox to enable this feature.
    • drupal web security pro manual idp

      Note: - Enter semicolon(;) separated IP addresses.

    • Click on the “Save” button to save the configuration.
    • 2. Whitelist IP’s
    • IP whitelisting allows you to create lists of trusted IP addresses or IP ranges from which your users can access your domains.
    • Check the “Enable IP Whitelisting” checkbox to enable this feature.
    • drupal web security pro whitelist ip blocks

      Note: - Enter semicolon(;) separated IP addresses.


    • Check the “Enable User whitelisting if IP is whitelisted” to restrict user blocking if the corresponding IP is whitelisted.

    2.4 Bot Blocking

      This feature monitors the traffic coming to the website, when a bot is detected the request of the bot is blocked so that I could not harvest the website content.

      drupal web security pro bot blocking
    • Check the “Enable Bot Blocking” to enable this feature.
    • Click on the “Save” button to save the configuration.

    2.5 Rate limiting (DOS Protection)

      Rate limiting is a strategy for limiting the network traffic. It puts a cap on how often someone can visit the website within a certain timeframe.

    • Check the “Enable Rate Limiting (DOS Protection)” checkbox to enable rate limiting.
    • Enter the number of requests per minute you want to allow to a user.
    • Select the action you want to take after the limit is exceeded.
    • Click on the “Save” button to save the configuration.
    • After exceeding the limit certain actions are taken :-

    • Throttle IP :- It restricts the request to access the website for a certain time period e.g. 60 seconds.
    • Block IP :- It blocks the IP so that the request from the same IP could not access the website any further. The admin can remove the entry of a blocked IP to allow access to the website.
    • drupal web security pro limitimg dos protection

    2.6 Notification on Email

      This feature enables administrators to receive email notifications related to IP or user being blocked or any attempt of attack made by any IP or user.

      drupal web security pro notification on email

      Note: - Enter semicolon(;) separated email-ids. Also, you need to configure SMTP on your website in order to receive email notifications.

    • Click on the “Save” button to save the configuration.

    • 2.7 Report

    • This feature displays reports related to login Transactions and Error Report.
    • drupal web security pro report

    24*7 Active Support

    If you face any issues or if you have any questions, please feel free to reach out to us at drupalsupport@xecurify.com. In case you want some additional features to be included in the module, please get in touch with us, and we can get that custom-made for you. Also, If you want, we can also schedule an online meeting to help you configure the Drupal Website Security Pro module.

    Our Other modules

    Hello there!

    Need Help? We are right here!

    support
    Contact miniOrange Support
    success

    Thanks for your inquiry.

    If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com