Security lock in center surrounded by Drupal logo and WordPress logo.

Whether you’re using Drupal or WordPress to drive your website, security should be a top priority. We adopt a devsecops approach when we develop a website. At every level of the process, we strive to implement security. Drupal and WordPress offer a multitude of modules and plugins to help you ensure a safe site. A smart user wants to know the website their exploring is safe and that their privacy is protected. Search engines have even made this a deciding factor in SERP rankings. This gives web owners incentive to adopt cybersecurity with SSL certificates and GDPR requirements. But, you can go the extra mile by adding these modules and plugins to your site for added security. And, of course, Sevaa Group is always here to help you get started.


WordPress Plugins

Sucuri Security

The Sucuri Security plugin is one we use often for WordPress sites. The plugin uses blacklist engines like Google Safe Browsing, Sucuri Labs, and Norton, to audit your website for security weak points. If a threat is detected, you’ll recieve an email that you can forward to your maintenance team. In addition, the plugin also includes features such as:

  • Activity auditing
  • File integrity monitoring
  • Malware scanning
  • Blacklist monitoring
  • Website firewall



SecuPress has a lot to offer out of the box. The free version of SecuPress includes features such as anti-brute force login, blocked IPs, and firewall, as well as security key protection and blocked visits from bad bots. This plugin boasts an easy to use interface that any web owner can understand from the onset. In addition, you’ll recieve notifcations if anything seems suspicious during weekly scans.

In fact, SecuPress’s scanner has the ability to automatically fix any issues that arise. With each scan, the plugin gives you a security grade that you can share with the team.

With the pro version of SecuPress, you get all of the features of the free version as well as:

  • Database and file backups
  • The ability to force correct login and password
  • Antispam
  • Two-factor authentication
  • Notifications if a vulnerable theme or plugin is detected
  • PHP malware scan
  • PDF reports
  • Priorty support
  • And more!

Google Authenticator

The Google Authenticator plugin integrates with your login plugin to add an extra layer of security. When a user logs in, the plugin will send a notification to the user’s phone with a QR code or a security question. So if hackers get through the login, they’ll also have to go through Google Authenticator to get into your site. With the free version of this plugin, you’ll have access to features including:

  • Two Factor Authentication for 1 user
  • Authentication options such as push notifications, security questions, and QR code
  • Language translation support

The free version will definitely get the job done, but if you wish to pile on the security, there are various add-ons to try:

  • Remember Device
  • Set Device Limit for users to login
  • Customize UI, email, icons, etc.
  • User option to turn two factor authentication on and off


Drupal Modules

Security Kit

If you’re using Drupal as your CMS, Security Kit as all the bells and whistles to harden your website. However, Drupal isn’t as familiar as WordPress to most. This plugin protects your site from various threats including:

  • Cross-site Scripting: This is a type of vulnerability that allows attackers to implement client-side scripts into web pages viewed by other users. This vulnerabililty acts as a way for attackers to bypass access controls and affects the trust that a user has for a site.
  • Cross-site Request Forgery: This vulnerability allows attachers to transfer unauthorized commands from a trusted user. Attackers do this through image tags, hidden forms, and JavaScript XML HTTP requests. This vulnerability affects the trust a site has for a particular user’s browser.
  • Clickjacking: This attack is especially malicious, as hackers conceal hyperlinks behind clickable content in order to manipulate a user’s activity.


Password Policy

This module is a little less technical and allows web owners to apply password constraints so that each user must fulfill specific parameters to have a valid password. For example, you may set a parameter that users must have atleast two uppercase letters in their password to create an account. With the Drupal 8 version of this modules, each constraint comes as a submodule. These constraints allow you to set parameters for aspects like:

  • Character types
  • Digits
  • Letters
  • Length
  • Uppercase
  • Lowercase
  • Punctuation

Web owners also have the ability to set a password expiration date. This way, users must change their password routinely.



There’s nothing more annoying than deleting multiple spam emails that made it to your inbox. With the SpamSpan module, you can protect your users from such annoyance. The module hides your users’s email address to prevent spambots from collecting them. Most email obfuscators use JavaScript to hide addresses. However, JavaScript must be enabled, and this isn’t always doable for those with screen readers. SpamSpan creates clickable links when JavaScript is enabled and creates a dummy email address if the browser does not support JavaScript.

Whether you’re using WordPress, Drupal, or some other CMS, you should ensure that your users’ information is safe. Users are hyperaware of the websites they explore and how safe they are. 2018 has seen a growing concern for digital privacy and users and search engines alike are taking measures to promote cybersecurity. You can help the cause by starting with your own website. Whether you need us to implement a module or add an SSL certificate, Sevaa Group can help you stay safe!

Free consultation to discover your best-fit solution.