Drupal Tutorial Series: Basic Security Configuration
After you have installed Drupal and created first user account (will considered as administrator/super admin by drupal system) then you have to configure few things.
Click on the menu item that says "Administer", its on your left sidebar. That will lead you the the Drupal admin screen. You will find some menus: Administrer, Content management, Site building, Site configuration, User management, Reports and Help.
There are some basic security configuration you should to know before you create content and publish your site to the world.
1. Home -- Administrer -- User management -- User settings
By default drupal site will choose "Visitors can create accounts and no administrator approval is required." for you. Change
it to "Only site administrators can create new user accounts."
2. Home -- Administrer -- Site configuration -- Input formats
Make sure your default input format is not Full HTML.
3. Home -- Administrer -- Administrer
If you find this message:
"There are security updates available for one or more of your modules or themes. To ensure the security of your server, you should update immediately! See the available updates page for more information."
Then you have to update your modules or themes immediately. Click the available updates link to see the report.
4. Home -- Administrer -- Administrer -- By module Tab
This page shows you all available administration tasks for each module. Click Configure permission in each module and make sure you are controlling what users can do on your site. By default drupal define two users, anonymous user and authenticated user. Control their permission in this section.
5. Do not install modules that not found in drupal.org