Anybody got any top tips on securing Drupal? I don't normally us it, I usually write bespoke Ruby on Rails applications but it seams that Drupal is quite useful in getting a site out there really quickly, and my clients like it so, win win.
I am a little concerned about about popping some application in place that I don't know about and don't really know the technology it employs. I have some knowledge of PHP and a working knowledge of the kind of logical errors that can occur in this type of application. Is there like 10 things to look out for like make sure you install xyz module, this pdf is pretty good. Just stuff like that. I did use google and there is a lot of shit out there, many of it written by white hats with no attention to detail.
Yep, Drupal is fine on the security aspect. When you upload your drupal files, change the 'licence' file and all other files that contain a version number to a known vuln number, this will make any attackers try all the wrong exploits. Drupal isn't very well known or advertised like Wordpress etc, so not many exploits surface for it.