Raising The Security Bar with Guardr


With Drupal being used for building websites and applications in government, non-profits, and corporate enterprises, it has become important to make sure that production projects follow mandated security controls. Guardr is a distribution that will kickstart your project with community selected and supported modules and configurations to strengthen Drupal security.

Guardr maintainers have worked with the security departments of corporations, U.S. banks, and the U.S. Federal Government, combining security standards to not only pick out some great hardening modules, but also to configure them during install with hardened settings. Why download and configure individual modules when Guardr can do the heavy-lifting for you?

Session attendees will learn about Guardr's philosophy, features, and how to start new projects with Guardr. Let's raise the bar on Drupal security with a more streamlined approach.

Guardr logo

Session Outline

  • What is Guarder?
    • The Guardr philosophy and how modules are selected for inclusion
    • What to expect when Guardr is installed
  • Why use Guardr?
    • CIA information security triad
    • How Guardr goes beyond just including security related modules
  • Security features in Guardr:
    • Automatically logout users after a specified period of time
    • Session limits
    • Monitoring server disk utilization
    • Data encryption options
    • Set password policies
    • Reset all user passwords
    • Monitor for hacked modules
    • Extended logging of logins
    • Content Security Policy modifications
    • SSL/TLS, clickjacking, user enumeration, cross-site request forgery, and cross-site scripting protection enhancements
  • Demonstrations
  • How to get involved and contribute


Session Track

Site Building

Experience Level


Drupal Version

When & Where

Thursday, 27 April, 2017 - 14:15 to 15:15
308 - Pantheon