Drupal — Security
Brute force, integrity changes, privilege escalation — attack patterns and audit signals.
Drupal administrator role granted — detecting privilege escalation with per-user suppression
A user account that yesterday could only edit their own articles can now install modules, drop the users table from /admin/config/development/devel/php, and rev…
Read guide →
Drupal failed login attempts — brute force detection on /user/login
You opened your Drupal site this morning and the admin dashboard was sluggish. The watchdog log scrolled past with hundreds of entries you did not write. PHP-FP…
Read guide →
Drupal REST/JSON:API write operations from unexpected sources — detecting compromised API keys
A new node appears on the homepage you did not author. A user account you do not recognise shows up in admin/people with the role administrator.…
Read guide →
Drupal settings.php or services.yml was modified — who changed it and when
You logged in this morning and something is off. Maybe Drupal is suddenly running in a different database. Maybe the trusted host check is bypassed.…
Read guide →
Drupal theme switched unexpectedly — deployment marker, mistake, or compromise
You load the homepage and the site looks wrong. The header is in the wrong place. Custom branding is gone. The colours have reverted to a default palette.…
Read guide →
Drupal user.role_changed — detecting privilege escalation
You log into your Drupal site and notice an account you don't recognise sitting in the administrator role. Or worse: an account you do recognise — an old editor…
Read guide →
