Code, configuration and best practices.

Drupal security overview


Ensure your Drupal website has been design, built and delivered with security in mind.


Engage a team who takes security seriously and understands the security landscape at each level of the stack.


A website which has been build with security in mind, hosted on a secure platform and is regularly monitored and maintained.

Drupal security

Websites can be compromised on a number of levels. It is important to be aware of the threats at every level and to put into place practices which will mitigate the risks as far as reasonably possible. Moprht takes a number of steps to ensure that the sites it builds remain secure as far as possible.

Team knowledge: The development team is aware of their responsibilities around data privacy and  security of user data as well as the confidentiality around client knowhow and data.

Secure code: The development team is trained in best practices round writing Drupal code in a secure manner and avoiding common mistakes around the sanitization and handling of data.

Strong passwords: We enforce strong passwords and TFA for user accounts and ensure that site credentials are not shared between developers for production machines.

Data sanitization: Our standard practice is to ensure that sensitive or private data does not reach developer machines. This is done through a sanitizing user data before it is exported from production systems.

Secrets: Secrets such as API keys and other sensitive data are not stored in the database or repository. We ensure that they are stored as either environment variables or in private files so that they are out of the reach of develoeprs, as well as hackers.

Platform security: Morpht works with reputable platofrm providers such as Pantheon, Acquia and GovCMS who take security seriously and have measures in place at the platform level to ensure the security of their systems.

Secure applications: We harden our websites with a number of best practices approaches. Our sites are able to pass penetration tests conducted by third parties.

Regular site maintenance: Drupal is constantly being updated and scurity holes fixed. We monitor the security alerts coming through and proactively fix sites when they are covered by one of our support and maintenance plans.

Police checks and baseline clearance: All of our staff members must undertake a Federal Police check before commencing work on any of our projects. Many of our Australian team have attained baseline security clearance to work on Federal Government projects.

We take security seriously at Morpht and take steps to ensure that your data and user information is treated with the respect it deserves.


Speak to an expert

We would love to hear about your project and what you have in mind.
Book an appointment with a Drupal expert to see how Morpht can help.

Make an appointment

Get the latest news from Morpht