Backdrop CMS is a PHP CMS with contributed modules and themes. Hardening should prioritize module update discipline, admin route protection, and trusted host/database settings.
¶ 1) Protect secrets and administrative access
- restrict administrative access through reverse proxy allowlists and MFA at IdP layer
- keep settings.php outside writable web paths and permission it read-only for web user
¶ 2) Control extensions and update cadence
- apply Backdrop core and contributed module updates on a fixed patch window
- remove unmaintained modules and themes from production codebase
¶ 3) Harden runtime and deployment perimeter
- enforce HTTPS and secure session cookies at web server level
- review role permissions so only editors with need get layout and module privileges
- Backdrop project: https://backdropcms.org/
- Backdrop source: https://github.com/backdrop/backdrop
Any questions?
Feel free to contact us. Find all contact information on our contact page.