mwidner
commented
7 years ago Generally, we've considered security already. If you're running it over SSL and keep up to date with our latest releases, then you should be covered. You can always harden the server it's running on by closing unused ports and things like fail2ban, as you mention, but those are external to Lacuna itself.
That said, if you want to add any other security-based modules, they'll probably work fine.
Is there some security (RECOMMENDED) settings that I can use on my lacuna site (currently running on a virtual Ubuntu host)? I enabled SSL on the site, but I want to know any other settings, (i.e password length settings, possibly use fail2ban to disable ssh brute force..) Are there any security settings specific to Lacuna(or drupal) that someone could recommend? I have quite a few users on my Lacunasite (close to 50)..so I was tasked with looking at security settings for the site in general. thank you