Thanks to Drupal 8 for adopting Twig as its templating engine. With Twig, you won't need any additional filtering and escaping of the input, as it will be cleaned up automatically. Also, because Twig implements a separate layer between logic and presentation, there is no way to run SQL queries or abuse the topic layer. With Drupal 8 following Drupal security best practices, it now only allows filtered HTML.

Choose your Drupal modules wisely Before installing a module, make sure to see how active it is. Are module developers active enough? Do they release Drupal security updates frequently? Have you downloaded it before or are you the first scapegoat? You will find all the mentioned details at the bottom of the module download page.

This could be great if hackers were trying to enter random usernames just to find out what really worked. This module enables security in Drupal and prevents such attacks by changing the standard error message. Content Access – As the name suggests, this module allows you to have more detailed access control over your content. Each content type can be specified with custom view, edit, or delete permissions. You can manage permissions for content types by role and author.

