I would like us to have a dedicated "Security" admin page and a respective Admin menu item in order to:
- show that we take security seriously
- allow site admins to perform security-related tasks in one single place
- provide a "home" for security-related contrib modules
Ideas for this page include:
- settings for blocking users (failed login attempts, bots etc.) - #1878
- provide a default security.txt file ((https://www.drupal.org/project/securitytxt)), and an easy way to edit that info via the UI. The default, out of the box text should point to contact details for reporting security issues in b.org, but site owners should be able to change that if required by their organization (same as we allow them to edit the maintenance mode message)
- settings for protecting forms from spam (expose honeypot settings etc.) - #1169
- settings for the
trusted_host_patterns
variable - #2568 - settings for the
x_frame_options
variable - #4080 - checkbox to ignore outdated php warning - #3490
- link to our https://backdropcms.org/security page
- database (SSL) connection status - #4945
- enable/disable FLoC - #5103
- a setting to enable better security/privacy on login/password reset forms - #4696
- a setting to use 404s instead of 403s when trying to access user pages without the proper permission #5802
Other ideas:
- A "Security overview" block for the dashboard (#495)
- https://www.drupal.org/project/security_review
- any settings that may be required for #3270
- warning when anonymous users can create accounts (#574)
- expose the image_style_flood_limit
setting introduced in https://github.com/backdrop/backdrop/issues/34 / https://github.com/backdrop/backdrop/pull/635
- ???
Recent comments
The Mail System and MimeMail modules are now installed. I'll let you know if they solve the problem. Thank you Herb
HTML Email treated as plain text
If you haven't already I recommend installing Mail System and MimeMail. The latter will help format emails as HTML and first helps with configuring which module will handle the formatting...
HTML Email treated as plain text
The horrors of cut/paste! Brilliant, thanks.
SQLSTATE[22007]: Invalid datetime format: 1366 Incorrect string value: