Drupal defense in depth — a comprehensive guide for securing Drupal, even after End-of-Life Drupal is an open source content management system (CMS). Like most open source CMSs, and open source software in general, the responsibility lies with the site owner to patch and/or upgrade the software. When Drupal versions become End-of-Life, the software is no longer supported. There are many risks and challenges this represents, with the biggest risk being security . For example, Drupal 7 and 9 will be End-of-Life on 1 November 2023. This means no more security updates will be developed. If the site remains on these versions after this date, the chances of being hacked by a cybersecurity attack considerably increases, potentially risking costly reputational damage to the brand.PubDate