How to set secure permissions at a Drupal 7 website
Drupal 7 comes with complex permissions. I would like to make sure that the permissions are always setup correct. I also remember that I used in the past a module to block the permissions module to get modified by hackers. What's the best practice to handle with the site's permissions?
Security Review module to find out security errors
The Security Review is a module which lets you automate hardening many of the common mistakes. These common mistakes may make your site insecure. With many other parameters, it checks access control, secure file system permission, massive database errors. Sometimes it may site you false reports. Check issue of the module to prevent being fouled by it.