security - Pixelite

Bots, scrapers, and proxies: defending Drupal sites in an automated internet

Bots are over half of web traffic. Here is the layered defence I use to keep Drupal sites running - companion to my DrupalSouth Wellington 2026 talk.

JSON Formatter started injecting ads. Chrome extensions are a supply chain risk. I built my own replacement in under an hour with Claude.

This blog post helps to summarise some of the default rules I will deploy to every Drupal (7 or 8) site as a base line.

You should do this yesterday

SQL injection and Drupal and how to avoid it

Why and how you should add CloudFlare to your site.