Keeping your Drupal site secure requires diligence - here's what can happen if your site isn't up to date.
Out of the box, Drupal does a good job of providing securely written code. However, Drupal doesn't enforce strong passwords by default which can lead to a scenario that is not too hard to imagine.
