Best practices for team member departures

Security is important for every website. When employees leave a project or company for whatever reason, you must review their security access to prevent potential future tampering or the loss of important data. Failure to secure your subscription after an employee departure can result in issues like the following:

  • Incorrect credit card charges

  • Failure to receive Cloud Platform notifications

  • Account and application security breaches

Cloud Platform security steps

If you are a Cloud Platform subscriber, review the following steps to secure your websites after an employee’s departure:

Drupal security

Be sure to review the following items to secure your website after an employee’s departure:

  • Change any administrative passwords to which the employee had access

    Affected passwords can include the website itself, shell accounts, and phpMyAdmin.

  • Review the Drupal roles and permissions

    Edit the employee’s account in your Drupal website, and change their access to a lower permission level, or set it to blocked.


    Acquia doesn’t recommend deleting accounts, because doing so can lead to data loss in Drupal.

  • Review recent code changes

    If the parting is less than amicable, a departing individual may commit code allowing continued access to the website through a back door.

  • Revoke access to servers and version control systems

  • Review IP allowlists on firewalls and Apache (or your) .htaccess files

  • Change the salt for your encryption

    For more information about encryption salting, see this Wikipedia article.