Composer plugin to improve the security of composer-based Drupal projects by moving all PHP files out of docroot for Acquia Environments.

Installs: 1 539 810

Dependents: 0

Suggesters: 0

Security: 0

Stars: 3

Watchers: 0

Forks: 1

Open Issues: 0


1.0.0-alpha4 2020-12-09 14:23 UTC

This package is auto-updated.

Last update: 2024-06-09 22:23:50 UTC


Composer plugin for improving the website security for composer-based Drupal projects by moving all PHP files out of docroot, for Acquia environments.

This plugin has the dependency of the drupal-paranoia plugin, performing additional installation steps to run the paranoia mode on Acquia Cloud environments.

Would like to know more about it?


Make sure you have a drupal-composer/drupal-project-based project created.

Rename your Acquia repo docroot directory to app.

mv docroot app

Update the composer.json of your root package with the following changes:

"extra": {
    "installer-paths": {
        "app/core": ["type:drupal-core"],
        "app/libraries/{$name}": ["type:drupal-library"],
        "app/modules/contrib/{$name}": ["type:drupal-module"],
        "app/profiles/contrib/{$name}": ["type:drupal-profile"],
        "app/themes/contrib/{$name}": ["type:drupal-theme"],
        "drush/contrib/{$name}": ["type:drupal-drush"]
    "drupal-paranoia": {
        "app-dir": "app",
        "web-dir": "docroot"

Use composer require ... to install this Plugin on your project.

composer require jkribeiro/drupal-composer-paranoia-acquia:~1

Run the following commands to make sure that the new folders are installed:

composer drupal:paranoia
composer drupal:paranoia-acquia

Done! Plugin and new docroot are now installed.

Folder structure

Your project now is basically structured on two folders.

  • app: Contains the files and folders of the full Drupal installation.
  • docroot: Contains only the symlinks of the assets files and the PHP stub files from the app folder.

Every time that you install or update a Drupal package via Composer, the docroot folder is automatically recreated.

If necessary, you can rebuild it manually, running the command

composer drupal:paranoia

This could be necessary when updating themes images, CSS and JS files.

Last step is to commit and push the changes to Acquia Cloud git repository.