Trusted Host Patterns Not Enabled Drupal Fix

If you run the latest version of Drupal, then you may have received a notice within your status report informing you that “trusted host patterns” have not been configured in your settings.php.

If this is not addressed, it can create some vulnerabilities for your Drupal-run site and can, in a round about way, grant access to some less than scrupulous parties and compromise your entire site.

Trusted Host Patterns Not Enabled Drupal Fix

Fortunately the fix is very simple, as you just need to navigate to your settings.php file (located within the “sites” folder within the root of your Drupal installation and then the “default” folder within the “sites” folder.

Once you have located that file, go down to the very bottom of it and paste in the following code:

$settings['trusted_host_patterns'] = array(
  '^www\.example\.com$',
);

… replacing “example” with your domain and “com” with your extension (if different.

As I demonstrate in the video above, you may need to temporarily tweak your permissions to allow you to be able to save that edit to the file.

Once you navigate back to the “status report” section of your Drupal installation, you should find that the error message has been resolved through the trusted host patterns not enabled Drupal fix once you refresh the page.

And if you followed the how to update Drupal 8 with cPanel technique recently covered here, this file is within the “sites” folder which you keep during updates, so you don’t have to go back in and change this code each time you update Drupal through this method.

Scroll to Top