Stop Administrator Login

This is a simple module that will stop users from being able to login as user 1. Administrators will still be able to login as user 1 using drush. The idea behind this is to protect a site from the accidental loss of user 1's password. Ideally, two-factor authentication would be used to mitigate that instead, but this is a quick alternative.


If you enable this module, and do not have access to the machine using drush— you will NOT, I repeat, NOT be able to log back in as user 1. This will be sad for you, but here is your warning.


Encrypt User

Encrypt User allows certain user data to be encrypted using the Encrypt module. Currently, the following data is encrypted when the module is enabled:

  • User name
  • Email address

The module does not yet support choosing an encryption configuration provided by Encrypt, but uses the default configuration.

Initial development for Encrypt User was done by Emakina.

Node Watch

The Node Watch module provides a report of nodes on the system in order to provide alerts when that count changes based on a configurable threshold.

Two Factor Authentication for Duo Security

This is a plugin to the tfa framework for Duo Security.

To use

  1. Download, install and enable the tfa framework
  2. Download, install and enable this module.
  3. Enable this plugin at admin/config/people/tfa

7.x-1.x uses Duo auth API to do the authentication. This may not be usable on non enterprise accounts

7.x-2.x uses their webapi, but breaks some Drupal best practice.


Crowd Bruteforce Protection

This module has 2 dependencies, flood_unblock and flood_control. Rather than re-invent the wheel, I use these modules instead. This module protects against Bruteforce logins and bans any IP that tries to login to your website X times and reports those IP's back to a crowdsource server to help everyone protect themselves from that IP.


Sudo Mode

"Sudo Mode" is a module which takes inspiration from the unix sudo program which allows you to escalate yourself to a privileged user in order to perform an action. While this module doesn't swap your user role, it will ensure sensitive areas of your site request that you supply your password before being able to complete an action.


Subscribe with RSS Subscribe to RSS - Security