157 Modules match your search

Extend and customize Drupal functionality with contributed modules. If a module doesn't quite do what you want it to do, if you find a bug or have a suggestion, then join forces and help the module maintainer. Or, share your own by starting a new module.


Image CAPTCHA example

A CAPTCHA is a challenge-response test most often placed within web forms to determine whether the user is human. The purpose of CAPTCHA is to block form submissions by spambots, which are automated scripts that post spam content everywhere they can. The CAPTCHA module provides this feature to virtually any user facing web form on a Drupal site.

Co-maintainer wanted

We do this our spare time, which is unfortunately almost nonexistent at the moment due to real life obligations. To give the CAPTCHA module the required level of maintenance, an extra co-maintainer would be welcome. If you're interested in helping with this very popular module, please contact me or open an issue in the CAPTCHA module issue tracker.


Honey Pot

Honeypot uses both the honeypot and timestamp methods of deterring spam bots from completing forms on your Drupal site (read more here). These methods are effective against many spam bots, and are not as intrusive as CAPTCHAs or other methods which punish the user [YouTube].

The module currently supports enabling for all forms on the site, or particular forms like user registration or password reset forms, webforms, contact forms, node forms, and comment forms.


reCAPTCHA 2.x widget (with JavaScript)

Uses the reCAPTCHA web service to improve the CAPTCHA system. Tough on bots. Easy on humans.


Mollom logo

As of 2 April 2018, Acquia will no longer support or maintain the Mollom product. Read more: https://www.mollom.com/eol

Mollom is an intelligent content moderation web service. By monitoring content activity on all sites in the Mollom network, Mollom is in a unique position to determine if a post is potentially spam; not only based on the posted content, but also on the past activity and reputation of the poster. In short, Mollom handles incoming posts intelligently, in much the same way a human moderator decides what posts are acceptable. Therefore, Mollom enables you to allow anonymous users to post comments and other content on your site.


Spambot protects the user registration form from spammers and spambots by verifying registration attempts against the Stop Forum Spam (www.stopforumspam.com) online database. It also adds some useful features to help deal with spam accounts.

This module works well for sites which require user registration before posting is allowed (which is most forums).

SpamSpan filter

The SpamSpan module obfuscates email addresses to help prevent spambots from collecting them. It implements the technique at the SpamSpan website (a German version is also available). The problem with most email address obfuscators is that they rely upon JavaScript being enabled on the client side. This makes the technique inaccessible to people with screen readers. SpamSpan however will produce clickable links if JavaScript is enabled, and will show the email address as example [at] example [dot] com if the browser does not support JavaScript or if JavaScript is disabled.

This technique is unlikely to be absolutely foolproof. It is possible in theory for a determined spambot to harvest addresses from your site no matter how you disguise them. But research suggests that the by far the great majority of spambots do not bother to attempt to collect addresses which have been hidden using JavaScript. Indeed, most spambots cannot currently read JavaScript at all.

Here are a links to the results of a few experiments into the efficacy of JavaScript obfuscation. Let me know if you know of any more.

http://www.cdt.org/speech/spam/030319spamreport.shtml (2003)


Invisimail provides a content filter to hide email addresses from spam-bots. Email addresses are converted to ascii code and optionally written to the page using a concatenated JavaScript "write" command. The email addresses will appear on the page normally, but their html source will be obscured so as not to appear as an email address to email harvesting robots. Invisimail also provides an option to automatically create mailto links for email addresses.

Image CAPTCHA Refresh

Image CAPTCHA Refresh

Drupal 8

This module is going to be part of CAPTCHA module, see https://www.drupal.org/node/2608540 for updates.


This module adds the link for refreshing image into very popular module for widget image_captcha.


The purpose of Spamicide is to prevent spam submission to any form on your Drupal web site. Spamicide adds an input field to each form then hides it with css, when spam bots fill in the field the form is discarded. The field, and matching .css file, are named in such a way as to not let on that it is a spam defeating device, and can be set by admins to almost anything they like(machine readable please). If logging is set, the log will show if and when a particular form has been compromised, and the admin can change the form's field name (and corresponding .css file) to something else.


A sample form including a Hidden CAPTCHA!


Hidden CAPTCHA is an extension to the CAPTCHA module. It offers a hidden CAPTCHA (duh!)

The idea is very simple: If you offer an input box in any form, 99% of the time, robots will fill it with something before posting the form. If you offer an input box that has to stay empty, then the CAPTCHA system will prevent posts by robots.

This module allows you to add a Hidden CAPTCHA on forms where you don't absolutely need to have a human enter a text, number, etc. but that still needs a little anti-spam control.

How does it work?

This is just like any text CAPTCHA. You can set it up with a question specific to your website or that people just cannot answer in their right mind (i.e. How many stars are they in the Universe?) By changing the question regularly (once a month?) then you can prevent even more spam as the spammers need to adjust their robots to understand the new question (and some won't do that...) Long questions are better since they are not very likely to have been asked in any CAPTCHA before.

The CAPTCHA system will create a form with your question and an input box. The Hidden CAPTCHA system adds a specific CSS class to that form. The class references a CSS definition in the Hidden CAPTCHA file that says that the whole CAPTCHA box shall be hidden (i.e. display: none;).

Captcha Riddler

Captcha Riddler form


Captcha Riddler is a sub module of Captcha that lets site administrators create their own questions to foil automated spam bots.

BOTCHA Spam Prevention

BOTCHA screenshot

BOTCHA is a highly configurable non-CAPTCHA spam protection framework.

In CAPTCHA, user has to prove he/she is human. Unfortunately, spambots learned
to bypass CAPTCHA really well, and real users are frustrated with increasing
complexity and burden of CAPTCHA.

In BOTCHA, we don't abuse our human users - BOTCHA protection is completely
transparent to them and non-intrusive.

BOTCHA lets spambots to prove they are bots, and let real users zip by.

BOTCHA is useful for any form that has to be protected from spambots.

BOTCHA always works as designed - guaranteed! All of BOTCHA recipes are covered by Selenium-tests and we have our own "TestSwarm" to do testing as often as possible: see #1894478: The latest Selenium-tests launches & reports for details.
You could be also interested in #1896760: BOTCHA success stories.

Google reCAPTCHA

This module provides integration with Google reCAPTCHA service for protection site forms.
Read more: http://www.google.com/recaptcha
This new service from Google opens new epoch in spam protection technology.

Even if the site has no comment (or similar) form - it is still necessary to protect!
Why? Because CAPTCHA protects login form (Your site has it, right?) and not allow bad guys to brute-force and use vulnerability like this: https://www.drupal.org/node/2378367

Advantages over standard CAPTCHA:

  • During form creation and form submission special requests will be sent to Google servers - Your server will not spend resources for creating CAPTCHA widget or recognition is this spam or not.
  • This service provide advanced clever technology to recognize spam and this is permanent evolution.
  • This CAPTCHA is very easy for site visitors. In half cases it is enough just click "I'm not a robot"! :)

Advantages over others CAPTCHA modules:

  • Standalone module - no dependencies, no additional modules! This module provides only the needful functionality for integration and protection - nothing excess!
  • Uses latest version of Google CAPTCHA V2 API.


CAPTCHA Pack examples

The CAPTCHA Pack module contains several CAPTCHA types for use with the CAPTCHA module. The CAPTCHA Pack module is meant to provide lightweight, yet effective alternatives for the traditional image CAPTCHA, which is undesirable in certain situation (e.g. bandwidth restrictions, cpu restrictions, accessibility constraints, etc).


AntiSpam statistics page

AntiSpam module is the successor of the Akismet module, and it provides spam protection for your Drupal site using the Akismet anti-spam service.


What is Antibot?

Antibot is an extremely lightweight module designed to eliminate robotic form submissions on your website in an innovative-fashion. The module works completely behind the scenes and doesn't require any interaction from the end-users (no annoying CAPTCHAs!). The only requirement to the end user is that they must have Javascript enabled. If they do not, the protected forms will be hidden and a message will appear, telling the user that the form requires Javascript be enabled in order to use it.

Antibot aims to:

  • Prevent automatic spam submissions on your site's forms (like comments).
  • Be as lightweight as any module could possibly be.
  • Protect forms while still being able the cache the page.
  • Avoid any end-user interaction or annoying CAPTCHA codes.
  • Be more reliable than a honeypot trap.

How does it work?

  1. Admins choose which forms to enable protection for by specifying the form IDs.
  2. CSS is used to hide the form and display a message that the form requires Javascript in order to be used.
  3. The form's action path is switched to /antibot.


CloudFlare is a FREE reverse proxy, firewall, and global content delivery network and can be implemented without installing any server software or hardware.

On average, CloudFlare-powered websites load 30% faster, use 60% less bandwidth, and process 65% fewer requests. CloudFlare-powered websites are protected from many forms of malicious activity including: comment spam, email harvesting, SQL injection, cross-site scripting, and DDoS (denial of service) attacks.

8.x Features

  • Cache clearing by Tag (Recommended) and Path.
  • Restore client's original IP address.

7.x Features

  1. Corrects $_SERVER["REMOTE_ADDR"] so it contains the IP address of your visitor, not CloudFlare's reverse proxy server.
  2. Integrates with CloudFlare's Threat API so you can ban and whitelist IP addresses from the Drupal Comment administration screen.
  3. Integrates with CloudFlare's Spam API.
  4. Integrates with CloudFlare's Client Interface API (planned).

How do I get started with CloudFlare?

  1. Visit http://www.cloudflare.com to sign up for a free account.
  2. Follow their 5-minute configuration wizard.


Implements Project Honey Pot's http:BL service for Drupal. http:BL can prevent email address harvesters and comment spammers from visiting your site by using a centralized DNS blacklist. It requires a free Project Honey Pot membership. This module provides efficient blacklist lookups and blocks malicious visitors effectively.

http:BL has been adopted for use to enhance protection on Drupal.org.

Simple Anti-Spam

Protected form

Simple anti-spam module to prevent automatic spam from anonymous users.

Module adds for certain forms two new elements — checkbox "I'm not a spammer" and hidden checkbox "I'm a spammer". If user not checked first checkbox or checked second checkbox, form not submitted and display warning message.

Second features:

IP Ranges

IP Ranges UI

IP Ranges is a module that let's you completely ban both single IP-addresses as well as
full ranges from your site. The ban is triggered already at the early bootstrap phase, so you
can get rid of unwanted visitors as early as possible without wasting server resources.

You can also define whitelists that override blacklists, both single and ranged.
The UI is similar to core ip-ban, so you will feel like home immediately.


Just enable the module as usual.


After enabling the module, go to admin/config/people/ip-ranges to find form where you can enter either single IP-address or IP Range, and a list type.

IP-address range is entered in the form of -
(This is currently the only allowed range form, other types like bitmasks may come at later stage).

Type can be either "blacklist" or "whitelist",
where blacklisted IP's are denied from the site, and whitelisted are allowed.
Whitelists always override blacklists.


Restrict IP allows you to enter whitelists. All other IP's are banned.
Unlike IP Ranges, it does not actually restrict access to the page, but rather

Flag Abuse

The 6.x version of this module provides default abuse flags for nodes, comments and users and gives an administrative interface for reviewing and resetting said flags.

In the 7.x version of this module users can select any type of flag as an abuse flag, in addition it now uses whitelist flags for resetting abuse flags.

Google Captcha

Google Captcha

This project has been merged with the reCAPTCHA module. Please use reCAPTCHA branch 7.x-2.x instead on this module. All future updates and fixes will be made in this branch.

Uses the Google reCAPTCHA web service to improve the CAPTCHA system and protect email addresses.

Bad Behavior

Bad Behavior is a set of PHP scripts which prevents spambots from accessing your site by analyzing their actual HTTP requests and comparing them to profiles from known spambots. It goes far beyond User-Agent and Referer, however.

Graceful Email Obfuscation Filter

This email obfuscation module works similar to the technique described at the list apart article http://www.alistapart.com/articles/gracefulemailobfuscation/. It uses an input filter to "hide" email addresses, then uses javascript to "unhide" them for normal users. You can use this module anywhere you can use input filters (node body, CCK text fields, etc). This module also implements the core contact module for non-javascript browsers in order to keep clickable email links.


The Spam module provides numerous tools to auto-detect and deal with spam content that is posted to your site, without having to rely on third-party services.

The Spam module provides a trainable Bayesian filter, automatic learning of spammer URLs, flagging of content with an excessive number of links, the ability to create custom filters, and more.

[UPDATE: 1.2 was not correct as some of the hooks would not get defined. More or less, that means some of the functionality would not work properly. Please upgrade to 1.3 to fix the problem. See #1222546: The List of Spam Comments is Broken and #1298480: "Mark as Spam" and "Mark as Not Spam" links for comments going to 404 page. among other similar bug reports.]