Add functionality and customize your Drupal application with thousands of projects contributed by our amazing community.

1,150 modules match your search

A module is code that extends Drupal's by altering existing functionality or adding new features. You can use modules contributed by others or create your own. Learn more about creating and using Drupal modules.

CAPTCHA

Drupal CAPTCHA module

Add challenge-response tests to user-facing forms on your site to protect against spambot submissions. Other CAPTCHA types are supported via additional modules.

reCAPTCHA

reCAPTCHA 2.x widget (with JavaScript)

Uses the reCAPTCHA web service to improve the CAPTCHA system. Tough on bots. Easy on humans.

Honeypot

Honey Pot

Honeypot uses both the honeypot and timestamp methods of deterring spam bots from completing forms on your Drupal site (read more here). These methods are effective against many spam bots, and are not as intrusive as CAPTCHAs or other methods which punish the user [YouTube].

The module currently supports enabling for all forms on the site, or particular forms like user registration or password reset forms, webforms, contact forms, node forms, and comment forms.

Password Policy

This module supports enforcing restrictions on user passwords by defining password policies.

Menu Admin per Menu

By default, Drupal allows only users with the Administer menus and menu items permission to add, modify or delete menu items.

Menu Admin per Menu allows to give roles per menu admin permissions without giving them full admin permission.

For instance, you may let certain users manage the items of the Main or Navigation menus but not those of the Management menu.

Try out a demonstration
Watch a screencast

Security Kit

Screenshot

SecKit provides Drupal with various security-hardening options. This lets your mitigate the risks of exploitation of different web application vulnerabilities.

SecKit facilitates certain mitigations for Cross-site Scripting, Cross-site Request Forgery, and Clickjacking, among other issues.

Role Delegation

Example of permissions added by Role Delegation

This module allows site administrators to grant specific roles the authority to assign selected roles to users, without them needing the administer permissions permission.

Key

Key provides the ability to improve Drupal security by managing sensitive keys (such as API and encryption keys). It gives site administrators the ability to define how and where keys are stored, which allows the option of a high level of security and allows sites to meet regulatory or compliance requirements.

Flood control

Flood control settings

Flood Control provides an interface for hidden flood control variables (e.g.

reCAPTCHA v3

reCaptcha v3

Google reCAPTCHA v3 returns a score for each request without user friction. The score is based on interactions with your site and enables you to take an appropriate action for your site.

This module enables you to easily configure reCAPTCHA v3 and a fallback challenge (captcha/recaptcha v2 e.g). In case user fails reCAPTCHA v3, he can be prompted with an additional challenge to prove. This is an ideal way to maximize security without any user friction.

Encrypt

Encrypt is a Drupal module that provides an application programming interface (API) for performing symmetric or asymmetric encryption. It allows integrating modules to encrypt and decrypt data in a standardized manner. It doesn't provide any user-facing features of its own, aside from administration pages to manage encryption profiles.

OAuth 1.0

This module implements the OAuth 1.0 standard for use with Drupal and acts as a support module for other modules that wish to use OAuth.

For OAuth 2.0, install the Oauth 2.0 module instead of this one.

Username Enumeration Prevention

What Is Username Enumeration Prevention

By default Drupal is very secure (especially Drupal 7). However, there is a way to exploit the system by using a technique called username enumeration. Both Drupal 6 and 7 have this issue, but it is much worse for people using Drupal 6. This is because Drupal 6 does not have any built in brute force prevention. When an attacker knows a username they can start a brute force attack to gain access with that user. To help prevent this, it is best if usernames on the system are not easy to find out.

Attackers can easily find usernames that exist by using the forgot password form and a technique called “username enumeration”. The attacker can enter a username that does not exist and they will get a response from Drupal saying so. All the attacker needs to do is keep trying usernames on this form until they find a valid user.

This module will stop this from happening. When the module is enabled, the error message will be replaced for the same message as a valid user and they will be redirected back to the login form. If the user does not exist, no password reset email will be sent, but the attacker will not know this is the case.

Field Validation

Field validation

Custom validation rules for your field instances. Multiple validators are available: regular expression, unique value, min or max length, banned words, numeric value range, must be empty and many more. In Drupal 8 validators are plugins, create your own validator or extend some of the existing.

Administer Users by Role

This module allows site builders to set up fine-grained permissions for allowing "sub-admin" users to manage other users based on the target user\'s role.

simpleSAMLphp Authentication

simpleSAMLphp fish logo

This module integrates Drupal with SimpleSAMLphp, the most robust and complete implementation of SAML in PHP. It makes it possible for Drupal to communicate with SAML or Shibboleth identity providers (IdP) for authenticating users. The resulting Drupal site can effectively act as a SAML or Shibboleth service provider (SP).

Prerequisites

  • SimpleSAMLphp - you must have SimpleSAMLphp version 1.6 or newer installed and configured to operate as a service provider (SP).

NOTE: Your SimpleSAMLphp SP must be configured to use something other than "phpsession" (the default) for session storage. The alternatives are memcache or sql. The sql option was added in SimpleSAMLphp version 1.7. The simplest solution for folks running SimpleSAMLphp version 1.7 or higher is to edit the SimpleSAMLphp config/config.php by setting store.type => 'sql' and 'store.sql.dsn' => 'sqlite:/path/to/sqlitedatabase.sq3'

Features

  • Just-in-time provisioning of Drupal user accounts based on SAML attributes (configurable).
  • Automatic role assignment based on SAML attributes (configurable).
  • Dual mode - support for traditional Drupal accounts and SAML-authenticated accounts at the same time (configurable).

Content-Security-Policy

Content Security Policy Module Configuration Form - Directives

Configure a Content-Security-Policy header for your Drupal site to detect and mitigate the risk of Cross Site Scripting (XSS) and other vulnerabilities.

Login Security

Login Security module improves the security options in the login operation of a Drupal site.

SpamSpan filter

The SpamSpan module obfuscates email addresses to help prevent spambots from
collecting them. It is based on the technique from
spamspan but has undergone major modifications, as the original spamspan code hasn't been updated since 2007.

Pages