121 Modules match your search

Extend and customize Drupal functionality with contributed modules. If a module doesn't quite do what you want it to do, if you find a bug or have a suggestion, then join forces and help the module maintainer. Or, share your own by starting a new module.


Image CAPTCHA example

A CAPTCHA is a challenge-response test most often placed within web forms to determine whether the user is human. The purpose of CAPTCHA is to block form submissions by spambots, which are automated scripts that post spam content everywhere they can. The CAPTCHA module provides this feature to virtually any user facing web form on a Drupal site.

Co-maintainer wanted

We do this our spare time, which is unfortunately almost nonexistent at the moment due to real life obligations. To give the CAPTCHA module the required level of maintenance, an extra co-maintainer would be welcome. If you're interested in helping with this very popular module, please contact me or open an issue in the CAPTCHA module issue tracker.



reCAPTCHA 2.x widget (with JavaScript)

Uses the reCAPTCHA web service to improve the CAPTCHA system and protect email addresses.



Honey Pot

#D8CX: I pledge that Honeypot will have a full Drupal 8 release on the day that Drupal 8 is released.

Honeypot uses both the honeypot and timestamp methods of deterring spam bots from completing forms on your Drupal site (read more here). These methods are effective against many spam bots, and are not as intrusive as CAPTCHAs or other methods which punish the user [YouTube].

The module currently supports enabling for all forms on the site, or particular forms like user registration or password reset forms, webforms, contact forms, node forms, and comment forms.



Mollom logo

Mollom is an intelligent content moderation web service. By monitoring content activity on all sites in the Mollom network, Mollom is in a unique position to determine if a post is potentially spam; not only based on the posted content, but also on the past activity and reputation of the poster. In short, Mollom handles incoming posts intelligently, in much the same way a human moderator decides what posts are acceptable. Therefore, Mollom enables you to allow anonymous users to post comments and other content on your site.


SpamSpan filter

The SpamSpan module obfuscates email addresses to help prevent spambots from collecting them. It implements the technique at the SpamSpan website (a German version is also available). The problem with most email address obfuscators is that they rely upon JavaScript being enabled on the client side. This makes the technique inaccessible to people with screen readers. SpamSpan however will produce clickable links if JavaScript is enabled, and will show the email address as example [at] example [dot] com if the browser does not support JavaScript or if JavaScript is disabled.

This technique is unlikely to be absolutely foolproof. It is possible in theory for a determined spambot to harvest addresses from your site no matter how you disguise them. But research suggests that the by far the great majority of spambots do not bother to attempt to collect addresses which have been hidden using JavaScript. Indeed, most spambots cannot currently read JavaScript at all.

Here are a links to the results of a few experiments into the efficacy of JavaScript obfuscation. Let me know if you know of any more.

http://www.cdt.org/speech/spam/030319spamreport.shtml (2003)



Invisimail provides a content filter to hide email addresses from spam-bots. Email addresses are converted to ascii code and optionally written to the page using a concatenated JavaScript "write" command. The email addresses will appear on the page normally, but their html source will be obscured so as not to appear as an email address to email harvesting robots. Invisimail also provides an option to automatically create mailto links for email addresses.



Spambot protects the user registration form from spammers and spambots by verifying registration attempts against the Stop Forum Spam (www.stopforumspam.com) online database. It also adds some useful features to help deal with spam accounts.

This module works well for sites which require user registration before posting is allowed (which is most forums).



The purpose of Spamicide is to prevent spam submission to any form on your Drupal web site. Spamicide adds an input field to each form then hides it with css, when spam bots fill in the field the form is discarded. The field, and matching .css file, are named in such a way as to not let on that it is a spam defeating device, and can be set by admins to almost anything they like(machine readable please). If logging is set, the log will show if and when a particular form has been compromised, and the admin can change the form's field name (and corresponding .css file) to something else.



A sample form including a Hidden CAPTCHA!


Hidden CAPTCHA is an extension to the CAPTCHA module. It offers a hidden CAPTCHA (duh!)

The idea is very simple: If you offer an input box in any form, 99% of the time, robots will fill it with something before posting the form. If you offer an input box that has to stay empty, then the CAPTCHA system will prevent posts by robots.

This module allows you to add a Hidden CAPTCHA on forms where you don't absolutely need to have a human enter a text, number, etc. but that still needs a little anti-spam control.

How does it work?

This is just like any text CAPTCHA. You can set it up with a question specific to your website or that people just cannot answer in their right mind (i.e. How many stars are they in the Universe?) By changing the question regularly (once a month?) then you can prevent even more spam as the spammers need to adjust their robots to understand the new question (and some won't do that...) Long questions are better since they are not very likely to have been asked in any CAPTCHA before.

The CAPTCHA system will create a form with your question and an input box. The Hidden CAPTCHA system adds a specific CSS class to that form. The class references a CSS definition in the Hidden CAPTCHA file that says that the whole CAPTCHA box shall be hidden (i.e. display: none;).


BOTCHA Spam Prevention

BOTCHA screenshot

BOTCHA is a highly configurable non-CAPTCHA spam protection framework.

In CAPTCHA, user has to prove he/she is human. Unfortunately, spambots learned
to bypass CAPTCHA really well, and real users are frustrated with increasing
complexity and burden of CAPTCHA.

In BOTCHA, we don't abuse our human users - BOTCHA protection is completely
transparent to them and non-intrusive.

BOTCHA lets spambots to prove they are bots, and let real users zip by.

BOTCHA is useful for any form that has to be protected from spambots.

BOTCHA always works as designed - guaranteed! All of BOTCHA recipes are covered by Selenium-tests and we have our own "TestSwarm" to do testing as often as possible: see #1894478: The latest Selenium-tests launches & reports for details.
You could be also interested in #1896760: BOTCHA success stories.



CAPTCHA Pack examples

The CAPTCHA Pack module contains several CAPTCHA types for use with the CAPTCHA module. The CAPTCHA Pack module is meant to provide lightweight, yet effective alternatives for the traditional image CAPTCHA, which is undesirable in certain situation (e.g. bandwidth restrictions, cpu restrictions, accessibility constraints, etc).


Image CAPTCHA Refresh

Image CAPTCHA Refresh


This module adds the link for refreshing image into very popular module for widget image_captcha.

If you're interested in helping with this or have problems with this module, please contact me or open an issue in the Image Captcha Refresh module issue tracker.


User registration password

Administration settings D7

Let users register with a password on the registration form when verification mail is required.



AntiSpam statistics page

AntiSpam module is the successor of the Akismet module, and it provides spam protection to your drupal site using external antispam service like Akismet.

AntiSpam module is fully compatible with Drupal 6.x (Akismet module for Drupal 6.x release had many compatibility issues and was not usable as it was), and it expanded the support of the external antispam service with TypePad AntiSpam and Defensio service as well as Akismet service. Now you can choose one of the antispam service you wish to use.

Supported Anti-spam Services

In case of Defensio, the AntiSpam module take advantage of spam rating (spaminess) information provided by Defensio and you can sort the moderation queue list using spaminess (see the screenshot).

AntiSpam Helper Module


Captcha Riddler

Captcha Riddler form


Captcha Riddler is a sub module of Captcha that lets site administrators create their own questions to foil automated spam bots.


Flag Abuse

The 6.x version of this module provides default abuse flags for nodes, comments and users and gives an administrative interface for reviewing and resetting said flags.

In the 7.x version of this module users can select any type of flag as an abuse flag, in addition it now uses whitelist flags for resetting abuse flags.



Implementation of http:BL for Drupal. http:BL can prevent email address harvesters and comment spammers from visiting your site by using a centralized DNS blacklist. It requires a free Project Honey Pot membership. This module provides efficient blacklist lookups and blocks malicious visitors effectively.

http:BL has been adopted for use to enhance protection on Drupal.org.


CloudFlare - Free Reverse Proxy, Firewall, and Global CDN

Cloudflare - Free Reverse Proxy, Firewall, and Global CDN

CloudFlare is a FREE reverse proxy, firewall, and global content delivery network and can be implemented without installing any server software or hardware.

On average, CloudFlare-powered websites load 30% faster, use 60% less bandwidth, and process 65% fewer requests. CloudFlare-powered websites are protected from many forms of malicious activity including: comment spam, email harvesting, SQL injection, cross-site scripting, and DDoS (denial of service) attacks.

That sounds fine and dandy, but can I see the performance of CloudFlare-enabled site?

Sure, visit my site: Brian Stevenson.

What does this module do?

  1. Corrects $_SERVER["REMOTE_ADDR"] so it contains the IP address of your visitor, not CloudFlare's reverse proxy server.
  2. Integrates with CloudFlare's Threat API so you can ban and whitelist IP addresses from the Drupal Comment administration screen.
  3. Integrates with CloudFlare's Spam API.
  4. Integrates with CloudFlare’s Client Interface API (planned).

How do I get started with CloudFlare?

  1. Visit http://www.cloudflare.com to sign up for a free account.
  2. Follow their 5-minute configuration wizard.

Installation Instructions:

  1. Install and Enable this module.



The Spam module provides numerous tools to auto-detect and deal with spam content that is posted to your site, without having to rely on third-party services.

The Spam module provides a trainable Bayesian filter, automatic learning of spammer URLs, flagging of content with an excessive number of links, the ability to create custom filters, and more.

[UPDATE: 1.2 was not correct as some of the hooks would not get defined. More or less, that means some of the functionality would not work properly. Please upgrade to 1.3 to fix the problem. See #1222546: The List of Spam Comments is Broken and #1298480: "Mark as Spam" and "Mark as Not Spam" links for comments going to 404 page. among other similar bug reports.]


Bad Behavior

Bad Behavior is a set of PHP scripts which prevents spambots from accessing your site by analyzing their actual HTTP requests and comparing them to profiles from known spambots. It goes far beyond User-Agent and Referer, however.


Simple Anti-Spam

Protected form

Simple anti-spam module to prevent automatic spam from anonymous users.

Module adds for certain forms two new elements — checkbox "I'm not a spammer" and hidden checkbox "I'm a spammer". If user not checked first checkbox or checked second checkbox, form not submitted and display warning message.

Second features:


IP Ranges

IP Ranges UI

IP Ranges is a module that let's you completely ban both single IP-addresses as well as
full ranges from your site. The ban is triggered already at the early bootstrap phase, so you
can get rid of unwanted visitors as early as possible without wasting server resources.

You can also define whitelists that override blacklists, both single and ranged.
The UI is similar to core ip-ban, so you will feel like home immediately.


Just enable the module as usual.


After enabling the module, go to admin/config/people/ip-ranges to find form where you can enter either single IP-address or IP Range, and a list type.

IP-address range is entered in the form of -
(This is currently the only allowed range form, other types like bitmasks may come at later stage).

Type can be either "blacklist" or "whitelist",
where blacklisted IP's are denied from the site, and whitelisted are allowed.
Whitelists always override blacklists.


Restrict IP allows you to enter whitelists. All other IP's are banned.
Unlike IP Ranges, it does not actually restrict access to the page, but rather


Graceful Email Obfuscation Filter

This email obfuscation module works similar to the technique described at the list apart article http://www.alistapart.com/articles/gracefulemailobfuscation/. It uses an input filter to "hide" email addresses, then uses javascript to "unhide" them for normal users. You can use this module anywhere you can use input filters (node body, CCK text fields, etc). This module also implements the core contact module for non-javascript browsers in order to keep clickable email links.


Block anonymous links

Most spam messages contain links and most spambots don't register on the sites they want to spam. BlockAnonymousLinks blocks comments from anonymous users that contain links.


Google Captcha

Google Captcha

This project has been merged with the reCAPTCHA module. Please use reCAPTCHA branch 7.x-2.x instead on this module. All future updates and fixes will be made in this branch.

Uses the Google reCAPTCHA web service to improve the CAPTCHA system and protect email addresses.