1,025 Modules match your search

Extend and customize Drupal functionality with contributed modules. If a module doesn't quite do what you want it to do, if you find a bug or have a suggestion, then join forces and help the module maintainer. Or, share your own by starting a new module.


Image CAPTCHA example

A CAPTCHA is a challenge-response test most often placed within web forms to determine whether the user is human. The purpose of CAPTCHA is to block form submissions by spambots, which are automated scripts that post spam content everywhere they can. The CAPTCHA module provides this feature to virtually any user facing web form on a Drupal site.

Co-maintainer wanted

We do this our spare time, which is unfortunately almost nonexistent at the moment due to real life obligations. To give the CAPTCHA module the required level of maintenance, an extra co-maintainer would be welcome. If you're interested in helping with this very popular module, please contact me or open an issue in the CAPTCHA module issue tracker.




This module implements the OAuth 1.0 standard for use with Drupal and acts as a support module for other modules that wish to use OAuth.

For OAuth 2, use OAuth Connector module.



The LoginToboggan module offers several modifications of the Drupal login system in an external module by offering the following features and usability improvements:



The Masquerade module allows site administrators (or anyone with enough permissions) to switch users and surf the site as that user (no password required). That person can switch back to their own user account at any time.

This is helpful for site developers when trying to determine what a client, logged in as themselves, might see when logged into the site.


Login Destination

Login Destination

The Login Destination module allows you to customize the destination that a user is redirected to after logging in, registering to the site (7.x), using a one-time login link or logging out (7.x). The destination can be an internal page or an external URL. It is possible to specify certain conditions like referring pages or user roles and make the destination depend upon them. You may use PHP snippets to provide custom conditions and destinations. It is also possible to keep users on the currently visited page after logging in or out.



This module allows you to grant access for specific user roles to view unpublished nodes of a specific type. Access control is quite granular in this regard.

Additionally, using this module does not require any modifications to your existing URL structure.



The ACL module, short for Access Control Lists, is an API for other modules to create lists of users and give them access to nodes. It has no UI of its own and will not do anything by itself; install this module only if some other module tells you to.

We're aware of the following modules using ACL (let us know if you know of others):


Override Node Options

Override Node Options

The Override Node Options module allows permissions to be set to each field within the Authoring information and Publishing options field sets on the node form. It also allows selected field sets to be set as collapsed and / or collapsible.

To install:

  1. Download, unpack and place in sites/all/modules/
  2. Adjust access control in admin/user/permissions
  3. Adjust Fieldset options in admin/settings/override_node_options

Note: Autocomplete "Authored by" field only works if user has "Access user profiles" permission.


Redirect 403 to User Login

Redirect the HTTP 403 error page to the Drupal /user/login page with an optional message that reads:

"Access denied! You must login to view this page."

Also, the desired page is appended in the url query string so that, once login is successful, the user is taken directly where they were originally trying to go.


Menu Admin per Menu

By default, Drupal allows only users with the Administer menus and menu items permission to add, modify or delete menu items.

Menu Admin per Menu allows to give roles per menu admin permissions without giving them full admin permission.

For instance, you may let certain users manage the items of the Main or Navigation menus but not those of the Management menu.

Try out a demonstration
Watch a screencast


Password policy

This module provides a way to enforce restrictions on user passwords by defining password policies.


A password policy can be defined with a set of constraints which must be met before a user password change will be accepted. Each constraint has a parameter allowing for the minimum number of valid conditions which must be met before the constraint is satisfied.


Lightweight Directory Access Protocol (LDAP)


The Lightweight Directory Access Protocol (LDAP) project provides integration with LDAP for authentication, user provisioning, authorization, feeds, and views. It also provides apis and building blocks (query and server configuration storage) for other modules.



Nodeaccess Grant tab

Nodeaccess is a Drupal access control module which provides view, edit and delete access to nodes. Users with the 'grant node permissions' permission will have a grant tab on node pages which allows them to grant access to that node by user or role. Administrators can set default access controls per content type, and also define which roles are available to grant permissions to on the node grants tab.

The upshot is, this module allows you to do things like 'node 123 can be viewed by authenticated users and edited by admin users and joeuser'. As an added bonus, update and delete permissions are separated, so you can make sure users with edit permissions cannot accidentally delete pages.

7.x version
The previous maintainer (chadcf) had released a dev version of nodeaccess for D7. Over the following months a number of bugs/issues were reported and as of May 7th, 2013, all bug reports in the issue queue have been addressed (where possible) and with that, version 7.x-1.0 has been released as a stable/recommended release for Drupal 7.

Future Roadmap



Jasig CAS Logo

This module provide single sign-on capability for your Drupal site by implementing the CAS protocol. CAS has quickly become the most popular single sign-on solution for universities. In its most simple use (CAS can also proxy single sign-on), CAS authenticates users and sends the user to the requested application (your Drupal site) with a special ticket.



Spambot protects the user registration form from spammers and spambots by verifying registration attempts against the Stop Forum Spam (www.stopforumspam.com) online database. It also adds some useful features to help deal with spam accounts.

This module works well for sites which require user registration before posting is allowed (which is most forums).



The purpose of Spamicide is to prevent spam submission to any form on your Drupal web site. Spamicide adds an input field to each form then hides it with css, when spam bots fill in the field the form is discarded. The field, and matching .css file, are named in such a way as to not let on that it is a spam defeating device, and can be set by admins to almost anything they like(machine readable please). If logging is set, the log will show if and when a particular form has been compromised, and the admin can change the form's field name (and corresponding .css file) to something else.


OAuth Connector

Makes it possible to connect and sign in a Drupal user with accounts on most third party sites with OAuth API:s.

Provides a UI for adding and editing specifications of OAuth API:s that the users should be able to connect to. Also provides exportability of those specifications.

Is an implementation of the Connector module.


No request new password

Remove "Request new password" link from block and user page.

This module is very useful for sandbox sites where test users can't change your own password and for third party authentication like LDAP.

Login warnings problem

If you are having problems with login warnings, please take a look at this issue:



User Import

Import users into Drupal, or update existing users, with data from a CSV file (comma separated file). Provides a wide range of features out of the box, and a comprehensive API to customise imports.


Taxonomy Access Control

Access control for user roles based on taxonomy categories (vocabulary, terms).


Secure Login

Secure Login

For sites that are available via both HTTP and HTTPS, Secure Login module ensures that the user login and other forms are submitted securely via HTTPS, thus preventing passwords and other private user data from being transmitted in the clear. Secure Login module locks down not just the user/login page but also any page containing the user login block, and any other forms that you configure to be secured.




Displays your Terms & Conditions to users who want to register, and requires that they accept the T&C before their registration is accepted.



This module allows the site admin to create custom error pages for HTTP status codes 403 (access denied) and 404 (not found), without the need to create nodes for each of them.


BOTCHA Spam Prevention

BOTCHA screenshot

BOTCHA is a highly configurable non-CAPTCHA spam protection framework.

In CAPTCHA, user has to prove he/she is human. Unfortunately, spambots learned
to bypass CAPTCHA really well, and real users are frustrated with increasing
complexity and burden of CAPTCHA.

In BOTCHA, we don't abuse our human users - BOTCHA protection is completely
transparent to them and non-intrusive.

BOTCHA lets spambots to prove they are bots, and let real users zip by.

BOTCHA is useful for any form that has to be protected from spambots.

BOTCHA always works as designed - guaranteed! All of BOTCHA recipes are covered by Selenium-tests and we have our own "TestSwarm" to do testing as often as possible: see #1894478: The latest Selenium-tests launches & reports for details.
You could be also interested in #1896760: BOTCHA success stories.


Administer Users by Role

This module allows site builders to set up fine-grained permissions for allowing "sub-admin" users to edit and delete other users — more specific than Drupal Core's all-or-nothing 'administer users' permission. It also provides and enforces a 'create users' permission.

See the README.txt file for a full explanation of the permissions.