1,125 Modules match your search

Extend and customize Drupal functionality with contributed modules. If a module doesn't quite do what you want it to do, if you find a bug or have a suggestion, then join forces and help the module maintainer. Or, share your own by starting a new module.


Image CAPTCHA example

A CAPTCHA is a challenge-response test most often placed within web forms to determine whether the user is human. The purpose of CAPTCHA is to block form submissions by spambots, which are automated scripts that post spam content everywhere they can. The CAPTCHA module provides this feature to virtually any user facing web form on a Drupal site.

Co-maintainer wanted

We do this our spare time, which is unfortunately almost nonexistent at the moment due to real life obligations. To give the CAPTCHA module the required level of maintenance, an extra co-maintainer would be welcome. If you're interested in helping with this very popular module, please contact me or open an issue in the CAPTCHA module issue tracker.




This module implements the OAuth 1.0 standard for use with Drupal and acts as a support module for other modules that wish to use OAuth.



The LoginToboggan module offers several modifications of the Drupal login system in an external module by offering the following features and usability improvements:



The Masquerade module allows site administrators (or anyone with enough permissions) to switch users and surf the site as that user (no password required). That person can switch back to their own user account at any time.

This is helpful for site developers when trying to determine what a client, logged in as themselves, might see when logged into the site.


Login Destination

Login Destination

The Login Destination module allows you to customize the destination that a user is redirected to after logging in, registering to the site (7.x), using a one-time login link or logging out (7.x). The destination can be an internal page or an external URL. It is possible to specify certain conditions like referring pages or user roles and make the destination depend upon them. You may use PHP snippets to provide custom conditions and destinations. It is also possible to keep users on the currently visited page after logging in or out.



This module allows you to grant access for specific user roles to view unpublished nodes of a specific type. Access control is quite granular in this regard.

Additionally, using this module does not require any modifications to your existing URL structure.


Password Policy

This module provides a way to enforce restrictions on user passwords by defining password policies.


A password policy can be defined with a set of constraints which must be met before a user password change will be accepted. Each constraint has a parameter allowing for the minimum number of valid conditions which must be met before the constraint is satisfied.



The ACL module, short for Access Control Lists, is an API for other modules to create lists of users and give them access to nodes. It has no UI of its own and will not do anything by itself; install this module only if some other module tells you to.

We're aware of the following modules using ACL (let us know if you know of others):


Override Node Options

A screenshot of the Override Node Options permissions

The Override Node Options module allows permissions to be set to each field within the Authoring information and Publishing options field sets on the node form. It also allows selected field sets to be set as collapsed and / or collapsible.

To install:

  1. Download, unpack and place in sites/all/modules/
  2. Adjust access control in admin/user/permissions
  3. Adjust Fieldset options in admin/settings/override_node_options

Note: Autocomplete "Authored by" field only works if user has "Access user profiles" permission.


Redirect 403 to User Login

Redirect the HTTP 403 error page to the Drupal /user/login page with an optional message that reads:

"Access denied! You must login to view this page."

Also, the desired page is appended in the url query string so that, once login is successful, the user is taken directly where they were originally trying to go.


Menu Admin per Menu

By default, Drupal allows only users with the Administer menus and menu items permission to add, modify or delete menu items.

Menu Admin per Menu allows to give roles per menu admin permissions without giving them full admin permission.

For instance, you may let certain users manage the items of the Main or Navigation menus but not those of the Management menu.

Try out a demonstration
Watch a screencast


Lightweight Directory Access Protocol (LDAP)


The Lightweight Directory Access Protocol (LDAP) project provides integration with LDAP for authentication, user provisioning, authorization, feeds, and views. It also provides apis and building blocks (query and server configuration storage) for other modules.



Nodeaccess Grant tab

Nodeaccess is a Drupal access control module which provides view, edit and delete access to nodes. Users with the 'grant node permissions' permission will have a grant tab on node pages which allows them to grant access to that node by user or role. Administrators can set default access controls per content type, and also define which roles are available to grant permissions to on the node grants tab.

The upshot is, this module allows you to do things like 'node 123 can be viewed by authenticated users and edited by admin users and joeuser'. As an added bonus, update and delete permissions are separated, so you can make sure users with edit permissions cannot accidentally delete pages.

7.x version
The previous maintainer (chadcf) had released a dev version of nodeaccess for D7. Over the following months a number of bugs/issues were reported and as of May 7th, 2013, all bug reports in the issue queue have been addressed (where possible) and with that, version 7.x-1.0 has been released as a stable/recommended release for Drupal 7.

Future Roadmap



Jasig CAS Logo

This module provide single sign-on capability for your Drupal site by implementing the CAS protocol. CAS has quickly become the most popular single sign-on solution for universities. In its most simple use (CAS can also proxy single sign-on), CAS authenticates users and sends the user to the requested application (your Drupal site) with a special ticket.


No Request New Password

Remove "Request new password" link from block and user page.

This module is very useful for sandbox sites where test users can't change your own password and for third party authentication like LDAP.

Login warnings problem

If you are having problems with login warnings, please take a look at this issue:




The purpose of Spamicide is to prevent spam submission to any form on your Drupal web site. Spamicide adds an input field to each form then hides it with css, when spam bots fill in the field the form is discarded. The field, and matching .css file, are named in such a way as to not let on that it is a spam defeating device, and can be set by admins to almost anything they like(machine readable please). If logging is set, the log will show if and when a particular form has been compromised, and the admin can change the form's field name (and corresponding .css file) to something else.




Displays your Terms & Conditions to users who want to register, and requires that they accept the T&C before their registration is accepted.


Secure Login

Secure Login

For sites that are available via both HTTP and HTTPS, Secure Login module ensures that the user login and other forms are submitted securely via HTTPS, thus preventing passwords and other private user data from being transmitted in the clear. Secure Login module locks down not just the user/login page but also any page containing the user login block, and any other forms that you configure to be secured.



Spambot protects the user registration form from spammers and spambots by verifying registration attempts against the Stop Forum Spam (www.stopforumspam.com) online database. It also adds some useful features to help deal with spam accounts.

This module works well for sites which require user registration before posting is allowed (which is most forums).


User Import

Import users into Drupal, or update existing users, with data from a CSV file (comma separated file). Provides a wide range of features out of the box, and a comprehensive API to customise imports.


Administer Users by Role

This module allows site builders to set up fine-grained permissions for allowing "sub-admin" users to edit and delete other users — more specific than Drupal Core's all-or-nothing 'administer users' permission. It also provides and enforces a 'create users' permission.

See the README.txt file for a full explanation of the permissions.

Version 2 of the module was sponsored by AlbanyWeb.


Image CAPTCHA Refresh

Image CAPTCHA Refresh

Drupal 8

This module is going to be part of CAPTCHA module, see https://www.drupal.org/node/2608540 for updates.


This module adds the link for refreshing image into very popular module for widget image_captcha.


Taxonomy Access Control

Access control for user roles based on taxonomy categories (vocabulary, terms).


Vocabulary Permissions Per Role

Allows adding to/editing terms of/removing terms from vocabularies per role.

You have set up some vocabularies (with some terms) like Color (Red, Green, Blue) and Shape (Toroid, Cube, Sphere). Maybe you even have a vocabulary that controls who can view a specific node (with terms) like Access control (Editors, Colleagues, World). Here comes trouble: your precious editors want to add more Colors, or reorder the terms of the Shape vocabulary (probably they want to see Sphere before Cube, who knows,) and you do NOT want to grant your editors the administer taxonomy permission, as it grants too much power (and that implies too much sharing of responsibility). Without this permission they were NOT able to do the mentioned tricks: adding terms to a vocabulary but not to another, reordering/editing terms of a vocabulary but not another's, etc.

These problem of yours is the past--just download and install vppr.module, and set it up at Administration >> Site configuration >> Vocabulary permissions.


Username Enumeration Prevention

What Is Username Enumeration Prevention

By default Drupal is very secure (especially Drupal 7). However, there is a way to exploit the system by using a technique called username enumeration. Both Drupal 6 and 7 have this issue, but it is much worse for people using Drupal 6. This is because Drupal 6 does not have any built in brute force prevention. When an attacker knows a username they can start a brute force attack to gain access with that user. To help prevent this, it is best if usernames on the system are not easy to find out.

Attackers can easily find usernames that exist by using the forgot password form and a technique called “username enumeration”. The attacker can enter a username that does not exist and they will get a response from Drupal saying so. All the attacker needs to do is keep trying usernames on this form until they find a valid user.

This module will stop this from happening. When the module is enabled, the error message will be replaced for the same message as a valid user and they will be redirected back to the login form. If the user does not exist, no password reset email will be sent, but the attacker will not know this is the case.