Add functionality and customize your Drupal application with thousands of projects contributed by our amazing community.

1,148 modules match your search

A module is code that extends Drupal's by altering existing functionality or adding new features. You can use modules contributed by others or create your own. Learn more about creating and using Drupal modules.

CloudFlare

CloudFlare is a FREE reverse proxy, firewall, and global content delivery network and can be implemented without installing any server software or hardware.

On average, CloudFlare-powered websites load 30% faster, use 60% less bandwidth, and process 65% fewer requests. CloudFlare-powered websites are protected from many forms of malicious activity including: comment spam, email harvesting, SQL injection, cross-site scripting, and DDoS (denial of service) attacks.

8.x Features

  • Cache clearing by Tag (Recommended) and Path.
  • Restore client's original IP address.

7.x Features

  1. Corrects $_SERVER["REMOTE_ADDR"] so it contains the IP address of your visitor, not CloudFlare's reverse proxy server.
  2. Integrates with CloudFlare's Threat API so you can ban and whitelist IP addresses from the Drupal Comment administration screen.
  3. Integrates with CloudFlare's Spam API.
  4. Integrates with CloudFlare's Client Interface API (planned).

How do I get started with CloudFlare?

  1. Visit http://www.cloudflare.com to sign up for a free account.
  2. Follow their 5-minute configuration wizard.

Taxonomy Access Control Lite

This node_access module governs access to nodes based on the taxonomy terms applied to the nodes. A simple scheme based on taxonomy, roles and users controls which content is visible.

JSON Web Token Authentication (JWT)

The JSON Web Token (JWT) Authentication module provides a Drupal authentication provider that uses JWTs as the primary factor of authentication.

HTTPS and WWW Redirect

Admin settings page.

This module simplifies the process of setting a preferred URL and is designed for users who wish to enforce SSL and/or a specific domain without having to edit any files.

Restrict Login or Role Access by IP Address

Module settings screenshot

This module restricts Drupal features to certain IP addresses or IP address ranges. It can restrict logins and/or role acccess.

Require Login

Provides catch-all solution to easily require user authentication on all pages. Quick to configure and fully compatible with any other access control systems.

BOTCHA Spam Prevention

BOTCHA screenshot

BOTCHA is a highly configurable non-CAPTCHA spam protection framework.

In CAPTCHA, user has to prove he/she is human. Unfortunately, spambots learned
to bypass CAPTCHA really well, and real users are frustrated with increasing
complexity and burden of CAPTCHA.

In BOTCHA, we don't abuse our human users - BOTCHA protection is completely
transparent to them and non-intrusive.

BOTCHA lets spambots to prove they are bots, and let real users zip by.

BOTCHA is useful for any form that has to be protected from spambots.

BOTCHA always works as designed - guaranteed! All of BOTCHA recipes are covered by Selenium-tests and we have our own "TestSwarm" to do testing as often as possible: see #1894478: The latest Selenium-tests launches & reports for details.
You could be also interested in #1896760: BOTCHA success stories.

Webform Encrypt

webform_encrypt.png

This module creates the ability to encrypt fields/components from the Webform module.

SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider

SAML SSO

SAML 2.0 SP Single Sign On (SSO) - Service Provider allows users residing at a SAML compliant Identity Provider to log in to your Drupal website. We support all known IdPs – Google Apps, ADFS, Azure AD, Okta, Salesforce, Centrify, Bitium, miniOrange IdP, OneLogin, SimpleSAMLphp and many more

Cloudflare Turnstile

INTRODUCTION

The Cloudflare Turnstile module uses the Turnstile web service to augment the CAPTCHA system and protect forms. For more information on what Turnstile is, please visit:

Field Encryption

Adds options to encrypt field values.

The goal of this module is to create a method for encrypting field values when stored in the database.

CAPTCHA Pack

CAPTCHA Pack examples

The CAPTCHA Pack module contains several CAPTCHA types for use with the CAPTCHA module. The CAPTCHA Pack module is meant to provide lightweight, yet effective alternatives for the traditional image CAPTCHA, which is undesirable in certain situation (e.g. bandwidth restrictions, cpu restrictions, accessibility constraints, etc).

System Status

 The login screen

SUMMARY

We have a simple mission here at Lumturio; stopping your site from getting hacked.

Looking at every aspect of all of your sites, from necessary upgrades and vulnerabilities, to individual modules. Presenting it in one, easy to read dashboard.

No bullshit, just a simple UI with all the information you need to stay secure.

We allow administrators to build their own monitoring interface to check on multiple installations at once.

User Expire

This module allows an administrator to define a date on which to expire a specific user account or to define a period at a role level where inactive accounts will be locked.

Password Have I Been Pwned?

This module checks user passwords using Troy Hunt's excellent Have I Been Pwned (HIBP) service.

http:BL

Implements Project Honey Pot's http:BL service for Drupal. http:BL can prevent email address harvesters and comment spammers from visiting your site by using a centralized DNS blacklist. It requires a free Project Honey Pot membership. This module provides efficient blacklist lookups and blocks malicious visitors effectively.

httpBL has been adopted for use to enhance protection on Drupal.org.

Disable Login Page

Disable Login Page is a simple module that prevents access to the default Drupal Login Page to anonymous users without the use of a secret key. This is useful for sites that do not have any public user login requirements like in a corporate website or a personal blog.

The login page is protected with a secret key name value pair which can be set by the admin. When the default login page is accessed without the secret key-value pair, you get an access denied error.

htmLawed

Screenshot / configuring htmLawed filter in Drupal 8

The htmLawed module uses the htmLawed PHP library to restrict and purify HTML for security and compliance with web standards and admin policy. htmLawed is open-source, single-file, fast, highly customizable, well-documented.

User One

Since Drupal 7 is more restrictive in allowing multiple failed logins, using different names (in 6.x version) is not needed any longer. These are the features of 7.x version.

  • User one account is protected from viewing and editing. Users -- even with 'Administer users' permission -- will be denied access.
  • User one account is hidden from user listing page, admin/people.
  • User one account is hidden from user lists such as in blocks, Who's New and Who's Online. User One provides its own version of Who's Online block for correct count of logged in users besides hiding user one.
  • User One exposes Drupal's built-in values to change otherwise inaccessible such as number of allowed login attempts and time window to remember such login attempts.
  • While Drupal temporarily deny login after multiple failed logins, User One goes one step further to allow permanently block such IPs automatically and notify the site admin.

IP Ranges

IP Ranges UI

IP Ranges is a module that let's you completely ban both single IP-addresses as well as
full ranges from your site. The ban is triggered already at the early bootstrap phase, so you
can get rid of unwanted visitors as early as possible without wasting server resources.

You can also define whitelists that override blacklists, both single and ranged.
The UI is similar to core ip-ban, so you will feel like home immediately.

INSTALLATION

Just enable the module as usual.

USAGE

After enabling the module, go to admin/config/people/ip-ranges to find form where you can enter either single IP-address or IP Range, and a list type.

IP-address range is entered in the form of 100.100.100.100 - 100.100.101.150.
(This is currently the only allowed range form, other types like bitmasks may come at later stage).

Type can be either "blacklist" or "whitelist",
where blacklisted IP's are denied from the site, and whitelisted are allowed.
Whitelists always override blacklists.

ALTERNATIVES

Restrict IP allows you to enter whitelists. All other IP's are banned.
Unlike IP Ranges, it does not actually restrict access to the page, but rather

Pages