Back-office Access Restriction

The Back-office Access Restriction module allows to deny access to specific administration pages even for users with permission to access them. This module is intended to be installed on production sites so that some sensitive pages can no more be accessed. Such pages could be:

Password HIBP (HaveIBeenPwned)

This is a Drupal 8 module that aims to improve password security for your site's users by preventing them from using a password that is known to have been compromised.

In order to do this, the plugin makes use of the "Have I Been Pwned" API, operated by noted security researcher Troy Hunt. contains an archive of user credentials that have been made public after being hacked, and allows anyone to query the database to find out whether their credentials have been compromised.

DNT Aware Page Cache

This module provides a page cache for anonymous users that behaves identically to the Drupal Core Internal Page Cache Module with one exception: it stores cached versions for users with the Do Not Track (DNT) header set separately from those without.

This is important for ensuring conformance of data gathering scripts in jurisdictions and for clients who wish to respect Do Not Track.

The module should not be active at the same time as the normal Drupal Core Internal Page Cache, and implements hook_requirements() in order to complain when the core cache is active.

ClamAV Queue

Use case

This module is intended for the very specific case where a site is using all of these modules:

  • clamav
  • file_entity
  • plupload
  • multiform

(Note: All these modules are listed as dependencies for this reason.)

Pwned Passwords (Have I Been Pwned / HIBP)

User edit form

This module uses the Have I Been Pwned - HIBP "Passwords" API v2 to validate passwords entered by a user.

Currently it prevents the user to select any password present in the database, more options will come.

Sandbox sample

This is a sandbox sample project.


Subscribe with RSS Subscribe to RSS - Security