Add functionality and customize your Drupal application with thousands of projects contributed by our amazing community.
A module is code that extends Drupal's by altering existing functionality or adding new features. You can use modules contributed by others or create your own. Learn more about creating and using Drupal modules.
Add challenge-response tests to user-facing forms on your site to protect against spambot submissions. Other CAPTCHA types are supported via additional modules.
Provides a generic service for logging in and registering users that are authenticated against an external site or service and storing the authentication details.
Gives users with specific roles the ability to view unpublished content of certain content types.
Allows site administrators (or anyone with enough permissions) to switch users and surf the site as that user
This module supports enforcing restrictions on user passwords by defining password policies.
The Field Permissions module allows site administrators to set field-level permissions to edit, view and create fields on any entity.
Features
- Enable field permissions on any entity, not just nodes.
- Role-based field permissions allowing different viewing patterned based on what access the user has.
- Author-level permissions allow viewing and editing of fields based on who the entity owner is.
- Permissions for each field are not enabled by default. Instead, administrators can enable these permissions explicitly for the fields where this feature is needed.
- Field permissions overview
This module allows site administrators to grant specific roles the authority to assign selected roles to users, without them needing the administer permissions permission.
By default, Drupal allows only users with the Administer menus and menu items permission to add, modify or delete menu items.
Menu Admin per Menu allows to give roles per menu admin permissions without giving them full admin permission.
For instance, you may let certain users manage the items of the Main or Navigation menus but not those of the Management menu.
Try out a demonstration
Watch a screencast
The Override Node Options module allows permissions to be set to each field within the Authoring information and Publishing options field sets on the node form.
Easily configure Google reCAPTCHA v3 with a fallback challenge for enhanced security and user-friendly protection on your website.
The Profile module provides configurable user profiles.
Redirect the HTTP 403 error page to the Drupal /user/login page with an optional message that reads:
"Access denied! You must login to view this page."
Allow users to register using an email address. Users can then log-in using their email address and password for authentication.
As of Drupal 10.1.x-dev, this module is no longer needed and the "Block Content" core module's permissions can be used instead. See migration notes below.
This module provide single sign-on capability for your Drupal site by implementing the
Content Access allows you to manage permissions for content types by role and author. It allows you to specify custom view, edit and delete permissions for each content type. Optionally you can enable per content access settings, so you can customize the access for each content node.
The OpenID Connect module provides a pluggable client implementation for the OpenID Connect protocol.
The server implementation of the protocol is provided by Simple OAuth (OAuth2) & OpenID Connect or the OAuth2 Server modules.
What is OpenID Connect?
http://openid.net/connect:
OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.
What does the module do?
The module allows you to use an external OpenID Connect login provider to authenticate and log in users on your site. If a user signs in with a login provider for the first time on the website, a new Drupal user will be created.
Google for instance uses OpenID Connect to authenticate users across all of their services. Check out the OpenID Foundation's announcement of launching OpenID Connect.
What Is Username Enumeration Prevention
By default Drupal is very secure (especially Drupal 7). However, there is a way to exploit the system by using a technique called username enumeration. Both Drupal 6 and 7 have this issue, but it is much worse for people using Drupal 6. This is because Drupal 6 does not have any built in brute force prevention. When an attacker knows a username they can start a brute force attack to gain access with that user. To help prevent this, it is best if usernames on the system are not easy to find out.
Attackers can easily find usernames that exist by using the forgot password form and a technique called “username enumeration”. The attacker can enter a username that does not exist and they will get a response from Drupal saying so. All the attacker needs to do is keep trying usernames on this form until they find a valid user.
This module will stop this from happening. When the module is enabled, the error message will be replaced for the same message as a valid user and they will be redirected back to the login form. If the user does not exist, no password reset email will be sent, but the attacker will not know this is the case.
The Group module allows you to create arbitrary collections of your content and users on your site and grant access control permissions on those collections
This module allows site builders to set up fine-grained permissions for allowing "sub-admin" users to manage other users based on the target user\'s role.
Module description
Protected Pages modules allows the administrator to secure any page by password.
Lightweight Directory Access Protocol (LDAP) lets you:
RoleAssign specifically allows site administrators to further delegate the task of managing user's roles while withholding the Administer permissions permission.
The RealName module allows the administrator to choose fields from the user profile that will be used to add a "real name" element (method) to a user object. Hook_user is used to automatically add this to any user object that is loaded. It will also optionally set all nodes and comments to show this name.
Remove "Request new password" link from block and user page.
Pages
Early Bird Registration for DrupalCon Atlanta is now open! By registering during our Early Bird Registration window, you’ll save $100. This window ends on 19 January 2025 and will go by quickly, so don’t wait!
