About this page

emails user when their account logs in

specify where a user goes when they login

new table stores all logins

similar to Login History

limit the number of invalid login attempts before blocking accounts, or deny access by IP address, temporarily or permanently. Hacking notifications to admins, disable login error messages

It provides two factor authentication to users by way of the Time-based One-time Password Algorithm

This module gives users the ability to receive two factor authentication codes via SMS. This functionality compliments the TFA app integration of One Time Password.

Module creates short and secure links for one-time login. Each link has configurable expire date. Each link could be used only once.

Displays your Terms & Conditions to users who want to register, and requires that they accept the T&C before their registration is accepted.

If T&Cs are changed users with an existing account will be asked to accept the new version, and will not be able to log in until they have.

Terms & Conditions can be displayed as styled text, or in a scroll box.

The Agreement module allows the administrator to present a text-based agreement (think “Terms of Service”) that users of a particular role must accept before they are allowed to access the site. The agreement is presented to users right after login, and must be accepted before the user can navigate to another page. Users will still be able to access the homepage (<front>) and /logout without accepting the agreement; all other pages will redirect the user to the agreement acceptance form.

This module adds Terms of Use and a [x] I agree check box to the registration page.

The Entity Legal module provides a solid, versionable, exportable and flexible method of storing legal documents such as Terms and Conditions and Privacy Policies. Users can be forced or soft-suggested to re-read and re-accept legal documents when they change and a full audit trail of which user has accepted when is available.

The SMS Framework is a set of modules enabling interaction between Drupal and mobile users via SMS. The included API allows developers to add support for third party gateways, and integrate gateway-agnostic SMS features in your projects.

The SMS Framework allows you to:

• Send SMS messages using any supported gateway
• Collect, confirm, and store mobile information for Drupal users
• Send batch messages to Drupal users
• Allow users to send nodes or portions of nodes to mobile phones

This module provides base classes and functionality which other gateway plugin modules can extend to simplify creation of gateways.

This module provides integration to SMS Framework for the RouteSMS gateway. It allows the users of SMS Framework module to send SMS using RouteSMS as a gateway.

The rationale for this module is that many (or most) SMS gateway services use basic HTTP GET or POST requests, the only difference being the names of the HTTP parameters. This module allows the user to specify the parameter names for sending and receiving messages, so that they dont have to write a gateway module.

The SMS UI module provides a user interface for SMS Framework that allows users to send bulk messages to multiple recipients.

This module provides integration to SMS Framework for the AWS SNS gateway. It allows the users of SMS Framework module to send SMS using AWS SNS as a gateway.

encrypts password on form submission

forces password rules

Shows strength of password

Shows strength of password

This module allows administrators to force users, by role, individual user, or newly created user, to change their password on their next page load or login, and/or expire their passwords after a period of time.

This module allows users with “Administer users” permission to reset all user accounts and notify all users

Checks have i been pwned

This module provides a Drupal UI method for setting the user password reset link timeout variable

Configure a Content-Security-Policy header for your Drupal site.

adds HSTS headers to website

redirects users

Prevents Cross-Site Scripting, Cross-Site Request Forgery, ClickJacking, Supports SSL/HSTS, Implements headers

provides editable security.txt file

Use this module when you are running multiple Drupal sites from a single code base (multisite) and you need a different robots.txt file for each one. This module generates the robots.txt file dynamically and gives you the chance to edit it, on a per-site basis, from the web UI.

better login page, no real security enhancements

Site Audit is a Drupal static site analysis platform that generates reports with actionable best practice recommendations.

Honeypot uses both the honeypot and timestamp methods of deterring spam bots from completing forms on your Drupal site

Second-factor authentication for Drupal sites. Drupal provides authentication via something you know — a username and password while TFA module adds a second step of authentication with a check for something you have — such as a code sent to (or generated by) your mobile phone.

uses 3rd party service 2factor.in (indian service)

provides two factor authentication to users by way of the Time-based One-time Password Algorithm (google auth, authy, MS Authenticator, etc)

TFA email password reset

Login with a one time password that will be sent via email, sms or some other communication method.

The ExternalAuth module provides a generic service for logging in and registering users that are authenticated against an external site or service and storing the authentication details.

This module will allow you to add Time-based One-time Password Algorithm (also called “Two Step Authentication” or “Multi-Factor Authentication”) support to user logins. It works with Google’s Authenticator app system and support most (if not all) OATH based HOTP/TOTP systems.

SAML IDP 2.0 Single Sign On (SSO) – SAML Identity Provider module allows users residing in your Drupal site to login to your SAML 2.0 Compliant Service Provider. We support all known Service Providers that support SAML Authentication Like – Workplace by Facebook, Zendesk, Tableau, Owncloud, Inkling etc.

SAML 2.0 SP Single Sign On (SSO) – Service Provider allows users residing at a SAML 2.0 capable Identity Provider to login to your Drupal website. We support all known IdPs – Google Apps, ADFS, Azure AD, Okta, Salesforce, Centrify, Bitium, miniOrange IdP, OneLogin, SimpleSAMLphp, Shibboleth, Edugate, DUO, OpenAM, Ping, RSA, IBM, Oracle Access Manager, WSO2, Feide, SecureAuth, NetIQ Access Manager etc.

The SAML SP module allows Drupal to function as a Service Provider. This means that users can authenticate to Drupal (without a username or password) via a SAML IDP (Identity Provider) that has been pre-registered with Drupal.

Provides integration between Drupal and SimpleSAMLphp (https://simplesamlphp.org/) to provide an Identity Provider (IdP) for SAML service providers (SPs)

This module integrates Drupal with SimpleSAMLphp, the most robust and complete implementation of SAML in PHP. It makes it possible for Drupal to communicate with SAML or Shibboleth identity providers (IdP) for authenticating users. The resulting Drupal site can effectively act as a SAML or Shibboleth service provider (SP).

Single Sign On for Enterprises + Social Login + User/Passwords. For all your Drupal instances.
Powered by Auth0.

Session Limit allows administrators to limit the number of simultaneous sessions per user.

This module provides a site administrator the ability to log users out after a specified time of inactivity.

This will provide the users a simple notification of an upcoming session expiration, allowing them to renew their current session without losing any critical data due to unknown loss of session.

The Composer Security Manager module will check any installed Composer packages against using the SensioLabs Security Checker service (using their awesome connection library), and output a report similar to the core Update Manager report.

media image’s context gives a requirement to change the alt text for different situations.

The Data Policy module helps site owners or administrators with informing their users about which (personal) data is collected.

Next to providing functionality for informing users it also has the ability to add a data policy. It can be configured that users are prompted to accept the latest active data policy.

Courier is an API allowing modules to send messages to people via a channel of their preference. Steam + Slack + SMS

allows you to set forums private

This module provides a node access type api to allow restriction of access to paragraph items

A simple scheme based on taxonomy, roles and users controls which content is visible.

sets access

This module adds a set of global permissions for creating, viewing, moving, enabling, disabling and configuring blocks

There are times when you need to restrict the items users see without having completely separate menus.

This module allows site administrators to grant specific roles the authority to assign selected roles to users, without them needing the administer permissions permission.

Auto Purge Users lets administrators delete inactive users based on time conditions.

Looking at every aspect of all of your sites, from necessary upgrades and vulnerabilities, to individual modules. Presenting it in one, easy to read dashboard.

Warden aims to pull in status and security information from multiple sites into a single centralized dashboard. Simply add this module to the sites you want to include and configure them to send information to the accompanying Warden server which provides the dashboard application.

Google Analytics Reports module provides graphical reporting of your site’s tracking data. Graphical reports include small path-based report in blocks, and a full path-based report.

This project introduces a vendor independent framework for deeply monitoring Drupal and all its projects / modules. It provides a 360 degree perspective on Drupal system health, being a critical piece for true enterprise Drupal platforms.

This module tests, verifies and recommends system environment settings to speed up performance of Drupal sites.

This is a simple module to log Drupal role changes.

Adds audit logging (a.k.a. an audit trail) functionality to all entities, so you can easily track entity views, inserts, updates and deletes.

Audit files is designed to perform audits of your upload directory and the corresponding database records. It will cross check that all files in the database have a corresponding physical file, or it will check that all files in the upload directory have a corresponding entry in the database.

This module allows to log any configuration change in Drupal 8 (in your selected logging system).

Cryptolog enhances user privacy (and compliance with GDPR, CCPA, etc.) by logging ephemeral identifiers rather than actual client IP addresses in Drupal’s database tables and syslog.

Extends Core Database Logging module (dblog, formerly: watchdog) to allow conditional logging to the database.

Send log entries from Core Database Logging module (dblog, formerly: watchdog) by email at cron run.

Tiny module that let administrators define with more granularity the number of watchdog entries to keep in database.

Are you trying to store only the log messages that are required? Either it is Warnings, Notice, Php, Debug etc.

It adds paging options (Next, Previous) to the individual events view

enables you to search dblog records.

Entity log is used for tracking field changes on entities.

Error Log module adds the PHP error log as a logger implementation so additional log messages are sent to the error log. (not just critical ones)

This module track logs of specific events that you’d like to review.

This module implements an out-of-the-box events logging system with standard content entities and config entities.

The External logging (extlog) module monitors your system, capturing system events and sends them to a remote log server. Like dblog or syslog this module allows to record events containing usage and performance data, errors, warnings, and similar operational information.

This module complements the core Database Log module with a logger that writes events to a file.

This module integrates Drupal with the fantastic Monolog library by Seldaek to provide a better logging solution.

Log popups -The module is designed to help developers, informing them of the new entries in the log.

This module displays the syslog file located in the log folder. e.g: /var/log/syslog

Allows other information to be displayed for log events.

This module allows you to send warnings and more serious errors in the error log via email to a specified address. Optionally, every PHP entry can be sent, since this is definitely a problem on the site.

Adds buttons to watchdog entries. Very useful if you want to navigate to the next entry, because they are connected somehow.

This module will allow you to selectively delete watchdog entries based on criteria, like age

Flysystem is a filesystem abstraction which allows you to easily swap out a local filesystem for a remote one. Reducing technical debt and chance of vendor lock-in.

Provides an Amazon S3 plugin for Flysystem. Tested with Amazon S3 and Minio.

S3 File System (s3fs) provides an additional file system to your drupal site, which stores files in Amazon’s Simple Storage Service (S3) or any other S3-compatible storage service. You can set your site to use S3 File System as the default, or use it only for individual fields. This functionality is designed for sites which are load-balanced across multiple servers, as the mechanism used by Drupal’s default file systems is not viable under such a configuration.

purge unvalidated users, redirect users, return user to original page, rules integration

provides checks for basic security settings

This is a lightweight module that allows users to subscribe to periodic emails which include all new or revised content and/or comments of specific content types, much like the daily newsletters sent by some websites.

Some useful helpers to display info about the revision of your codebase on the site. It can be a git tag, git revision, date for last commit, or a combination of all.

The Field Report module creates a report page that lists all of the fields on the site, along with their label, description, field type, and what they are shared with, organized by entity type and bundle.

Add image optimization to Drupal through the use of the WebP image standard provided by Google. Instructions: https://dev.acquia.com/blog/webp-and-drupal

Alternate method of providing WebP Images

https://www.drupal.org/project/imageapi_optimize

+

https://www.drupal.org/project/imageapi_optimize_webp

The AMP module is designed to convert Drupal pages into pages that comply with the AMP standard.

https://www.drupal.org/project/amp_cts

https://www.drupal.org/project/simple_amp (alternate solution)

This module provides easy Content Delivery Network integration for Drupal sites. It changes file URLs, so that files (CSS, JS, images, fonts, videos …) are downloaded from a CDN instead of your web server.

It does not put your entire website behind a CDN.

Only Origin Pull CDNs are supported. These are CDNs that only require you to replace the domain name with another domain name. The CDN will then automatically fetch (pull) the files from your server (the origin). Nowadays pretty much every CDN is an Origin Pull CDN.

[DEV]: https://www.drupal.org/project/cdn_cloudfront_private

Provides integration with bLazy and or Intersection Observer API to lazy load and multi-serve images to save bandwidth and server requests. The user will have faster load times and save data usage if they don’t browse the whole page.

https://www.drupal.org/project/blazy_blurry_placeholder

https://www.drupal.org/project/image_lazy_loader

https://www.drupal.org/project/lazyloader

https://www.drupal.org/project/lazy