Contributed modules for Securing your Site

Among the thousands of modules on there are over 100 in the security category. Unfortunately some of those are abandoned or inaccurately tagged. We've looked at every module and compiled this resource to help you understand the security-related community modules available. Not all modules provide security exactly, some are about hardening your site against weaknesses and others are about monitoring and reporting abuses.

This list will stay up-to-date as new modules are added and we will be expanding it for usefulness and to include our assessment of each module's capabilities.

Login and session



  • PassWindow
    • Two-step authentication via visual decoding with physical card
  • OpenID
    • Authentication via OpenID service (in core Drupal 6)
  • Swekey
    • Two-step authentication using USB key
  • Windows Live ID
    • Authentication via Windows Live
  • YubiKey
    • Two-step authentication using USB key


Secure communications

Anti-spam and protection


Password change confirmation

Password change confirmation module:

Forces you to enter your current password when editing your user account page (user/your-uid/edit/*). Helps prevent any kind of XSS admin account attack.

Thanks Dave, great catch! I

Thanks Dave, great catch! I hope to spend some time trying to get into core because of exactly what you say, it helps prevent an XSS attack changing the uid 1 password.

Encryption of database

A recommended best practice for Data Security in the context of EU Data Protection law compliance is that sensitive data (e.g. information about medical conditions, political beliefs etc) should be encrypted in databases. So basically data input on forms needs to (ideally) be stored in an encrypted form within the database.

This basically mitigates the risk to the data owner (the site owner) of personal data being disclosed if their database is compromised (e.g. an attack on a shared hosting environment or any other attack vector which allows a data export to be run on the database).

Any suggestions for modules which might support this kind of requirement?

Encrypt Submissions appears to meet the requirement (based on my reading) but I'd appreciate an insight on any other modules that might exist to meet this kind of requirement.

I don't know of any modules

I don't know of any modules that do that.

The closest I know is Creating a Sanitized Database which will help when sharing the database with developers or other folks.