Join the open source coding forum

Drupal 7 modules to increase the security

I run an internet forum which I build with the Drupal 7 cms. Now with increasing number of new visitors, I am afraid that hackers will get access to the system. Thats why I am searching for Drupal 7 modules which increase the security of the drupal 7 cms. Can anybody help me there?

shah's picture

Use the following modules for security

Vote the answer: 
4
Average: 4 (1 vote)

The following modules may help you for your site's security-

  • Generate Password - makes the password field hidden at creating new user page. The system generates passwords if no password is set while registering. 
  • Login Security - lets you keep the unsuccessful attempt of login by setting actions while the margin is crossed. Thus it may notify admins when a probable attack is about to happen. It confines the login attempt by temporary or permanent blockade of IP.
  • SpamSpan filter - prevent bots to collect email addresses from your site. It hides the email addresses in disguise. It may require Javascript enabled.
  1. Security Kit - lets you alleviate security hazards may come from different web applications. It secures cross-site scripting, cross-site request forgery, clickjacking, and SSL/TLS. Clickjacking let you manipulate the implementation of X-Frame-Options HTTP response header and Javascript which comes along with CSS and NoScript protection and customized text to disable the JavaScript message. SSL/TLS let you prevent the role of middle users and possibly control the potential security threats and also handles the implementation of HSTS(HTTP Strict Transport Security) response header. Cross-site Request Forgery manages the Origin HTTP request header. Cross-site Scripting secures the content policies managing browser reports.
  • Security review – gives you a summarizes the easy mistakes when using Drupal and checks for database errors, logins errors,  password error like username input as passwords. It checks the security of personal files, lets you avoid uncovering personal information, vast database and login errors, protects arbitrary code execution and phishing attempts.
  • Password Policy - lets you restricts passwords by defining password rules.
  • Update Manager - checks the availability of new versions of site’s software and alerts you.
Rafsan's picture

I want to add these modules in the list

Vote the answer: 
0
No votes yet

The modules stated above are great tools to increase the security of your Drupal site. I found these modules worth mentioning for the same purpose. Have a look-

ACL – lets other modules create user lists and give them access to different nodes. It comes with no UI(User Interface) and only provides Application Programming Interface (API) to other modules.
 
Content Access – lets you apply a rule about which author can view which contents. You can edit existing permissions for different content. It operates on ACL module.
 
Oauth - provides strict server resources access by advance authorization process. It has multi-level (two or three level) user identification procedure.
 
Taxonomy Access Control - lets you automate control user's access to specific nodes like the view, delete.
 
LDAP(Lightweight Directory Access Protocol) - allows you to integrate users access authorization for specific views and contents.
Menu Admin per Menu - lets you allow access for selected users to manage links(primary and secondary) but not to the menu admin. As, Drupal lets you modify and/or change(editing, deleting) only to the users with administrative privileges.
 
Search Configuration - changes the appearances of the search form. It creates clusters of similar contents and provides more logical results. You can configure on the basis of the role of any user but doesn’t restrict any conditions for the users with administrative privileges. So, users will get the search results on the basis of their role.
 
CAPTCHA & reCAPTCHA – are modules which you can use let users prove they’re human. You can use them when users try to comment or submit something. These modules harden access for the bots to access your site.