By: Prem Tiwari | Last Updated: | In: Drupal, Drupal Beginners

1-) Password strength

A password policy can be defined with a set of constraints which must be met before a user password change will be accepted. Each constraint has a parameter allowing for the minimum number of valid conditions which must be met before the constraint is satisfied.

Example: An uppercase constraint (with a parameter of 2) and a digit constraint (with a parameter of 4) means that a user password must have at least 2 uppercase letters and at least 4 digits for it to be accepted.

2-) Flood control

This module is intended to add an administration interface for hidden flood control variables in Drupal 7, like the login attempt limiters and any future hidden variables.

3-) XFS (cross frame scripting)

This module provides various security-hardening options. This lets your mitigate the risks of exploitation of different web application vulnerabilities.

Cross-site Scripting

Content Security Policy implementation via –°ontent-Security-Policy (official name), X-Content-Security-Policy (Firefox and IE) and X-WebKit-CSP (Chrome and Safari) HTTP response headers (configuration page and reporting CSP violations to watchdog)
Control over Internet Explorer / Apple Safari / Google Chrome internal XSS filter via X-XSS-Protection HTTP response header

4-) Idle Session Timeout


This module provides a site administrator the ability to log users out after a specified time of inactivity.
It is highly customisable and includes “site policies” by role to enforce logout.


  • Different timeouts based on role
  • Disabling of timeouts based on role
  • Permission for users to set their own timeout
  • Includes some JS mechanisms to keep uses logged in even if multiple tabs are open or if the user is working on a form for a long period of time.
  • Includes developer hooks to allow users to remain logged in depending on your own project specific requirements
  • Optional integration with Javascript Timer

5-) Concurrent Sessions

By default, a session is created for each browser that a user uses to log in. This module will force the user to log out any extra sessions after they exceed the administrator-defined maximum.


  • On login, logout the oldest session without prompting (optional)
  • At login, prevent login if existing session exists elsewhere (optional)
  • Notify old session about disconnect
  • Configure any number of max allowed sessions
  • Configure session limiting exclusions by role
  • Configure session limiting exclusions by user
  • New user session prompted to select which session to disconnect
  • Implements hook on collision
  • Implements hook on disconnect
  • Implements triggers and compatible with rules
  • Integrates with token module
  • Disregard Masqueraded user sessions in max session counter (optional)

6-) Nagios monitoring

This module supports two ways of interacting with Nagios. NRPE or standard checking over HTTP. The NRPE approach is recommended, as it is far more secure. If you are using the http check method then be aware this module exposes the following information from your website.


  • PHP is parsing scripts and modules correctly (in case PHP gets disabled for some reason)
  • The database is accessible from Drupal
  • Whether there are configuration issues with the site, such as:
    • pending Drupal version update
    • pending Drupal module updates
    • unwritable ‘files’ directory
    • Pending updates to the database schema
    • Cron not running for a specified period
    • Anything else reported in the Administer -> Reports -> Status report (requirements)

7-) Secure connections (SSL)

A small and easy process which will redirect the required pages to a SSL version of the web pages.
This module makes sure that the user is running on a secure page when they create or edit content, view user details, or administer the site.

About: Prem Tiwari

Prem Tiwari is the founder of FreeWebMentor.com and also a professional developer who has vast experience in PHP and open source technologies. Apart from this, he is a blogger by hobby and also he has been a regular speaker of WordPress sessions in various IT Companies.

You may also like:

, , ,