Primary tabs
Useful Drupal modules
Click on the module name for notes, comments, patches.
Recommendations (for and against) are my personal opinion only and may be out of date. Feel free to email with corrections/suggestions.
Why doesn't the table mention Drupal 9 or 10?
1. Nowadays, I try and use Drupal as little as possible. Specifically I do not recommend it for a new website. I'd also strongly caution you against choosing Drupal if you're at the beginning of your career and trying to learn web development (front / back / full stack) or just want to manage/maintain a website. More details why by email on request.
2. By February 2022 I'd updated all the sites I look after to Drupal 9 (experience: mixed). As of March 2023, a year later, none of them were fully ready for Drupal 10 (waiting on support for various modules). By 13 Nov 2023 (a week or two after D9 lost support) I had updated a couple of them.
Q: What's the Drupal 9 to 10 upgrade experience like? A: it's what I'd describe as "just bearable", slightly better than D8 to D9, though with plenty of things to still trip you up. There is still deprecated code that needs fixing in D10 modules, and policy changes mean odd things will break (be prepared to turn off Aggregate CSS/JS files if your themes stop working, and note that Drush launcher doesn't work with Drush 12...)
Admittedly the upgrade_status module is the best solution they could have come up with for tracking compatibility. Also watch out for a nasty session headers bug with redirect_after_login.
What about sites still running Drupal 7? In short I still recommend leaving them on Drupal 7 or moving to another platform entirely. My prediction was that Drupal will extend D7 support year after year (note that drupal.org itself is still running D7). It's now been confirmed as 5 Jan 2025. There will have to be some sort of third-party long term support, because of the sheer volume of sites that are not being upgraded.
Your decision is really what specifically you think you will gain from Drupal 8/9/10 - often the answer will be not enough, and one of the main hassles - apart from converting each content type one at a time, and setting up a new theme, will be recreating all your views by hand, as views can't be automatically upgraded.
(134 modules in list)| Name | D8 | Personally Tested Sort descending | Last Updated |
|---|---|---|---|
| Trash (trash) | ✔ | ✖ | |
|
Adds a trash bin for all content, so you may later restore (or permanently delete) it. Depends on Content Moderation module. Alpha in D8. |
|||
| CKEditor Custom Config (ckeditor_config) | ✔ | ✖ | |
|
I've not actually used this but I adapted it's code to enforce a configuration setting (I wanted to remove the HTML dom elements that are shown in the status bar). The module allows you to supply your configuration using the UI. |
|||
| Node Export (node_export) | ✖ | ✖ | |
|
Tto actually export node content. An 8.x version has begun development:
|
|||
| Twig Extensions (twig_extensions) | ✔ | ✖ | |
|
Text filters, array and date manipulation. (haven't tried this yet) |
|||
| Restrict Login or Role Access by IP Address (restrict_by_ip) | ✖ | ✖ | |
|
Can specify single IP address or ranges. Two modes: restrict login, so they can only login from certain IPs, and restrict role, so they can login from anywhere but only access a role's permissions from the defined IPs. There's a D8 dev branch, last updated June 2016. |
|||
| Entity Access Audit (entity_access_audit) | ✔ | ✖ | |
|
This is a way of visualising - via grids of ticks and crosses - which roles have access to different operations on different entities. |
|||
| Group (group) | ✔ | ✖ | |
|
Alternative to the Organic Groups module. Allows you to create groups - e.g. classes, subscriptions, multiple communities. Drupal module of the week post. Blog post. It is by all accounts solidly written, but I found the initial UI confusing (in a "so what do I do now?" way) - you probably need to watch the YouTube video to understand it. |
|||
| Features (features) | ✔ | ✖ | |
|
Not recommended Update: most people are now moving away from features. There is a Configuration Management initiative under discussion in Drupal 8. Package up selected configuration for "features" (e.g. a blog or a photo gallery etc.) for reuse on other sites. Not the same as the new D8 Config sync, which is for exchanging configs between different environments of the same site and requires a cloned DB sharing the same UUIDs. |
|||
| Simple OAuth (simple_oauth) | ✔ | ✖ | |
|
An implementation of OAuth 2.0 Authorization Framework RFC - based on a PHP League package. |
|||
| AddToAny Share Buttons (addtoany) | ✔ | ✖ | |
|
Nice, clean, SVG sharing buttons. Project page says it's specifically optimised for Drupal. |
|||
| Autofocus (focus) | ✖ | ✖ | |
|
Autofocuses the first field of form (forms can be specified). No sign of a D8 port. |
|||
| Image Lazyloader (lazyloader) | ✔ | ✖ | |
|
Images are hidden until they scroll into view. Can specify distance before loading is triggered, also placeholder image, loading GIF and any pages to be excluded. There's been some Drupal 8 development but unclear how complete it is. |
|||
| Autosave (autosave) | ✖ | ✖ | |
|
Saves snapshot of content type form using AJAX. Content types and save frequency can be configured. No sign of a D8 port yet. |
|||
| Automatic Nodetitles (auto_nodetitle) | ✖ | ✖ | |
|
You can hide a node's title field (for reference, every node has to have a title) and generate it automatically, similar to pathauto. No-one's porting this to D8 yet. |
|||
| Datetime Range (datetime_range) | ✔ | ✖ | |
|
"Essential" Now in core, but you need to enable it. Adds an 'all-day' option. |
|||
| Twig Tweak (twig_tweak) | ✔ | ✖ | |
|
Adds Twig syntax to insert views, view results, regions, entities (e.g. nodes, blocks, webforms), menus, images, image styles, tokens, breadcrumbs, messages, contextual links and more. |
|||
| Mollom (mollom) | ✔ | ✖ | |
|
Deprecated Not recommended DO NOT USE - security issue and Acquia will no longer support or maintain it. Spam filtering SaaS from Acquia. Free for up to 50 "ham" messages a day. Scans message then provides a captcha if appropriate, scores each message for reputation, spam etc. I never tried this module and anecdotally I've seen mixed reports / people suggesting it's not all that good. |
|||
| Coder (coder) | ✔ | ✖ | |
|
Checks your code against Drupal coding standards. No need to install this - isn't actually a module, it's a set of phpcs rules installed as standard in /vendor/drupal/coder/coder_sniffer |
|||
| Block Visibility Groups (block_visibility_groups) | ✔ | ✖ | |
|
Rather than change visibility for individual blocks, you can group them together and assign complex visibility settings to all of them. Module page promotes it as a simpler alternative to Panels. |
|||
| Flood Control (flood_control) | ✖ | ✖ | |
|
Protect against brute-force login attacks. Unclear what's happening with porting of this. |
|||
| Feeds (feeds) | ✔ | ✖ | |
|
"Essential" As of Sep 2018, up to alpha3 in D8 (but not personally tested). Lets you import CSV/RSS etc. files and various other formats and map them to nodes/user/taxonomy terms, either one-off or periodically. |
|||
| Alexa (alexa) | ✔ | ✖ | |
|
Integrates with Amazon Echo. Allows Drupal to respond to Alexa skills requests. See Dries' blog with video demo. |
|||
| Field collection (field_collection) | ✔ | ✖ | |
|
Allows you to group a set of fields together. In active development for D8 but still a lot of open bugs at time of writing - project page says it will likely be replaced by Paragraphs. |
|||
| Refreshless (refreshless) | ✔ | ✖ | |
|
Only loads the parts of page that change when navigating between pages. Unclear if still being maintained (no updates since Sep 2016) - part of the issue is it requires a core patch. |
|||
| TagCloud (tagclouds) | ✔ | ✔ | |
|
Provides a block with a tag cloud of chosen taxonomy term. Works but a bit buggy, e.g. UI taxonomy setting reverts to 'tags'. Requires clearing the cache to update (including changing any settings). Choice of numbers after each tag to indicate quality, or 'wordcloud' style with varying sizes (will need you to modify your CSS to add some spacing between words). |
|||
| Advanced Page Expiration (ape) | ✔ | ✔ | |
|
Not recommended I would avoid this. The idea is you enter URL paths with wildcards and override the cache expiration. I was unable to get it to work properly for pages (settings on config under Development > Performance) Also, re: caching images, those are files being served directly by Apache or Nginx, not via the Drupal front-controller, so caching settings need to be configured there. |
|||
| Views Secondary Row (views_secondary_row) | ✔ | ✔ | |
|
"Essential" For Views that use Table format. Adds a row underneath each record - you change the format from 'table' to the 'secondary row' option, you get an extra select dropdown in the table *settings*, and you can also specify colspan. This does mean the label will be missing by default (you won't have a column header any more) - so you need to edit the field and tick rewrite output, and then specify your desired label, followed by the field value in Twig. |
|||
| Pathologic (pathologic) | ✖ | ✔ | |
|
There's a D8 version but I've only tested D7. It's a filter that fixes incorrect paths in your content - e.g. if you have content with an old domain or IP address specified, you can redirect it. |
|||
| Views exposed form layout (vefl) | ✔ | ✔ | |
|
Not recommended Layouts for exposed filters - i.e. you can move each filter into a region (supports Panels and Display Suite). When I tried this (Summer 2018) the D8 branch wasn't really there yet - you could only rearrange the basic filter components in D8 (like search term, submit button, reset button), not all the extra ones you've added. I went with using CSS (e.g. clear: both) instead. |
|||
| Honeypot (honeypot) | ✔ | ✔ | |
|
"Essential" Adds spam prevention to forms (you can select which, including user registration and contact). Recommended settings: - turn logging on (look for entries of type = honeypot in /admin/reports/dblog |
|||
| Ngrok for drupal (ngrok_drupal) | ✔ | ✔ | |
|
Sets the cookie domain correctly if you're using ngrok. Use this if you have an Ngrok secure tunnel - e.g. if you are testing a Stripe Apple Pay integration (needs to run with a valid, publicly accessible SSH domain) |
|||
| Redirect after login (redirect_after_login) | ✔ | ✔ | |
|
"Essential" Sends users (depending on their role) to another page, rather than their profile, immediately after logging in. There's a bug (patch available, fortunately) with this which will break session cookies in Drupal 9, and upgrade_status doesn't warn you about it. |
|||
| Exclude Node Title (exclude_node_title) | ✔ | ✔ | |
|
There are situations where you will want to hide a node title - e.g. if you have a view and insert an image field that's an entity reference to another content type. Module allows you to hide titles by content type or view mode and for all nodes or just a custom selection. Beta in D8. |
|||
| Twig Xdebug (twig_xdebug) | ✔ | ✔ | |
|
Use Xdebug breakpoints in Twig templates - |
|||
| Redirect (redirect) | ✔ | ✔ | |
|
"Essential" Add redirects, including specifying from the full range of HTTP codes (e.g 307 Temporary). Won't let you redirect from the homepage, use Config > Basic Site Settings for that. |
|||
| Webform (webform) | ✔ | ✔ | |
|
"Essential" One of the best maintained contrib modules. Main benefits: nicely presented forms with powerful conditional logic, YAML configuration, flexible user permissions, very clean data storage, secure. Codebase is also very much written "the Drupal way". I'm currently using this patch to avoid AJAX errors - it's only necessary where you've both enabled Automatically save as draft when paging, previewing, and when there are validation errors, and are using a confirmation type like inline, that still uses AJAX to submit the form when there are no validation errors. Troubleshooting install of webform external libraries: (Jan 2020) Follow these instructions: https://www.drupal.org/node/3003140 If you get a composer SSL error, follow these instructions. (specifically, you need to set |
|||
| SMTP Authentication Support (smtp) | ✔ | ✔ | |
|
"Essential" Send mail to a remote SMTP server (e.g. a transactional email provider like Postmark). You should put your authentication details in settings.php, rather than files you commit to the repo, for security. To get this to work - it was sending tests but nothing else - it seemed I needed to switch to a commit on the dev branch:
(note to self: see SM notes) |
|||
| Entity Embed (entity_embed) | ✔ | ✔ | |
|
Lets you insert any entity type (supposedly) via the WYSIWYG editor, and like images you can set alignment etc. It creates a toolbar button that can be added to the toolbar configuration in 'Text formats and editors'. The strings needed can be pretty long - e.g. <drupal-entity data-embed-button="snippet" data-entity-embed-display="entity_reference:entity_reference_entity_id" data-entity-type="snippet" data-entity-uuid="216914ab-1bc2-4a73-975b-dc1de79e849a"></drupal-entity> |
|||
| Twig VarDumper (twig_vardumper) | ✔ | ✔ | |
|
"Essential" Much faster than using kint, with colour coding, and still works nicely within narrow DOM elements. Enabling twig debugging in the first place: Also make sure you've activated twig debugging properly (including enabling the settings.local.php file in settings.php, and adding the debug setting to development.services.yml) Usage Tip: - Hover over the keys and you get a tooltip that says 'Public method','Protected property' etc. |
|||
| Node access user reference (nodeaccess_userreference) | ✖ | ✔ | |
|
"Essential" Allows you to use an entity reference field on a node to allow (or deny) access to that node to the users you have selected. Extremely useful for giving selected people access. This isn't available in D8 or above (though it ought to be) - there's a note in the issue queue about it. #2655426 |
|||
| Flippy (flippy) | ✔ | ✔ | |
|
Add Next/previous links to node view for specific content types - e.g. image gallery. Powerful - supports: next/last, random link, you can specify exact text used etc. Currently a dev version in D8. Setup: activate for a content type in the 'Edit' tab (NOT manage display). Once Flippy is active, Manage Display tab will have a pager field so you can reposition the links relative to other fields on the page (e.g. above or below image). |
|||
| Prepopulate (prepopulate) | ✔ | ✔ | |
|
Allows you to prefill form fields by supplying values in a query string. Syntax (also in readme) Useful for bookmarklets. D8 alpha version. |
|||
| Token (token) | ✔ | ✔ | |
|
"Essential" Adds a user interface for browsing tokens (the tags you can insert into various fields). |
|||
| General Data Protection Regulation (gdpr) | ✔ | ✔ | |
|
Not recommended Couldn't install either alpha branch (8.1 or 8.2on Debian Stretch (9.5) wants php7.1-zip which doesn't seem to be available. |
|||
| Nagios (nagios) | ✔ | ✔ | |
|
Generate customisable Nagios reports for things like module updates, cron not running etc. The D8 version is now compatible with NRPE because there's a Drush command to generate the Nagios string. |
|||
| Mydropwizard (mydropwizard) | ✖ | ✔ | |
|
"Essential" If you have a Drupal 6 site, this modifies your Available Updates page (/admin/reports/updates) with direct download and release note links to all the D6 LTS (Drupal 6 Long Term Support) releases. |
|||
| Custom Add Another (custom_add_another) | ✔ | ✔ | |
|
"Essential" The default button text for 'unlimited' fields where you can add multiple items is "Add another item". You might want to change this. This module lets you do it per field bundle - there are a couple of text options (for add and remove) added to the field edit screen. NB: this is not the 'Save and add another' button for an entire content type, just the one that handles the javascript for individual fields with multiple entries. |
|||
| Warden (warden) | ✔ | ✔ | |
|
A fork of the System Status module, but with a Symfony app for you to install to act as a server, rather than using a paid third-party service. Monitor core/module update status of multiple Drupal sites. If you're familiar with Nagios and NRPE, it's a little bit like that, but for Drupal modules, and more lightweight. Note the server uses MongoDB, so you need to install that, plus the PHP extension, and it communicates with a public key-pair, though it should set that up itself. |
|||
| Field Tools (field_tools) | ✔ | ✔ | |
|
"Essential" Provides:
|
|||
| CSS Editor (css_editor) | ✔ | ✔ | |
|
"Essential" If you only need a small amount of CSS, or want users to be able to directly edit it through the admin UI rather than creating a theme or module. Caveat: doesn't work for admin themes (at least on D7) |
|||