Primary tabs
Useful Drupal modules
Click on the module name for notes, comments, patches.
Recommendations (for and against) are my personal opinion only and may be out of date. Feel free to email with corrections/suggestions.
Why doesn't the table mention Drupal 9 or 10?
1. Nowadays, I try and use Drupal as little as possible. Specifically I do not recommend it for a new website. I'd also strongly caution you against choosing Drupal if you're at the beginning of your career and trying to learn web development (front / back / full stack) or just want to manage/maintain a website. More details why by email on request.
2. By February 2022 I'd updated all the sites I look after to Drupal 9 (experience: mixed). As of March 2023, a year later, none of them were fully ready for Drupal 10 (waiting on support for various modules). By 13 Nov 2023 (a week or two after D9 lost support) I had updated a couple of them.
Q: What's the Drupal 9 to 10 upgrade experience like? A: it's what I'd describe as "just bearable", slightly better than D8 to D9, though with plenty of things to still trip you up. There is still deprecated code that needs fixing in D10 modules, and policy changes mean odd things will break (be prepared to turn off Aggregate CSS/JS files if your themes stop working, and note that Drush launcher doesn't work with Drush 12...)
Admittedly the upgrade_status module is the best solution they could have come up with for tracking compatibility. Also watch out for a nasty session headers bug with redirect_after_login.
What about sites still running Drupal 7? In short I still recommend leaving them on Drupal 7 or moving to another platform entirely. My prediction was that Drupal will extend D7 support year after year (note that drupal.org itself is still running D7). It's now been confirmed as 5 Jan 2025. There will have to be some sort of third-party long term support, because of the sheer volume of sites that are not being upgraded.
Your decision is really what specifically you think you will gain from Drupal 8/9/10 - often the answer will be not enough, and one of the main hassles - apart from converting each content type one at a time, and setting up a new theme, will be recreating all your views by hand, as views can't be automatically upgraded.
(134 modules in list)| Name | D8 | Personally Tested | Last Updated Sort descending |
|---|---|---|---|
| Node Export (node_export) | ✖ | ✖ | |
|
Tto actually export node content. An 8.x version has begun development:
|
|||
| Config Ignore (config_ignore) | ✔ | ✔ | |
|
"Essential" Selectively ignore configuration entries during an import - e.g. site settings / the system.maintenance message. |
|||
| Role Delegation (role_delegation) | ✔ | ✔ | |
|
Ordinarily, if you grant a user "Administer Users", they can do everything *except* change the roles (they don't even see the checkboxes). You could give them 'Administer Permissions', but that also allows them to do other things. This module lets you set which roles they are allowed to enable for a user. Administrators still see the roles checkboxes in the usual place (below 'status' on /user/123/edit), but everyone gets a new 'Roles' tab. Works with D8 but not updated since April 2016. Patches: I'm not using any patches, but there are a couple RTBC-ed the queue.
|
|||
| Allowed Formats (allowed_formats) | ✔ | ✔ | |
|
"Essential" Control which text formats are available per field. (Often you'll want some fields to be simpler than others - e.g. you might want restrict everyone to a single format so they don't see a dropdown menu. You can hide the 'About text formats' link and the list of available HTML tags, again per field, in the Form Display tab using the widget icon. |
|||
| Permissions Filter (permissions_filter) | ✔ | ✔ | |
|
"Essential" The admin permissions page can get pretty long. This lets you narrow it down by typing permission names into a text field. |
|||
| Coder (coder) | ✔ | ✖ | |
|
Checks your code against Drupal coding standards. No need to install this - isn't actually a module, it's a set of phpcs rules installed as standard in /vendor/drupal/coder/coder_sniffer |
|||
| Field Permissions (field_permissions) | ✔ | ✔ | |
|
"Essential" Control editing/visibility of individual fields by role. As well as custom settings ('create own', 'edit own', 'view own', 'edit any' and 'view any' - all per role), there's a Private setting which gives access to the author and administrator only. These are automatically applied to views. Finding the setting: Look for Field visibility and permissions – on the Edit tab, NOT Field Settings. In /admin/people/permissions there's also a Access other users private fields permission. |
|||
| Real Name (realname) | ✔ | ✔ | |
|
Use tokens to merge first name, last name or any other fields. Note: you have to add code to substitute the default username in the title of user node views - e.g. in |
|||
| Refreshless (refreshless) | ✔ | ✖ | |
|
Only loads the parts of page that change when navigating between pages. Unclear if still being maintained (no updates since Sep 2016) - part of the issue is it requires a core patch. |
|||
| Snippet Manager (snippet_manager) | ✔ | ✔ | |
|
Snippets are Twig templates that can be managed using the UI. They can be inserted in various ways including via CKEditor, tokens. Support for HTML, CSS, JS, and variables. |
|||
| Feeds (feeds) | ✔ | ✖ | |
|
"Essential" As of Sep 2018, up to alpha3 in D8 (but not personally tested). Lets you import CSV/RSS etc. files and various other formats and map them to nodes/user/taxonomy terms, either one-off or periodically. |
|||
| Field Formatter Condition (fico) | ✔ | ✔ | |
|
(based on ffc which hasn't been ported to D8). Allows you to configure field display based on value. Adds a 'Conditions' pane to the cog in Manager Display of all entities (so content types but also comment types, e.g. if you have comments with multiple fields) Requires Display Suite (ds) Note: if you wanted to hide say a checkbox when it's value is false - you can do in it core with Manage Display - turn the label off then set (via cog wheel) the output format to Custom, and you can enter a value for true and leave false blank - exactly the same widget for boolean values you use when setting the output of a field in a view. |
|||
| Menu Token (menu_token) | ✔ | ✔ | |
|
Add tokens, such as a user ID, to text or URL paths of menu items. Be wary of this issue: Current-user:uid not correct |
|||
| Views exposed form layout (vefl) | ✔ | ✔ | |
|
Not recommended Layouts for exposed filters - i.e. you can move each filter into a region (supports Panels and Display Suite). When I tried this (Summer 2018) the D8 branch wasn't really there yet - you could only rearrange the basic filter components in D8 (like search term, submit button, reset button), not all the extra ones you've added. I went with using CSS (e.g. clear: both) instead. |
|||
| Entity Embed (entity_embed) | ✔ | ✔ | |
|
Lets you insert any entity type (supposedly) via the WYSIWYG editor, and like images you can set alignment etc. It creates a toolbar button that can be added to the toolbar configuration in 'Text formats and editors'. The strings needed can be pretty long - e.g. <drupal-entity data-embed-button="snippet" data-entity-embed-display="entity_reference:entity_reference_entity_id" data-entity-type="snippet" data-entity-uuid="216914ab-1bc2-4a73-975b-dc1de79e849a"></drupal-entity> |
|||
| Nagios (nagios) | ✔ | ✔ | |
|
Generate customisable Nagios reports for things like module updates, cron not running etc. The D8 version is now compatible with NRPE because there's a Drush command to generate the Nagios string. |
|||
| Contact Storage (contact_storage) | ✔ | ✔ | |
|
"Essential" Store all contact form messages in the database (as an entity), rather than just emailing them. Integrates with views, if you want a view of messages. Messages are accessible (can be edited or deleted) at /admin/structure/contact/messages. (May be useful considering From: address SPF/DMARC problem with contact forms, i.e. there may be cases where some emails aren't delivered.) |
|||
| Entity Access Audit (entity_access_audit) | ✔ | ✖ | |
|
This is a way of visualising - via grids of ticks and crosses - which roles have access to different operations on different entities. |
|||
| Trash (trash) | ✔ | ✖ | |
|
Adds a trash bin for all content, so you may later restore (or permanently delete) it. Depends on Content Moderation module. Alpha in D8. |
|||
| Field Tools (field_tools) | ✔ | ✔ | |
|
"Essential" Provides:
|
|||
| Pathologic (pathologic) | ✖ | ✔ | |
|
There's a D8 version but I've only tested D7. It's a filter that fixes incorrect paths in your content - e.g. if you have content with an old domain or IP address specified, you can redirect it. |
|||
| Paragraphs (paragraphs) | ✔ | ✔ | |
|
For those familiar with WordPress, this is the equivalent of the ACF repeater field. You can create paragraph types, which are collections of one or more fields, and the user can add as many of them as they like. So you could have distinct paragraph styles, e.g. with images aligned in a certain way, or a page consisting of parallax backgrounds etc. |
|||
| Mollom (mollom) | ✔ | ✖ | |
|
Deprecated Not recommended DO NOT USE - security issue and Acquia will no longer support or maintain it. Spam filtering SaaS from Acquia. Free for up to 50 "ham" messages a day. Scans message then provides a captcha if appropriate, scores each message for reputation, spam etc. I never tried this module and anecdotally I've seen mixed reports / people suggesting it's not all that good. |
|||
| Simple OAuth (simple_oauth) | ✔ | ✖ | |
|
An implementation of OAuth 2.0 Authorization Framework RFC - based on a PHP League package. |
|||
| View Migration (view_migration) | ✖ | ✔ | |
|
Not recommended Migrate views from D7 to D8. My experience of the YAML output has been: - incomplete (e.g. multiple missing displays in a complex view, views without a machine name) It doesn't look like there's much current development activity (likewise migrate_views, which is the other plugin people usually mention). |
|||
| Serial Field (serial) | ✔ | ✔ | |
|
"Essential" Creates a field with a serial number, so you can have the equivalent of a MySQL AUTO_INCREMENT field for a content type (if nodes are deleted the old serial number is not reused). Although this only has a dev branch which hasn't had updates since April 2016, it does work in D8. There's no direct migration path previous versions, but people have written their own migrations. Check issue queue for patches - including:
|
|||
| AJAX Comments (ajax_comments) | ✔ | ✔ | |
|
Not recommended Not very actively maintained and it can be quite buggy. Needs this patch: Reply button can be pressed multiple times, resulting in multiple comment forms I abandoned it for a project because the admin XHR response when you submit comments sends back comments you've already filtered out (I had written code to restrict visibility of certain comments). Also had a problem where the initial comment form was left in place rather than being replaced, so you ended up with duplicates. |
|||
| Address (address) | ✔ | ✔ | |
|
Used to be called addressfield. Adds one dependency - commerceguys/addressing. This is a bundle of address fields, the correct combinations are shown depending on which country the user selects via a dropdown. It validates postcodes are in the correct format. Also supports 'zones' (groups of countries/subdivisions) for shipping/tax purposes. |
|||
| Raven (raven) | ✔ | ✔ | |
|
"Essential" This module logs events and sends them to Sentry. Sentry is an open source application you can self-install, but also a free/paid SaaS version. For a content management framework as complex as Drupal it's worth logging errors. Tips:
|
|||
| Computed Field (computed_field) | ✔ | ✔ | |
|
Add a field whose value is calculated using raw PHP; specifically $value = 'foo'; (The recommendation is you write your PHP in a module of your own, and then call that method from the UI - for security and version control reasons). Note: value is only calculated when nodes are saved (i.e. will initially be empty for existing content). D8 status; alpha but working. |
|||
| Environment Indicator (environment_indicator) | ✔ | ✔ | |
|
"Essential" Change the colour of the admin menu according to whether you're using dev, staging, production etc. (You can also add 'switcher' menu links, e.g. Open in dev, Open in Prod). Notes: - need to reset the cache after you've made changes [#2406619] |
|||
| Password policy (password_policy) | ✔ | ✔ | |
|
Not recommended There are still quite a few bugs open. I dropped this for a project, partly because it adds a load of clutter with the 'resets' and reset dates. |
|||
| Layout builder (layout_builder) | ✔ | ✔ | |
|
Benefits:
Nov 2018: core, experimental in 8.6.x Installation:
By turning on Layout Builder, you switch from the standard Manage Display view (field, label, format/widget settings) and the layout builder GUI. Resources: Compatibility:
|
|||
| Webform Views Integration (webform_views) | ✔ | ✔ | |
|
"Essential" This module lets you add fields from submissions to view, and sort/filter the view on them, in the same way you would standard fields from the Field API. It's still alpha and not as polished/robust as the webform module itself - but it's certainly OK to use in production provided you test things first - check every combination of exposed filters works, and double check you aren't seeing duplicate rows (right now I've locked it to a recent commit on the dev-5.x branch, which doesn't need any patches). |
|||
| CKEditor Wordcount (ckwordcount) | ✔ | ✔ | |
|
Adds word/character/paragraph count to the CKEditor status bar (can optionally enforce a word/character limit) Configured via Text formats and Editors (/admin/config/content/formats). Requires the ckeditor wordcount library - example composer.json for that (put this in your 'repositories' section):
"ckeditor.wordcount": {
"type": "package",
"package": {
"name": "ckeditor/wordcount",
"version": "1.17.4",
"type": "drupal-library",
"extra": {
"installer-name": "wordcount"
},
"dist": {
"url": "https://download.ckeditor.com/wordcount/releases/wordcount_1.17.4.zip",
"type": "zip"
},
"require": {
"composer/installers": "~1.0"
}
}
},
and then require: "ckeditor/wordcount": "1.17.4", Patch needed: https://www.drupal.org/files/issues/2018-12-06/ckwordcount_plugin_path_2850845-9.patch (to ensure modules gives browser correct path of plugin.js - if your ckeditor input disappears, check console.log and it's probably that) The notification module is a dependency. |
|||
| CKEditor Custom Config (ckeditor_config) | ✔ | ✖ | |
|
I've not actually used this but I adapted it's code to enforce a configuration setting (I wanted to remove the HTML dom elements that are shown in the status bar). The module allows you to supply your configuration using the UI. |
|||
| Configuration Read-only (config_readonly) | ✔ | ✔ | |
|
Lock all configuration changes via the admin UI - e.g. if you need to lockdown a production environment. config_readonly now has a whitelist, added via an array in settings.php. |
|||
| Comment Notify (comment_notify) | ✔ | ✔ | |
|
"Essential" Allows users to receive emails for replies to their comments (or optionally for all comments on a node). Can be toggled by content type (although not by comment type, if you have more than one comment entity). In permissions, you can also control which roles can subscribe. Can also set it so the author of a node also automatically gets emailed for every comment. I'm using three patches:
I also have a site which uses two comment types; I wrote a patch to turn off the notification checkbox for one of them. |
|||
| Automatic User Names (auto_username) | ✔ | ✔ | |
|
"Essential" Removes the 'Username' field from registration form. Use in conjunction with a module that allows users to login with their email address. Patches:
|
|||
| Mydropwizard (mydropwizard) | ✖ | ✔ | |
|
"Essential" If you have a Drupal 6 site, this modifies your Available Updates page (/admin/reports/updates) with direct download and release note links to all the D6 LTS (Drupal 6 Long Term Support) releases. |
|||
| Captcha (captcha) | ✔ | ✔ | |
|
"Essential" Framework for using (many) different types of captchas on forms such as user_registration. Tested with D7. |
|||
| User restrictions (user_restrictions) | ✔ | ✔ | |
|
"Essential" Block registrations (wildcards on email address and username) Useful if you're getting persistent spam registrations from certain domains. Tested with D7. This used to be in core in D6. |
|||
| Spambot (spambot) | ✔ | ✔ | |
|
"Essential" Scans email addresses/usernames/IP addresses against the stopforumspam.com database and then blocks or deletes the accounts. Tested with D7. |
|||
| Administration Views (admin_views) | ✖ | ✔ | |
|
"Essential" D7 only (as this is in D8 core as standard). Converts /admin/people into a fully-fledged configurable view (i.e. fields, filters, exposed filters, header/footer, pagination settings etc.) (Dependency: views_bulk_operations) |
|||
| Views taxonomy term name into ID (views_taxonomy_term_name_into_id) | ✔ | ✔ | |
|
Allows you to use /my-view/foo instead of /my-view/123 when adding a contextual filter based on taxonomy terms |
|||
| Views infinite scroll (views_infinite_scroll) | ✔ | ✔ | |
|
|||
| Add another (addanother) | ✔ | ✔ | |
|
"Essential" For this to work for any content type after you activate it, you have to manually edit and save that content type's settings, otherwise the buttons will be missing. |
|||
| Toolbar menu (toolbar_menu) | ✔ | ✔ | |
|
"Essential" Add extra menus (which appear as cog icons with a title, which you can click and expand) to the admin toolbar at the top of your site. |
|||
| Content access (content_access) | ✔ | ✔ | |
|
"Essential" Set permissions by content type (with the option of overriding node by node) |
|||
| Login email or username (login_emailusername) | ✔ | ✔ | |
|
"Essential" Self-explanatory. |
|||