Useful Drupal modules

Click on the module name for notes, comments, patches.
Recommendations (for and against) are my personal opinion only and may be out of date. Feel free to email with corrections/suggestions.

Displaying 1 - 50 of 106
Module name or machine name
Any text in the notes
Name D8 Personally Tested Sort descending Last Updated
Alexa (alexa) 2017-02-06

d.o. page

Integrates with Amazon Echo. Allows Drupal to respond to Alexa skills requests.  See Dries' blog with video demo.

Field collection (field_collection) 2017-02-08

d.o. page

Allows you to group a set of fields together.  In active development for D8 but still a lot of open bugs at time of writing - project page says it will likely be replaced by Paragraphs.

Refreshless (refreshless) 2018-11-21

d.o. page

Only loads the parts of page that change when navigating between pages.

Unclear if still being maintained (no updates since Sep 2016) - part of the issue is it requires a core patch.

Trash (trash) 2018-11-22

d.o. page

Adds a trash bin for all content, so you may later restore (or permanently delete) it.  Depends on Content Moderation module.  Alpha in D8.

CKEditor Custom Config (ckeditor_config) 2018-12-06

d.o. page

I've not actually used this but I adapted it's code to enforce a configuration setting (I wanted to remove the HTML dom elements that are shown in the status bar).

The module allows you to supply your configuration using the UI.

Node Export (node_export) 2018-11-20

d.o. page

Tto actually export node content. An 8.x version has begun development:

composer require 'drupal/node_export:1.x-dev'

Restrict Login or Role Access by IP Address (restrict_by_ip) 2017-02-08

d.o. page

Can specify single IP address or ranges. Two modes: restrict login, so they can only login from certain IPs, and restrict role, so they can login from anywhere but only access a role's permissions from the defined IPs. There's a D8 dev branch, last updated June 2016.

Entity Access Audit (entity_access_audit) 2018-11-22

d.o. page

This is a way of visualising - via grids of ticks and crosses - which roles have access to different operations on different entities.

Introductory blog post

Group (group) 2017-02-07

d.o. page

Alternative to the Organic Groups module. Allows you to create groups - e.g. classes, subscriptions, multiple communities.  Drupal module of the week post. Blog post.  It is by all accounts solidly written, but I found the initial UI confusing (in a "so what do I do now?" way) - you probably need to watch the YouTube video to understand it.

Features (features) 2018-09-17

d.o. page

Not recommended

Update: most people are now moving away from features. There is a Configuration Management initiative under discussion in Drupal 8.

Package up selected configuration for "features" (e.g. a blog or a photo gallery etc.) for reuse on other sites.  Not the same as the new D8 Config sync, which is for exchanging configs between different environments of the same site and requires a cloned DB sharing the same UUIDs.

Simple OAuth (simple_oauth) 2018-11-22

d.o. page

An implementation of  OAuth 2.0 Authorization Framework RFC - based on a PHP League package.

AddToAny Share Buttons (addtoany) 2017-02-07

d.o. page

Nice, clean, SVG sharing buttons. Project page says it's specifically optimised for Drupal.

Autofocus (focus) 2017-02-08

d.o. page

Autofocuses the first field of form (forms can be specified).  No sign of a D8 port.

Image Lazyloader (lazyloader) 2017-02-27

d.o. page

Images are hidden until they scroll into view.  Can specify distance before loading is triggered, also placeholder image, loading GIF and any pages to be excluded.  There's been some Drupal 8 development but unclear how complete it is.

Autosave (autosave) 2017-02-08

d.o. page

Saves snapshot of content type form using AJAX.  Content types and save frequency can be configured.  No sign of a D8 port yet.

Automatic Nodetitles (auto_nodetitle) 2017-02-07

d.o. page

You can hide a node's title field (for reference, every node has to have a title) and generate it automatically, similar to pathauto.  No-one's porting this to D8 yet.

Datetime Range (datetime_range) 2018-11-19

d.o. page

"Essential"

Now in core, but you need to enable it.

Adds an 'all-day' option.

Field group (field_group) 2018-11-20

d.o. page

Add group' button to /admin/config/people/accounts/form-display (or any other form), can then group fields inside fieldset/other HTML wrappers.  

Types of groups:

  • Fieldsets
  • Horizontal tabs
  • Vertical tabs
  • Details
  • Accordions
  • Divs
  • HTML elements

In theory can use this to add <div>s with css styles such as flexbox, like webform uses, but CSS to support that needs to be present on the page.
 

Mollom (mollom) 2018-11-22

d.o. page

Deprecated

Not recommended

DO NOT USE - security issue and Acquia will no longer support or maintain it.

Spam filtering SaaS from Acquia. Free for up to 50 "ham" messages a day.  Scans message then provides a captcha if appropriate, scores each message for reputation, spam etc.  I never tried this module and anecdotally I've seen mixed reports / people suggesting it's not all that good.

Coder (coder) 2018-11-21

d.o. page

Checks your code against Drupal coding standards.

No need to install this - isn't actually a module, it's a set of phpcs rules installed as standard in /vendor/drupal/coder/coder_sniffer

Block Visibility Groups (block_visibility_groups) 2017-02-08

d.o. page

Rather than change visibility for individual blocks, you can group them together and assign complex visibility settings to all of them. Module page promotes it as a simpler alternative to Panels.

Flood Control (flood_control) 2017-02-08

d.o. page

Protect against brute-force login attacks. Unclear what's happening with porting of this.

Feeds (feeds) 2018-11-21

d.o. page

"Essential"

As of Sep 2018, up to alpha3 in D8 (but not personally tested).

Lets you import CSV/RSS etc.  files and various other formats and map them to nodes/user/taxonomy terms, either one-off or periodically.

Configuration Read-only (config_readonly) 2018-12-07

d.o. page

Lock all configuration changes via the admin UI - e.g. if you need to lockdown a production environment.

config_readonly now has a whitelist, added via an array in settings.php.

Password policy (password_policy) 2018-11-26

d.o. page

Not recommended

There are still quite a few bugs open. I dropped this for a project, partly because it adds a load of clutter with the 'resets' and reset dates.
The minimum password policy in Drupal is already 12 characters anyway (and one issue is changing the minimum length doesn't change the help text.) 
You need to enable the submodules to use the various constraints:
drush pm:list | grep 'password_policy_'
Admin users see password policy stuff on the user profile page.
You need to set password reset days to 0 if you don't want to enforce a reset policy.
Policies can be applied by role.  
You get a generic warning about the password 'not matching the password policy'. Suggest using string overrides to change the "To change the current user password, enter the new password in both fields." message users see.
Instructions: add/edit the policy, click next, choose constraint then click 'Configure constraint settings' otherwise you won't be able to change anything.
It also lets you do a forced reset by role.

Automatic Entity Label (auto_entitylabel) 2018-11-20

d.o. page

"Essential"

Hide entity labels (i.e. titles) or auto-generate them. (Works for anything - nodes, comments, taxonomies).

Field Formatter Condition (fico) 2018-11-21

d.o. page

(based on ffc which hasn't been ported to D8).  

Allows you to configure field display based on value.  Adds a 'Conditions' pane to the cog in Manager Display of all entities (so content types but also comment types, e.g. if you have comments with multiple fields)

Requires Display Suite (ds)

Note: if you wanted to hide say a checkbox when it's value is false - you can do in it core with Manage Display - turn the label off then set (via cog wheel) the output format to Custom, and you can enter a value for true and leave false blank - exactly the same widget for boolean values you use when setting the output of a field in a view.

Webform Views Integration (webform_views) 2018-11-26

d.o. page

"Essential"

This module lets you add fields from submissions to view, and sort/filter the view on them, in the same way you would standard fields from the Field API.

It's still alpha and not as polished/robust as the webform module itself - but it's certainly OK to use in production provided you test things first - check every combination of exposed filters works, and double check you aren't seeing duplicate rows (right now I've locked it to a recent commit on the dev-5.x branch, which doesn't need any patches).

Telephone (telephone) 2017-02-08

d.o. page

Telephone number field type.  This is in core, but you need to enable it.

Field Permissions (field_permissions) 2018-11-21

d.o. page

"Essential"

Control editing/visibility of individual fields by role.  

As well as custom settings ('create own', 'edit own', 'view own', 'edit any' and 'view any' - all per role), there's a Private setting which gives access to the author and administrator only. 

These are automatically applied to views.

Finding the setting: Look for  Field visibility and permissions – on the Edit tab, NOT Field Settings.

In /admin/people/permissions there's also a Access other users private fields permission.

Bamboo Twig (bamboo_twig) 2018-11-19

d.o. page

Way to embed lots of objects in twig. note you have to selectively enable various sub modules for each of the commands.  Seems pretty actively developed and well documented.

ClamAV (clamav) 2018-11-20

d.o. page

"Essential"

Virus check files uploaded by users.

In Drupal - when it can't connect you get an error on the Status Report.
The status report also shows you the version which includes the virus signature info.
As soon as it can that error goes away.

There's a "verbose" option in the config settings (which logs files that "passed" the virus check as well as failed)

You need to tick 'Enable ClamAV integration' before it will actually scan any files.

Test it's working by creating a small file with the short Eicar test signature string

Notes: ClamAV does use a fair bit of memory (because it keeps a copy of all the virus signatures)

Also sensible to run a Nagios NRPE check to ensure ClamAV is always running.

Patch:

Requires core patch to avoid possible data loss (race condition) - use my rerolled patch (#35) 

Menu Token (menu_token) 2018-11-21

d.o. page

Add tokens, such as a user ID, to text or URL paths of menu items. 

Be wary of this issue: Current-user:uid not correct

CKEditor Wordcount (ckwordcount) 2018-12-06

d.o. page

Adds word/character/paragraph count to the CKEditor status bar (can optionally enforce a word/character limit)

Configured via Text formats and Editors (/admin/config/content/formats).

Requires the ckeditor wordcount library - example composer.json for that (put this in your 'repositories' section):

        "ckeditor.wordcount": {
            "type": "package",
            "package": {
                "name": "ckeditor/wordcount",
                "version": "1.17.4",
                "type": "drupal-library",
                "extra": {
                    "installer-name": "wordcount"
                },
                "dist": {
                    "url": "https://download.ckeditor.com/wordcount/releases/wordcount_1.17.4.zip",
                    "type": "zip"
                },
                "require": {
                    "composer/installers": "~1.0"
                }
            }
        },

and then require:

"ckeditor/wordcount": "1.17.4",

Patch needed:

https://www.drupal.org/files/issues/2018-12-06/ckwordcount_plugin_path_2850845-9.patch

(to ensure modules gives browser correct path of plugin.js - if your ckeditor input disappears, check console.log and it's probably that)

The notification module is a dependency.

TagCloud (tagclouds) 2017-02-20

d.o. page

Provides a block with a tag cloud of chosen taxonomy term. Works but a bit buggy, e.g. UI taxonomy setting reverts to 'tags'.  Requires clearing the cache to update (including changing any settings).  Choice of numbers after each tag to indicate quality, or 'wordcloud' style with varying sizes (will need you to modify your CSS to add some spacing between words). 

Advanced Page Expiration (ape) 2018-09-17

d.o. page

Not recommended

I would avoid this.  The idea is you enter URL paths with wildcards and override the cache expiration.  I was unable to get it to work properly for pages (settings on config under Development > Performance) Also, re: caching images, those are files being served directly by Apache or Nginx, not via the Drupal front-controller, so caching settings need to be configured there.

Views Secondary Row (views_secondary_row) 2018-11-19

d.o. page

"Essential"

For Views that use Table format. Adds a row underneath each record - you change the format from 'table' to the 'secondary row' option, you get an extra select dropdown in the table *settings*, and you can also specify colspan.  This does mean the label will be missing by default (you won't have a column header any more) - so you need to edit the field and tick rewrite output, and then specify your desired label, followed by the field value in Twig.
 

Pathologic (pathologic) 2018-11-22

d.o. page

There's a D8 version but I've only tested D7.

It's a filter that fixes incorrect paths in your content - e.g. if you have content with an old domain or IP address specified, you can redirect it.

Views exposed form layout (vefl) 2018-11-21

d.o. page

Not recommended

Layouts for exposed filters - i.e. you can move each filter into a region (supports Panels and Display Suite).

When I tried this (Summer 2018) the D8 branch wasn't really there yet - you could only rearrange the basic filter components in D8 (like search term, submit button, reset button), not all the extra ones you've added.   I went with using CSS (e.g. clear: both) instead.

Honeypot (honeypot) 2018-12-06

d.o. page

"Essential"

Adds spam prevention to forms (you can select which, including user registration and contact).

Recommend turning logging on (look for entries of type = honeypot in /admin/reports/dblog

Exclude Node Title (exclude_node_title) 2017-02-06

d.o. page

There are situations where you will want to hide a node title - e.g. if you have a view and insert an image field that's an entity reference to another content type.  Module allows you to hide titles by content type or view mode and for all nodes or just a custom selection.  Beta in D8.

Twig Xdebug (twig_xdebug) 2017-02-08

d.o. page

Use Xdebug breakpoints in Twig templates - {{ breakpoint() }}

Redirect (redirect) 2017-02-20

d.o. page

"Essential"

Add redirects, including specifying from the full range of HTTP codes (e.g 307 Temporary).  Won't let you redirect from the homepage, use Config > Basic Site Settings for that.

Webform (webform) 2018-11-19

d.o. page

"Essential"

One of the best maintained contrib modules.  Main benefits: nicely presented forms with powerful conditional logic, YAML configuration, flexible user permissions, very clean data storage, secure.  Codebase is also very much written "the Drupal way".

I'm currently using this patch to avoid AJAX errors - it's only necessary where you've both enabled Automatically save as draft when paging, previewing, and when there are validation errors, and are using a confirmation type like inline, that still uses AJAX to submit the form when there are no validation errors.

SMTP Authentication Support (smtp) 2018-11-20

d.o. page

"Essential"

Send mail to a remote SMTP server (e.g. a transactional email provider like Postmark).  

You should put your authentication details in settings.php, rather than files you commit to the repo, for security.  

To get this to work - it was sending tests but nothing else - it seemed I needed to switch to a commit on the dev branch:

"drupal/smtp": "dev-1.x#3d354b3911409c9b11716bf2104498fb431eea72"

(note to self: see SM notes) 
 

Entity Embed (entity_embed) 2018-11-21

d.o. page

Lets you insert any entity type (supposedly) via the WYSIWYG editor, and like images you can set alignment etc.  It creates a toolbar button that can be added to the toolbar configuration in 'Text formats and editors'.  The strings needed can be pretty long - e.g. 

<drupal-entity data-embed-button="snippet" data-entity-embed-display="entity_reference:entity_reference_entity_id" data-entity-type="snippet" data-entity-uuid="216914ab-1bc2-4a73-975b-dc1de79e849a"></drupal-entity>
 

Flippy (flippy) 2017-02-06

d.o. page

Add Next/previous links to node view for specific content types - e.g. image gallery.  Powerful - supports: next/last, random link, you can specify exact text used etc.  Currently a dev version in D8.

Setup: activate for a content type in the 'Edit' tab (NOT manage display). Once Flippy is active, Manage Display tab will have a pager field so you can reposition the links relative to other fields on the page (e.g. above or below image).

Prepopulate (prepopulate) 2017-02-08

d.o. page

Allows you to prefill form fields by supplying values in a query string.  Syntax (also in readme) Useful for bookmarklets.  D8 alpha version.

Token (token) 2017-02-24

d.o. page

"Essential"

Adds a user interface for browsing tokens (the tags you can insert into various fields).

General Data Protection Regulation (gdpr) 2018-11-19

d.o. page

Not recommended

Couldn't install either alpha branch (8.1 or 8.2on Debian Stretch (9.5) wants php7.1-zip which doesn't seem to be available.  
Got error about missing checklistapi module after uninstall and had to remove from DB manually