Posted by jribeiro on

Login Security module improves the security options in the login operation of a Drupal site. By default, Drupal introduces only basic access control denying IP access to the full content of the site.

With Login Security module, a site administrator may protect and restrict access by adding access control features to the login forms (default login form in /user and the block called "login form block"). Enabling this module, a site administrator may

  • limit the number of invalid login attempts before blocking accounts,
  • or deny access by IP address, temporarily or permanently.

A set of notifications by email or Nagios may help the site administrator to know when something is happening with the login form of their site:

  • password and account guessing,
  • bruteforce login attempts or just unexpected behaviour with the login operation.

For alternative controls, Login Security can disable Drupal core's login error messages, obfuscating the reason for the login failure. This could make it harder for an attacker to discover whether the account even exists.

On login, users can optionally see their last login or access timestamp.

For a lighter alternative, check out Flood control.

Supporting organizations: 
CI&T
Drupal 8 upgrade and maintenance
Classic Graphics
Drupal 7 upgrade and maintenance

Project Information

Downloads

8.x-1.2 Stable release covered by the Drupal Security Team released 17 October 2016
✓ Recommended by the project’s maintainer.

Fixed: #2819081, #2780601, #2794333

Download tar.gz (23.56 KB) | zip (31.2 KB)

Development version: 8.x-1.x-dev updated 17 Oct 2016 at 11:03 UTC

7.x-1.9 Stable release covered by the Drupal Security Team released 21 February 2014
✓ Recommended by the project’s maintainer.
Download tar.gz (21.23 KB) | zip (24.42 KB)

Development version: 7.x-1.x-dev updated 14 Nov 2014 at 16:48 UTC

6.x-1.4 released 14 August 2013
Download tar.gz (21.11 KB) | zip (24.57 KB)