login_security

17,362 sites Security covered

Login Security module improves the security options in the login operation of a Drupal site. By default, Drupal introduces only basic access control denying IP access to the full content of the site.

With Login Security module, a site administrator may protect and restrict access by adding access control features to the login forms (default login form in /user and the block called "login form block"). Enabling this module, a site administrator may

limit the number of invalid login attempts before blocking accounts,
or deny access by IP address, temporarily or permanently.

A set of notifications by email or Nagios may help the site administrator to know when something is happening with the login form of their site:

password and account guessing,
bruteforce login attempts or just unexpected behaviour with the login operation.

For alternative controls, Login Security can disable Drupal core's login error messages, obfuscating the reason for the login failure. This could make it harder for an attacker to discover whether the account even exists.

On login, users can optionally see their last login or access timestamp.

For a lighter alternative, check out Flood control.

Version	Type	Release date
2.0.7	Stable	Feb 17, 2026
2.0.6	Stable	Feb 17, 2026
2.0.5	Stable	Feb 17, 2026
2.0.4	Stable	Feb 17, 2026
2.0.3	Stable	Jan 29, 2026

Version

Type

Release date

2.0.7

Stable

Feb 17, 2026

2.0.6

Stable

Feb 17, 2026

2.0.5

Stable

Feb 17, 2026

2.0.4

Stable

Feb 17, 2026

2.0.3

Stable

Jan 29, 2026

login_security

Activity

Release Timeline

Releases