Drupal is a registered trademark of Dries Buytaert
drupal 10.6.11 Update released for Drupal core (10.6.11)! drupal 11.3.12 Update released for Drupal core (11.3.12)! drupal 11.2.14 Update released for Drupal core (11.2.14)! drupal 10.5.12 Update released for Drupal core (10.5.12)! cms 2.1.3 Update released for Drupal core (2.1.3)! drupal 10.5.11 Update released for Drupal core (10.5.11)! drupal 11.3.11 Update released for Drupal core (11.3.11)! drupal 11.2.13 Update released for Drupal core (11.2.13)! drupal 10.6.10 Update released for Drupal core (10.6.10)! cms 2.1.2 Update released for Drupal core (2.1.2)! drupal 11.1.10 Update released for Drupal core (11.1.10)! drupal 10.5.10 Update released for Drupal core (10.5.10)! drupal 10.4.10 Update released for Drupal core (10.4.10)! drupal 11.2.12 Update released for Drupal core (11.2.12)! drupal 11.3.10 Update released for Drupal core (11.3.10)! drupal 10.6.9 Update released for Drupal core (10.6.9)! drupal 10.6.8 Update released for Drupal core (10.6.8)! drupal 11.3.9 Update released for Drupal core (11.3.9)! drupal 11.3.8 Update released for Drupal core (11.3.8)! drupal 11.3.7 Update released for Drupal core (11.3.7)!
← All modules

spp

No security coverage
View on drupal.org

Introduction

Single Page Protection protects selected internal Drupal paths with per-page passwords. It supports Drupal 9.4+, Drupal 10, and Drupal 11 sites that need lightweight page-level protection without creating Drupal user accounts for every visitor.

Features

  • Configure protected internal paths from the administration UI.
  • Store page passwords as PHP password hashes.
  • Edit protected paths and replace passwords without deleting records.
  • Customize the password form instructions with a Drupal text format.
  • Allow trusted roles to bypass page protection.
  • Redirect anonymous visitors to the password form until the page password is valid.

Installation

composer require 'drupal/spp:^1.0'
drush en single_page_protection

Configuration

  1. Grant administer single page protection only to trusted administrator roles.
  2. Grant bypass single page protection only to roles that should skip protected-page passwords.
  3. Go to Configuration > System > Single Page Protection.
  4. Add internal paths such as /members-only and enter a password for each path.

Security and maintenance

Configured paths must be internal paths that start with /. Protocol-like values, control characters, duplicate paths, and the password form path itself are rejected. Passwords are stored as hashes, legacy plaintext records are rehashed through the update path, and access is controlled with restricted permissions. The project includes Drupal GitLab CI configuration and is maintained for Drupal 9.4, 10, and 11.

License

This project is licensed under GPL-2.0-or-later.

Activity

Total releases
2
First release
Jun 2026
Latest release
8 hours ago
Release cadence
0 days
Stability
100% stable

Releases

Version Type Release date
1.0.9 Stable Jun 18, 2026
1.0.7 Stable Jun 18, 2026