Upgrade Your Drupal Skills

We trained 1,000+ Drupal Developers over the last decade.

See Advanced Courses NAH, I know Enough

How to Protect your Drupal Login Page from Anonymous Users and Bots?

Parent Feed: 

Drupal is a very secure content management system and provides a lot of security for website owners out of the box. Drupal 8 and 9 come with flood prevention capabilities that protect against brute force login attacks on your website. However, if you want to go that extra mile and prevent access to the user/login page to anonymous users, you can use Disable Drupal Login Page module.

The module prevents access to /user/login page when accessed without a secret key and value that the admin can configure. So all access to /user/login without the secret key-value pair will result in an access denied response. This will prevent all kinds of bot access attempts on the website.

Once you configure this module you can also decide to configure the webserver to completely prevent access to /user/login when accessed without a query string. That will ensure that these login attempts would not even bootstrap Drupal and remove that unnecessary load on the server as well.

Author: 
Original Post: 

About Drupal Sun

Drupal Sun is an Evolving Web project. It allows you to:

  • Do full-text search on all the articles in Drupal Planet (thanks to Apache Solr)
  • Facet based on tags, author, or feed
  • Flip through articles quickly (with j/k or arrow keys) to find what you're interested in
  • View the entire article text inline, or in the context of the site where it was created

See the blog post at Evolving Web

Evolving Web