I have divided the modules into several categories according to their purpose:<\/p>\n\n\n\n
- \n
- Configuration\u00a0<\/li>\n\n\n\n
- Content\u00a0<\/li>\n\n\n\n
- Security<\/li>\n<\/ul>\n\n\n\n
I also provide an assessment of each module’s usefulness in the context of larger projects. Every large Drupal project cannot do without some of these features, so they should be treated as \u201cmust\u2011haves\u201d and studied carefully.<\/p>\n\n\n\n
I include useful links that explain the functionality and show concrete use cases wherever possible.<\/p>\n\n\n\n
Configuration<\/strong><\/strong><\/h2>\n\n\n\n
Here, I present modules that help manage and maintain Drupal\u2019s configuration. They are convenient, and even indispensable, for large, multi-environment deployments (where you have separate test, production, and other environments).<\/p>\n\n\n\n
Config Split<\/strong><\/h3>\n\n\n\n
- \n
- Project: https:\/\/www.drupal.org\/project\/config_split<\/a><\/li>\n\n\n\n
- Usefulness rating: always<\/strong><\/li>\n<\/ul>\n\n\n\n
This module lets you keep the configuration tailored to a given environment\u2013development, testing, production, etc. You can create multiple configuration splits that are enabled according to rules you define in the configuration files for each environment.<\/p>\n\n\n\n
The most basic usage is to add to settings.php a list of configuration sets that should be active or inactive depending on the value of an environment variable, where the key<\/p>\n\n\n
\nconfig_split.config_split.{split_key},\n{split_key} jest identyfikatorem \u015brodowiska skonfigurowanym w \/admin\/config\/development\/configuration\/config-split.\n<\/pre><\/div>\n\n\nExample:<\/p>\n\n\n
\nif ('production' === $_ENV['ENVIRONMENT']) { \n $config['config_split.config_split.prod']['status'] = TRUE; \n $config['config_split.config_split.dev']['status'] = FALSE; \n} else { \n $config['config_split.config_split.prod']['status'] = FALSE; \n $config['config_split.config_split.dev']['status'] = TRUE; \n} \n<\/pre><\/div>\n\n\n- \n
- Configuration path: \/admin\/config\/development\/configuration\/config-split<\/li>\n<\/ul>\n\n\n\n
Config Ignore<\/strong><\/h3>\n\n\n\n
- \n
- Project: https:\/\/www.drupal.org\/project\/config_ignore<\/a><\/li>\n\n\n\n
- Usefulness rating: very often<\/strong><\/li>\n<\/ul>\n\n\n\n
In its basic functionality, the module lets you ignore entire configuration files or only specific fields during import, thus ensuring that the configuration stored in the database will not be changed. This is useful when, for example, you do not want to keep the password to some system that is already set on the production server in a configuration file.<\/p>\n\n\n\n
The latest version introduced two additional modes \u2013 Intermediate and Advanced \u2013 that now allow granular filtering during Imports and Exports and per Create, Update, or Delete operation.<\/p>\n\n\n\n
- \n
- Configuration path: \/admin\/config\/development\/configuration\/ignore<\/li>\n<\/ul>\n\n\n\n
Config Readonly<\/strong><\/h3>\n\n\n\n
- \n
- Project: https:\/\/www.drupal.org\/project\/config_readonly<\/a><\/li>\n\n\n\n
- Usefulness rating: depends on needs<\/strong><\/li>\n<\/ul>\n\n\n\n
The module allows you to lock any changes to the site configuration by simply setting $settings[‘config_readonly’] = TRUE. You can condition on whatever logic you need, such as disabling any configuration changes on production.<\/p>\n\n\n\n
Content<\/h2>\n\n\n\n
Here I present a list of modules that make working with Drupal easier, expand its capabilities, and improve the overall look and feel of the experience.<\/p>\n\n\n\n
Paragraphs<\/strong><\/h3>\n\n\n\n
- \n
- Project: https:\/\/www.drupal.org\/project\/paragraphs<\/a><\/li>\n\n\n\n
- Usefulness rating: always<\/strong><\/li>\n<\/ul>\n\n\n\n
Paragraphs let you structure content by splitting it into independent, predefined paragraph types that can comprise any mix of text and media. Editors can add and reorder them freely instead of relying on one huge body field. This keeps the code base clean and gives greater flexibility when styling each section. Paragraphs are practically a must\u2011have in every project.<\/p>\n\n\n\n
The Paragraphs Library sub\u2011module makes previously created paragraph items reusable across multiple documents.<\/p>\n\n\n\n
- \n
- Configuration paths paragraphs types: \/admin\/structure\/paragraphs_type<\/li>\n\n\n\n
- Configuration paths paragraphs library: \/admin\/config\/content\/paragraphs_library_item<\/li>\n\n\n\n
- Resources: https:\/\/www.youtube.com\/watch?v=0gboYyLtTQk<\/a><\/li>\n<\/ul>\n\n\n\n
Entity Usage<\/strong><\/h3>\n\n\n\n
- \n
- Project: https:\/\/www.drupal.org\/project\/entity_usage<\/a><\/li>\n\n\n\n
- Usefulness rating: depends on needs<\/strong><\/li>\n<\/ul>\n\n\n\n
This module tracks relationships between entities, letting you verify what is used where. Because of the performance cost, use with caution on large sites.<\/p>\n\n\n\n
- \n
- Resources:\n
- \n
- https:\/\/www.thedroptimes.com\/30817\/video-know-more-about-entity-usage-module<\/a><\/li>\n\n\n\n
- https:\/\/www.drupal.org\/docs\/contributed-modules\/entity-usage\/installation-and-basic-usage<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
Entity Browser<\/strong><\/h3>\n\n\n\n
- \n
- Project: https:\/\/www.drupal.org\/project\/entity_browser<\/a><\/li>\n\n\n\n
- Usefulness rating: very often<\/strong><\/li>\n<\/ul>\n\n\n\n
Entity Browser allows you to build flexible, feature\u2011rich interfaces for searching and selecting entities (content, files, images, media, etc.). Instead of a simple select list, you can define sophisticated browsing, filtering, and previewing interfaces \u2013 for instance, with Views or modal windows. Editors can more easily search, sort, and pick objects, and the interface can be tailored to project needs.<\/p>\n\n\n\n
- \n
- Configuration path: \/admin\/config\/content\/entity_browser<\/li>\n\n\n\n
- Resources:\n
- \n
- https:\/\/www.youtube.com\/watch?v=wn_bkTdBkc8<\/a><\/li>\n\n\n\n
- https:\/\/www.drupal.org\/docs\/contributed-modules\/entity-browser<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
Redirect<\/strong><\/h3>\n\n\n\n
- \n
- Project: https:\/\/www.drupal.org\/project\/redirect<\/a><\/li>\n\n\n\n
- Usefulness rating: always<\/strong><\/li>\n<\/ul>\n\n\n\n
Provides a mechanism for redirecting any path to a specific Drupal document and lets you choose the appropriate HTTP status code (300\u00a0\u2013\u00a0307, see https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Reference\/Status<\/a>)<\/p>\n\n\n\n
- \n
- Configuration path: \/admin\/config\/search\/redirect<\/li>\n<\/ul>\n\n\n\n
Media<\/strong><\/h3>\n\n\n\n
- \n
- Project: https:\/\/www.drupal.org\/docs\/8\/core\/modules\/media<\/a><\/li>\n\n\n\n
- Usefulness rating: very often<\/strong><\/li>\n<\/ul>\n\n\n\n
The module is part of Drupal 11 core but is not installed by default.<\/p>\n\n\n\n
It introduces a mechanism for creating and managing several media types: Audio, Document, Image, Remote video, and Video. Each media type can have its fields and display settings, letting you tailor it to the site\u2019s requirements. For example, you can create fields in a document that accept only a specific, predefined media type.<\/p>\n\n\n\n
- \n
- Configuration paths: \/admin\/structure\/media oraz \/admin\/config\/media\/media-settings<\/li>\n\n\n\n
- Resources: https:\/\/www.youtube.com\/watch?v=2x21f2MnQ8E<\/a><\/li>\n<\/ul>\n\n\n\n
Media library<\/strong><\/h3>\n\n\n\n
- \n
- Project: https:\/\/www.drupal.org\/project\/media_library<\/a><\/li>\n\n\n\n
- Usefulness rating: very often<\/strong><\/li>\n<\/ul>\n\n\n\n
This is a convenient, advanced widget that extends the Media module, offering an intuitive interface for managing media assets. Integrated with CKEditor\u00a05, it lets editors embed media directly in content. <\/p>\n\n\n\n
To make the widget available in CKEditor\u00a05, add the Drupal\u00a0Media button to the chosen text format at\u00a0\/admin\/config\/content\/formats.<\/p>\n\n\n\n
![\"ikona\"](\"https:\/\/sii.pl\/blog\/wp-content\/uploads\/2025\/05\/img_1.png\")
<\/figure>\n\n\n\n- \n
- Resources:\n
- \n
- https:\/\/www.drupal.org\/docs\/core-modules-and-themes\/core-modules\/media-library-module\/overview<\/a><\/li>\n\n\n\n
- https:\/\/www.youtube.com\/watch?v=Ge-C0Oe4wuE<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
Media entity browser<\/strong><\/h3>\n\n\n\n
- \n
- Project: https:\/\/www.drupal.org\/project\/media_entity_browser<\/a><\/li>\n\n\n\n
- Usefulness rating: depends on needs<\/strong><\/li>\n<\/ul>\n\n\n\n
This module is essential if you want users to have a convenient file\u2011management tool. It combines the strengths of Entity Browser<\/em> with Drupal\u2019s Media<\/em> module. <\/p>\n\n\n\n
You can customize this widget\u2019s appearance and use Views to decide which available media items to display.<\/p>\n\n\n\n
Note that it depends on inline_entity_form<\/em>, currently in RC; test thoroughly before deploying to production.<\/p>\n\n\n\n
![\"select](\"https:\/\/sii.pl\/blog\/wp-content\/uploads\/2025\/05\/img_2-1024x486.png\")
<\/figure>\n\n\n\n- \n
- Configuration path: \/admin\/config\/content\/entity_browser<\/li>\n<\/ul>\n\n\n\n
Trash<\/strong><\/h3>\n\n\n\n
- \n
- Project: https:\/\/www.drupal.org\/project\/trash<\/a><\/li>\n\n\n\n
- Usefulness rating: depends on needs<\/strong><\/li>\n<\/ul>\n\n\n\n
This is a great safeguard against accidental deletion that introduces a Trash\u00a0bin mechanism. You can choose which entity types are handled and set automatic cleanup after a defined time.<\/p>\n\n\n\n
- \n
- Configuration path:\u00a0\/admin\/config\/content\/trash<\/li>\n\n\n\n
- Resources:\n
- \n
- https:\/\/git.drupalcode.org\/project\/trash\/-\/blob\/3.x\/README.md<\/a><\/li>\n\n\n\n
- https:\/\/www.youtube.com\/shorts\/UgcUWIzQaoo<\/a><\/li>\n\n\n\n
- https:\/\/www.youtube.com\/watch?v=7jNmM2VnjUQ<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
Dropzonejs<\/strong><\/h3>\n\n\n\n
- \n
- Project: https:\/\/www.drupal.org\/project\/dropzonejs<\/a><\/li>\n\n\n\n
- Usefulness rating: depends on needs<\/strong><\/li>\n<\/ul>\n\n\n\n
It exposes the DropzoneJS library and lets users upload files with drag\u2011and\u2011drop. It works great with Media Entity Browser<\/em>. Installation requires adding to composer.json a repositories entry, followed by running composer commands.<\/p>\n\n\n
\n "repositories": [\n {\n "type": "package",\n "package": {\n "name": "enyo\/dropzone",\n "version": "5.9.3",\n "type": "drupal-library",\n "dist": {\n "url": "https:\/\/github.com\/dropzone\/dropzone\/releases\/download\/v5.9.3\/dist.zip",\n "type": "zip"\n }\n }\n }\n ]\n<\/pre><\/div>\n\n\nAnd then run the command: composer require drupal\/dropzonejs enyo\/dropzone<\/em><\/p>\n\n\n\n
![\"add](\"https:\/\/sii.pl\/blog\/wp-content\/uploads\/2025\/05\/img-1024x456.png\")
<\/figure>\n\n\n\n- \n
- Configuration path: No configuration is required.<\/li>\n\n\n\n
- Resources:\n
- \n
- https:\/\/github.com\/dropzone\/dropzone<\/a><\/li>\n\n\n\n
- https:\/\/www.dropzone.dev\/<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
Pathauto<\/strong><\/h3>\n\n\n\n
- \n
- Project: https:\/\/www.drupal.org\/project\/pathauto<\/a><\/li>\n\n\n\n
- Usefulness rating: always<\/strong><\/li>\n<\/ul>\n\n\n\n
Automatically generates URL aliases for any entity type. For each entity and language, you can configure a custom path pattern.<\/p>\n\n\n\n
- \n
- Configuration path: \/admin\/config\/search\/path\/patterns<\/li>\n\n\n\n
- Resources: https:\/\/www.youtube.com\/watch?v=Pi5CweTmF5Q<\/a><\/li>\n<\/ul>\n\n\n\n
Security<\/strong><\/strong><\/h2>\n\n\n\n
Here, I present the most useful and widely used modules that enhance a site’s security, which every Drupal developer should be familiar with.<\/p>\n\n\n\n
Rename Admin Paths<\/strong><\/h3>\n\n\n\n
- \n
- Project: https:\/\/www.drupal.org\/project\/rename_admin_paths<\/a><\/li>\n\n\n\n
- Usefulness rating: always<\/strong><\/li>\n<\/ul>\n\n\n\n
This is a simple yet effective module that hardens the site by changing default admin paths such as \/admin<\/em> and \/user<\/em> to custom ones, making it harder for attackers to find the login panel.<\/p>\n\n\n\n
![\"rename](\"https:\/\/sii.pl\/blog\/wp-content\/uploads\/2025\/05\/img_4.png\")
<\/figure>\n\n\n\n- \n
- Configuration path: \/backend\/config\/system\/rename-admin-paths<\/li>\n<\/ul>\n\n\n\n
Password Policy<\/strong><\/h3>\n\n\n\n
- \n
- Project: https:\/\/www.drupal.org\/project\/password_policy<\/a><\/li>\n\n\n\n
- Usefulness rating: depends on needs<\/strong><\/li>\n<\/ul>\n\n\n\n
The module lets you create password policies for selected roles. By installing the accompanying Policy Constraints<\/strong> sub-modules, you can specify, among other things, the following settings.<\/p>\n\n\n\n
- \n
- password_policy_blacklist<\/strong>: a list of strings that cannot be used as passwords and that passwords are not allowed to contain.<\/li>\n\n\n\n
- password_policy_character_types<\/strong>: the minimum number of character types (2, 3, or 4) required from the following set: lowercase letters, uppercase letters, digits, special characters.<\/li>\n\n\n\n
- password_policy_characters<\/strong>: specifies the minimum number of characters of each type (lowercase letters, uppercase letters, digits, special characters).<\/li>\n\n\n\n
- password_policy_consecutive<\/strong>: limits how many times the same character may be repeated consecutively in a password.<\/li>\n\n\n\n
- password_policy_delay<\/strong>: sets the hours that must pass before a password can be changed again (this limit also applies when changing a password via the admin UI).<\/li>\n\n\n\n
- password_policy_history<\/strong>: prevents a user from re-using a previous password.<\/li>\n\n\n\n
- password_policy_length<\/strong>: lets you define both the maximum and minimum length of a password.<\/li>\n<\/ul>\n\n\n\n
It also lets you enforce a password change after a defined period.<\/p>\n\n\n\n
- \n
- Configuration path: \/admin\/config\/security\/password-policy<\/li>\n\n\n\n
- Resources: https:\/\/www.youtube.com\/watch?v=aYLnFQh7Mj0<\/a><\/li>\n<\/ul>\n\n\n\n
Security Kit<\/strong><\/h3>\n\n\n\n
- \n
- Project: https:\/\/www.drupal.org\/project\/seckit<\/a><\/li>\n\n\n\n
- Usefulness rating: depends on needs<\/strong><\/li>\n<\/ul>\n\n\n\n
This module enhances Drupal\u2019s security by guarding against common web threats such as XSS attacks, clickjacking, and SSL stripping. It lets you configure HTTP headers, set a Content Security Policy (CSP), manage HTTPS, and block unauthorized embedded content. You can also disable the browser\u2019s autofill of the username field on the login page.<\/p>\n\n\n\n
- \n
- Configuration page: \/admin\/config\/system\/seckit<\/li>\n\n\n\n
- Resources:\n
- \n
- https:\/\/www.droptica.com\/blog\/security-kit-drupal-module-overview\/<\/a><\/li>\n\n\n\n
- https:\/\/sekurak.pl\/czym-jest-xss\/<\/a><\/li>\n\n\n\n
- https:\/\/sekurak.pl\/czym-jest-podatnosc-csrf-cross-site-request-forgery\/<\/a><\/li>\n\n\n\n
- https:\/\/www.keepersecurity.com\/blog\/pl\/2023\/07\/24\/what-is-clickjacking\/<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
Autologout<\/strong><\/h3>\n\n\n\n
- \n
- Project: https:\/\/www.drupal.org\/project\/autologout<\/a><\/li>\n\n\n\n
- Usefulness rating: depends on needs<\/strong><\/li>\n<\/ul>\n\n\n\n
Let’s you configure automatic logouts based on inactivity or a hard session limit.<\/p>\n\n\n\n
You can set an inactivity timeout that logs a user out after a period of idle time, and an absolute session limit after which the user is forcibly logged out regardless of activity. Both limits can be configured per role, and you can define a URL to which the user is redirected immediately after the automatic logout. It\u2019s also worth looking at the companion module https:\/\/www.drupal.org\/project\/autologout_alterable<\/a>.<\/p>\n\n\n\n
- \n
- Configuration path: \/admin\/config\/people\/autologout<\/li>\n<\/ul>\n\n\n\n
Shield<\/strong><\/h3>\n\n\n\n
- Usefulness rating: depends on needs<\/strong><\/li>\n<\/ul>\n\n\n\n
- https:\/\/sekurak.pl\/czym-jest-xss\/<\/a><\/li>\n\n\n\n
- https:\/\/www.droptica.com\/blog\/security-kit-drupal-module-overview\/<\/a><\/li>\n\n\n\n
- Usefulness rating: depends on needs<\/strong><\/li>\n<\/ul>\n\n\n\n
- Project: https:\/\/www.drupal.org\/project\/seckit<\/a><\/li>\n\n\n\n
- password_policy_character_types<\/strong>: the minimum number of character types (2, 3, or 4) required from the following set: lowercase letters, uppercase letters, digits, special characters.<\/li>\n\n\n\n
- Usefulness rating: depends on needs<\/strong><\/li>\n<\/ul>\n\n\n\n
- Project: https:\/\/www.drupal.org\/project\/password_policy<\/a><\/li>\n\n\n\n
- Usefulness rating: always<\/strong><\/li>\n<\/ul>\n\n\n\n
- Project: https:\/\/www.drupal.org\/project\/rename_admin_paths<\/a><\/li>\n\n\n\n
- Usefulness rating: always<\/strong><\/li>\n<\/ul>\n\n\n\n
- https:\/\/www.dropzone.dev\/<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
- https:\/\/github.com\/dropzone\/dropzone<\/a><\/li>\n\n\n\n
- Usefulness rating: depends on needs<\/strong><\/li>\n<\/ul>\n\n\n\n
- https:\/\/www.youtube.com\/shorts\/UgcUWIzQaoo<\/a><\/li>\n\n\n\n
- https:\/\/git.drupalcode.org\/project\/trash\/-\/blob\/3.x\/README.md<\/a><\/li>\n\n\n\n
- Usefulness rating: depends on needs<\/strong><\/li>\n<\/ul>\n\n\n\n
- Project: https:\/\/www.drupal.org\/project\/trash<\/a><\/li>\n\n\n\n
- Usefulness rating: depends on needs<\/strong><\/li>\n<\/ul>\n\n\n\n
- https:\/\/www.youtube.com\/watch?v=Ge-C0Oe4wuE<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
- https:\/\/www.drupal.org\/docs\/core-modules-and-themes\/core-modules\/media-library-module\/overview<\/a><\/li>\n\n\n\n
- Usefulness rating: very often<\/strong><\/li>\n<\/ul>\n\n\n\n
- Project: https:\/\/www.drupal.org\/project\/media_library<\/a><\/li>\n\n\n\n
- Usefulness rating: very often<\/strong><\/li>\n<\/ul>\n\n\n\n
- Project: https:\/\/www.drupal.org\/docs\/8\/core\/modules\/media<\/a><\/li>\n\n\n\n
- Usefulness rating: always<\/strong><\/li>\n<\/ul>\n\n\n\n
- https:\/\/www.drupal.org\/docs\/contributed-modules\/entity-browser<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
- https:\/\/www.youtube.com\/watch?v=wn_bkTdBkc8<\/a><\/li>\n\n\n\n
- Usefulness rating: very often<\/strong><\/li>\n<\/ul>\n\n\n\n
- https:\/\/www.drupal.org\/docs\/contributed-modules\/entity-usage\/installation-and-basic-usage<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
- https:\/\/www.thedroptimes.com\/30817\/video-know-more-about-entity-usage-module<\/a><\/li>\n\n\n\n
- Usefulness rating: depends on needs<\/strong><\/li>\n<\/ul>\n\n\n\n
- Project: https:\/\/www.drupal.org\/project\/entity_usage<\/a><\/li>\n\n\n\n
- Usefulness rating: always<\/strong><\/li>\n<\/ul>\n\n\n\n
- Usefulness rating: depends on needs<\/strong><\/li>\n<\/ul>\n\n\n\n
- Project: https:\/\/www.drupal.org\/project\/config_readonly<\/a><\/li>\n\n\n\n
- Usefulness rating: very often<\/strong><\/li>\n<\/ul>\n\n\n\n
- Project: https:\/\/www.drupal.org\/project\/config_ignore<\/a><\/li>\n\n\n\n
- Usefulness rating: always<\/strong><\/li>\n<\/ul>\n\n\n\n
- Project: https:\/\/www.drupal.org\/project\/config_split<\/a><\/li>\n\n\n\n