Use the Drupal Hacked Module to Check for Code Changes
Hacked! Is an extremely powerful Drupal module available in both Drupal 7 and 8. Hacked! allows you to check Drupal’s modules and core against Drupal.org stored versions to make sure they have not been tampered with.
This module is a great way to ensure that the modules are safe and have not been modified.
It’s worth noting that Hacked! will not check any code that does not exist on Drupal.org. However, as Aimee Maree points out, Hacked! can be very useful for finding when an errant developer has modified a module’s code.
Here’s how to get started:
- Download and enable Hacked!
Next, you need to make sure you have the “Update Manager” module enabled as well.
Hacked! does have some very basic configuration options. You can include or exclude line ends, although I recommend leaving the setting as “Ignore line ends”.
How that we have Hacked! set up and configured we need to run Hacked! and make sure all the files match the files on Drupal.org
- Go to Reports > Hacked.
- Visiting this page will automatically run the check.
As you can see below I have a module that does not match the Drupal.org version. This is because I have manually tweaked the module files.
One thing to note: if you are using a custom environment, you might also notice that Drupal core is flagged as changed. This is a false positive because of the way some virtual machines work.
Why is this recommended not to be installed on a production site? Wouldn’t you want to know if some of your live site’s files had been modified without your knowledge?
Sorry where does it say do not use on a production site ?
Thanks
Daniel
Oh, on the actual project page.
“This is primarily a developer tool and should never ever (don’t even think it) be installed on a production site.”
Hi Robert,
Every cron it will recheck. So if you have a big site it could cause a massive overhead checking the site.
You can probably use it on production but I would advise disabling it after use till you want to run it again.
Thanks
Daniel
Ah, that makes sense.
Most of my clients are UK based, I wonder if it would be possible to get it to run once a week in the middle of the night when visitor number are usually pretty low?
Hi Robert,
You would need to re write to run function or hook it into something else to change the activation.
Do you already have something that runs a weekly off peak maintenance routine ?
Thanks
Daniel
I tried installing HACKED TOOL ON STAGING SERVER , THE HACKED TOOL WITH UPDATE MANAGER ENABLED IS BEING SHOWN IN THE CMS , BUT I AM NOT ABLE TO VIEW ANY CONFIGURATION OPTION AND GENERATE REPORTS MY DRUPAL VERSION IS 7.59