Use the Drupal Hacked Module to Check for Code Changes

Use the Drupal Hacked! module for peace of mind

Hacked! Is an extremely powerful Drupal module available in both Drupal 7 and 8. Hacked! allows you to check Drupal’s modules and core against Drupal.org stored versions to make sure they have not been tampered with.

This module is a great way to ensure that the modules are safe and have not been modified.

It’s worth noting that Hacked! will not check any code that does not exist on Drupal.org. However, as Aimee Maree points out, Hacked! can be very useful for finding when an errant developer has modified a module’s code.

Here’s how to get started:

configuring the Hacked module in Drupal

Next, you need to make sure you have the “Update Manager” module enabled as well.

Hacked! does have some very basic configuration options. You can include or exclude line ends, although I recommend leaving the setting as “Ignore line ends”.

Drupal Hacked Module settings

How that we have Hacked! set up and configured we need to run Hacked! and make sure all the files match the files on Drupal.org

  • Go to Reports > Hacked.
  • Visiting this page will automatically run the check.

image3

As you can see below I have a module that does not match the Drupal.org version. This is because I have manually tweaked the module files.

One thing to note: if you are using a custom environment, you might also notice that Drupal core is flagged as changed. This is a false positive because of the way some virtual machines work.

Author

0 0 votes
Article Rating
Subscribe
Notify of
guest

7 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
robert.kent87
7 years ago

Why is this recommended not to be installed on a production site? Wouldn’t you want to know if some of your live site’s files had been modified without your knowledge?

robert.kent87
7 years ago

Oh, on the actual project page.
“This is primarily a developer tool and should never ever (don’t even think it) be installed on a production site.”

robert.kent87
7 years ago

Ah, that makes sense.
Most of my clients are UK based, I wonder if it would be possible to get it to run once a week in the middle of the night when visitor number are usually pretty low?

NUPUR
NUPUR
5 years ago

I tried installing HACKED TOOL ON STAGING SERVER , THE HACKED TOOL WITH UPDATE MANAGER ENABLED IS BEING SHOWN IN THE CMS , BUT I AM NOT ABLE  TO VIEW ANY CONFIGURATION OPTION AND GENERATE REPORTS MY DRUPAL VERSION IS 7.59

7
0
Would love your thoughts, please comment.x
()
x