Installing Mollom for Drupal 8

Use the procedures on this page to install and configure Mollom for your Drupal 8-based environment.

Installing the Mollom module

Although the Mollom module installation process is similar to many other Drupal 8 modules, there are some additional installation steps, which are detailed as follows:

  1. If you have not yet signed up for the Mollom service, sign up at
  2. Sign in to, and then go to your Site manager to retrieve the public and private API keys for your website.
  3. Install the Mollom module on your website. For detailed Drupal 8 module installation instructions, see How to install a Drupal 8 module article on the Acquia Help Center.

    You can find the Mollom download file for the most currently released version on the Mollom project page.

  4. Ensure that you are signed in to your website using an account with administrative privileges.
  5. Configure the user permissions for the Mollom module by going to People > Permissions and associating the following permissions to the appropriate users and roles on your website:
    • Administer Mollom - Allows users to set general settings and configure form protection
    • Bypass Mollom protection - Allows trusted users to avoid having Mollom analyze their content
    • View Mollom statistics - Allows users access to the statistics page of total ham/spam protection stats
  6. If your website runs behind a reverse proxy or load balancer (for example, Varnish or NGINX) your website must send the actual IP address for every site visitor. To do this, complete the following steps:
    1. Enable and configure the reverse_proxy settings in Drupal's settings.php.
    2. Go to Reports > Recent log messages to confirm that each unique website visitor's IP address in the Hostname field of each log message is different.
  7. To connect your website to the Mollom service, complete the following steps:
    1. In your website, go to Configuration > Mollom content moderation.
    2. Click the Settings
    3. tab.

  8. In the Mollom API Keys section, enter the public and private keys you previously obtained in the following fields:
    • Public key
    • Private key
  9. Click Save configuration.

You have now installed the Mollom module and connected it to the Mollom service. The next step is to configure how Mollom interacts with your website's visitors and the website itself.

Configuring Mollom on your site

From the Configuration > Mollom content moderation page, use the different tabs to control how Mollom will protect your website.

Global settings

In Configuration > Mollom content moderation > Settings, configure the following settings:

  • When the Mollom service is unavailable - Click the appropriate option from the following settings:
    • Accept all form submissions - When Mollom cannot be reached, all form submissions are still accepted.
    • Block all form submissions - When Mollom cannot be reached, all form submissions are blocked from your website.
  • Expected languages - Select one or more languages to restrict all posts to the selected languages. To allow users to post in any language, do not select any languages.
  • Show a link to Mollom's privacy policy check box - Select this check box if you want a form to contain a link to Mollom's privacy policy.
  • Enable testing mode - Enable testing mode if you want to test Mollom's user interface behavior on your website. This allows triggering of specific Mollom responses and protects your own author reputation while testing.

Advanced configuration

In the advanced configuration section, you have the option of configuring the following settings or leaving them set to their default values:

  • Mollom logging level warning - Click the appropriate option from the following settings:
    • Only log warnings and errors - Restricts the messages in Reports > Recent log messages to warnings and errors. This option is enabled by default.
    • Log all Mollom messages - Logs all Mollom messages in Reports > Recent log messages
  • Enable audio CAPTCHAs - Allows users to switch from a visual CAPTCHA to an audio CAPTCHA that uses the NATO alphabet. (selected by default)
  • Time-out when attempting to contact Mollom servers - Enter the number of seconds that a call to Mollom will wait before timing out. The default value for this field is 3.

Protecting forms with Mollom

The procedures to use to protect a form on your website depend on if you are creating a new form, or modifying an existing form:

  • New form
    1. Go to Configuration > Forms.
    2. Click Add form. The webpage reloads and displays the Mollom Form list. This list of forms varies depending on the modules you have installed.
    3. By default, Mollom protects the following forms:
      • Contact: Site-wide contact form - Creates a contact form and enables Mollom protection for it
      • User: User password request form - Creates a password request form and sets up Mollom protection
      • User: User profile form - Creates a form to capture user profile details and enables Mollom protection for it
      • User: User registration form - Creates a form for users to register on your website and protects it with Mollom
      • Node: Article form - Creates a form for users to add an article to your website and protects this form with Mollom
      • Node: Basic page form - Creates a form to add a basic page to your website
      • Comment: article comment form - Creates a form to allow users to add comments to an article
      • Comment: page comment form - Creates a form to allow users to add comments to a basic page
    4. Configure the appropriate form's settings depending on your needs. All forms have the same settings, with the exception being whether textual analysis or CAPTCHA is checked by default. For more information about these settings, see the Usage section on this page.
    5. Click Create Protected Mollom Form. The webpage reloads and displays a list of completed forms.
  • Existing form

    Go to Configuration > Forms, and then click Edit next to the form whose configuration that you want to modify.

Removing Mollom protection from forms

To remove Mollom protection from an existing form, go to Configuration > Forms, and then click Unprotect next to the form that you no longer want to protect.


With text analysis selected, the following are the default functions that Mollom performs:

  • Spam posts are discarded by default - For posts that support the concept of a publishing status (for example, nodes and comments), you have the option to retain all spam posts for manual moderation.
  • Ham (not spam) posts are accepted - For comments, their acceptance depends on whether the author has the permission to post comments without approval.
  • If Mollom is unsure, the author is asked to solve a CAPTCHA (word verification) - If the CAPTCHA is not solved correctly, the author is presented a new one and asked to try again.
  • If spam posts are not caught by Mollom, you can and should report them when deleting - The Mollom service learns from your feedback.

These options can be configured differently on a per-form basis.


To view statistics for your website, go to Reports > Mollom statistics.

To display Mollom's log of its activity, go to Reports > Recent log messages. Filter by category mollom to access detailed information for each form submission that has been processed by Mollom. When requesting support, it is helpful to include the details of one or more log messages.

Contact supportStill need assistance? Contact Acquia Support