Hello, I'd like to block outsiders/hackers to access to my joomla admin page (www.mywebsite.com/administrator). Currently I am using "Restric IP address" system. But as my internet IP address is changed oftentimes, it is painful to go and allow the new IP whenever there is change. And now I am looking for a different way of blocking the administrator page. please help. Many Thanks.
What JoomlaDesigner said about password protecting the /administrator directory and use this plugin to add a key to your admin backend URL. Instead of http://yoursite.com/administrator it makes the URL for access http://yoursite.com/administrator/index.php?akeyyouchoose Security by obfuscation I know but it still helps.
hey.. you can also get it from ( joomlaserviceprovider.com/component/ambrasubs/file/view/5/7.html ). just register and download it. very good one. i tried and like it. Inside the zip file try to read Readme file so that you know how to setup. Don't also forget to oftentimes update your access keys which are to be made in your secret characters/numbers. Good Luck..
I recommend password protecting the directory. jSecure is also good, but a pain when you want to uninstall.
cant you just uninstall jSecure /???? how hard can it be? cause i was about to buy that component , its only like 5 dollars. httaccess file password protect should work.
not that simple, you may have to delete tables in your MySql db. I suggest reading a few forum posts on joomla's forum before buying or adding any extension. I agree about the htaccess pass protect. In addition, great unique passwords will probably work just fine. Unless you're getting serious traffic and dealing with large sums of money you should be fine, but if you're BIG TIME, who's dealing with development? All the best.
If you are concerned about someone breaking into your admin account at the joomla "back door", the strength of your password will make or break the event. Obfuscating can be used, but a simple creation of a powerful password is your first line of defense. Plus, did you know you do not have to use "admin" for the username ?
yeah that is a good point. disable the admin account like you would do on your wireless router or computer. Make a new account that is super administrator and use that instead . Also perform all the other Joomla security suggestions on the site to make sure your secure. Also always keep your site updated.
have you ever try to change Joomla admin folder And disable site/administrator ?. I think that's best way to solve this problem
change the folder nope . I thought that would be too complicated to change . You would think quite a bit of joomla would be pointing to files in that folder . Sounds like something that should be made to move the directory around easier .
ill have to test that out, at least on a site i can risk it on . I would think it would start something to stop working just by renaming it. Never heard of that trick before . I guess then rename it back when you upgrade .
What about .htaccess file? As far as I know you can make your admin panel available only from IP you want and all the rest will see 404 page.
Install guardxt. http://extensions.joomla.org/extensions/access-a-security/site-security/7013 It helps with protecting your site in many ways and has wizards to assist in security concerns: 1. change "admin" login to another name- like your dp logon name "toototoo" 2. password protect the admin directory via htaccess (guardxt wizard does this) 3. change joomla db prefix from jos_ to another prefix_ 4. add "Options All -Indexes" to your htaccess if it is not there already Install jsecure such as TooMaxi suggested here: http://joomlaserviceprovider.com/component/ambrasubs/file/view/5/7.html then you have 2 passwords to secure your admin page. Anyone trying to access my admin page without the jsecure password is redirected to the main site.