This plugin does work in the version 1.5.8, contrary to the earlier post. I installed it on Joomla 1.5.8 without issue.

One limitation to keep in mind with this plugin is that it only protects the root administrator directory. Access to any subdirectory and file within the administrator directory can be done without the key (just like Joomla operates without the plugin). Maybe this could be added in a later version to prevent access to the entire administrator directory tree.

doesn't work at all with the latest version of joomla and there doesn't seem to be any support from the creators with regards to this.

I use it on all my sites, like everyone has been saying, it is a must have!

Excellent plugin.I have some questions:
Where is the secret word saved?In a file?In the database?
Is there any way that the attacker can get the secret word?

Anyway.This is a great plugin and if dosent stop the attackers, it will confuse them for sure.

Just the best you can get

tip: the URL for administration will be -yoursite-/administrator/?The-secure-key

don't forget the ? or it won't work

Fantastic idea. This plugin is simply doing the job. Easy to install, nearly zero configuration, great effect. I'll going now to protect all my Joomla sites with this plugin. Also great that version 1.0x is still covered. Thanks!

I've found this module as very essential and must have module. It's really easy to implement just like 1,2,3. I hope future version of Joomla will have this kind of system as core module. Thanks for the good effort.

I have to admit that I was a little hesitant to try this because of other, different security scripts that have previously damaged my Joomla installation. But I feel this is such an important tool every Joomla Website should use it if possible.

Thank You; we look forward to seeing more from you!

This is my first review ever. I did not yet wrote any but this extension is crying out loud for it.

IT ROCKS!

If you are taking your website security seriously and you do not have root access (or do not want to use other possibilities inside your server) This is a must have.

Well done for all who work on it.
Huge thank you.

Since Joomla! and setting up websites is so easy and accessible for everyone, the security part is often overlooked. In order to protect your site you need to familiarize yourself with the different types of threats that actually exists and, God forbid, can stop your site.

This plugin increase the security of your site. But I would like to point out a basic rules that apply to any reasoning about security in WWW:

- 'Any script that is run from under the www-root is a possible target for security breach.'

Having said that I realize that many installations are unable to successfully use Apache built in security in order to prevent access to the Joomla! Administrator directory, because of the way their hosting service are set up. In those cases this plugin is a welcome alternative.

For those who can benefit from Apache (outside www-root) security features, it is a far more secure solution to prevent your site from any threat.

First of all - I LOVE this extension. It was easy to install and easy to use and works perfectly. My admin site is completely hidden from the world and works flawlessly otherwise....but just one small issue. It wont let me logout of Admin. It just sits there. When I turn the plugin off, I can logout easily. When its on, no joy.

But Still - Love it. I'll wait for a patch?

This is a MUST HAVE security feature for anyone operating a Joomla site, especially one with lots of traffic and community users. It helps me sleep at night. With this module you can choose a secret keyword (of any complexity) to change the location of your Admin page:
www.mysite.com/administrator/?mysecretkeyword

Up until now, I always had to worry about someone easily locating the default Admin page. Now I sleep easy knowing that I have made it even harder for any would-be hacker to mess with my site.

I like that you can set the "404 Error" page to either a custom 404 page or redirect the hacker directly to the front page of your site.

My advice for anyone using this is to always use an ALPHANUMERIC keyword combination and change that keyword periodically. Don't end up in the forums saying "My site was hacked!"

And make sure to write down your keyword! You won't get back into your admin screen without it!

This is a NEEDED security plugin... I Love it! I installed [and YES READ the instructions!!] and it works like a charm.. I would HIGHLY suggest you get this one!

Anyone that make a living of setting Joomla and has got his sites hack will love this line of defense. Having exposed the folder /administrator/ have become more like a nightmare in today’s internet environment so masking and redirecting to a 404 the regular access is a plus. The only thing to make this a perfect plug-in is some sort of SSL support to exchange passwords encrypted.

Keep the good work guys.

Simple yet effective. Makes the site a bit more fun when the obvious is hidden.
thanks for your work on this plug-in.

Something you normally don't think about. I love it and now I feel its really necessary plugin. I would consider it MUST HAVE plugin. But remember understand the plugin first before you activate it cause i got really panic when i couldn't get into my joomla login page. later i realized It was easy to get in. just write www.yourDomainName.com/administrator/?yourKey and that it!

NICE WORK!!

The issue that this plugin solves so elegantly and simply is one that has always concerned me since I started developing with Joomla! What is even more amazing is the fact that so many "Joomla! Website Design" sites do NOT have this must-have plugin installed!

As others here mentioned, use a plain, generic 404 redirect; do not give away any more info than required. My hosting provider has their own so that's the one I redirect to; looks "legit" :)

Very simple to implement. I think this extension is going to be added to my list of "Must Haves" for all my Joomla sites. Thanks!!!

This is a very good plug-in, and does exactly what it says; however, for me, it may turn out to be useless. I have many people who contribute content to my site, and so I would have to widely distribute the keyword over open channels. Also, I'd probably have to periodically change the password, and so the task of distribution would never go away.

So, I am going to look in to other solutions to avoid this problem.

Very easy to use - Very quick set up Thanks for this amazing Plugin ;0)