Drawback: Joomla has one drawback, any web user can easily know the site is created in Joomla! by typing the URL to access the administration area (i.e. www.site name.com/administration). This makes hackers hack the site easily once they crack id and password for Joomla!. Information: jSecure Authentication module prevents access to administration (back end) login page without appropriate access key.
Easy to install, jSecure adds a higher level of security to your Joomla website.
jSecure Authentication 3.0 has a range of improvements including:
A. Auto Ban I.P Address
Auto Ban IP Feature. Blacklist vulnerable IP addresses automatically.
B. Manage IP's
With this feature you can simply add/remove Blacklisted IP's from "View Log".
A. Secure Components
Now with jSecure you can password protect installed components in admin area.
B. Access Graph
Graphical representation of correct v/s wrong access for different segments of time.
Added Security Features:
A. Master Password:
You can block access to the jSecure component from other administrator. Setting to "Yes", allows you to create a password that will be required when any administrator tries to access the jSecure configuration settings in the Joomla administration area.
If you do not enter a master password, the default password will be "jSecure". Provides options to include particular sections of the component in master password.
B. Master Login Control:
Login control to restrict multiple users from logging into the site using same username and password.
C. Admin Password Protection:
Added password protection to add extra security layer over the administrator folder using htaccess and htpassword.
D. Directory Listing:
Directory listing to show list of all files and folders with their permissions on the site.
A. Black Listed/ White Listed IP's:
Now range of IPs can be black listed or white listed by using format '192.*.*.*'. Warning !!! Use of '*.*.*.*' is not permitted. !!!
B. Meta Tag Controller:
Meta tag controller to override metadata of Joomla.
C. Purge Sessions:
Using this option will cleanup session of all logged-in users and they let logged-out.
* Improved backend presentation
* Improved support on our forum
Change Log for (J2.5, J3.0)
Included option to manage the permission settings for the user groups.
Change Log for (J3.0):
Important release, lots of changes to prepare for Joomla! 3.0
Change Log for (J1.5, J1.6, J1.7):
A. Fixed JSecureConfig::$iplistB and JSecureConfig::$iplistW bug for Joomla 1.5.X, Joomla 1.6.X & Joomla 1.7.0.
B. Fixed issues with mail headers for Joomla 2.5 .
C. Added text input feild instead of text area in the form option of Basic Parameters for Joomla 1.5.X, Joomla 1.6.X & Joomla 1.7.0.
Now, every ting is fine, and more I receive an email for each attempt, so I can tell you this is mandatory to protect your joomla sites with a component like that one.
Can be improved, but support is reactive. Good !
Advantages: You can hide the path to the administrative area of the site, log on the entrance and to block access by IP address.
Disadvantages: Sometimes when you upgrade the expansion there are problems with access to the administrative area.
Good value for money, easy to configure. Closes one of the biggest problems in the site's security - access to the administrative area.
I use to hide the administrative area of all sites that are creating.
Engaged in web technologies since March 2007. Use Joomla since December 2009.
Very recommended extensions that you must have on your Joomla site!
-different key's for different users
-option to exclude component from joomla permissions
-if my site is offline I don't want do have input boxes in offline messages to login in frontend. Instead it will be great to have an frontend option to use your key and then you can get access to login.
Thanks for the suggestions. Feature requests 1 and 3 are really nice and fruitful.
We will plan and try to incorporate these features in the component. Can you please elaborate 2nd feature so that we can start planning over it.
- it's easy to install and setup.
- admin users don't have any problem getting used to it
- it works.
We recommend it to all our clients, it's amazing the number of new clients that come to us that haven't done anything in the way of security. This is the simplest first step that costs less than a couple cups of good coffee.
However, I do have a couple of minor issues - while there is now the ability to black/whitelist IP addies, there's no easy way to see which are which once you put them in - all that happens is you get a list and as such I've not put my own IP in just in case it gets black instead of whitelisted without me realising. Would be much better if each list was fully shown as what it is.
And that's the only reason I've not given it a 5 star rating as otherwise it really is great but maybe some more work on it would have it truly superb!
You have to disable jSecure, then logout, then log back in via the default back end url. I've tried disabling and re-enabling the modules in different order and still the same result.
It's been over 5 days after posting the issue on the jSecure forums/support without even a reply saying that they will look into it. I don't expect a solution right away, but they could at least reply saying that they will look into it.
This product definitely would receive five stars if not for lack of support. Again, for the price I don't expect much, but at least a reply that they will look into it.