The AdminExile Plugin has long been a favored and highly rated extension in the JED. Read the reviews, check out the 9 pages of documentation, and then try it yourself.
* Access key(s) - key only, or key + key value. Others provide one or the other. AdminExile provides BOTH.
* Front-end Restriction - Restrict certain accounts from logging into the front-end with accounts intended only for back-end use.
* Lost Key Recovery - Useful for individuals using extremely difficult keys, or teams who change the keys frequently.
* IP White and Black Lists - Use individual addresses, or CIDR netmasks to define your lists.
* Brute Force Protection - Penalize users who abuse your system.
* Management of blocked addresses - See a list of blacklist attempts and bruteforce attempts, as well as the ability to reset those IP addresses.
* Admin Notification - When abuse comes from a blacklisted address or brute force is detected, an administrator can be sent a notification.
* Stealth Mode - Prevents tell-tale signs that something exists at /administrator, like the session cookie!
There are far too many features to describe in this page. Visit the documentation link to get the bigger picture.
Version 2.3.0 - additional error handling for invalid IP address/subnets typed in configuration - new IP configuration interface (With automatic sorting) and IP validation
Version 2.3.1 - fix include path issue experienced in older PHP versions
Version 2.3.2 - PHP Dynamic Loader enhancements (Thanks Richard B.)
Version 2.3.3 - fixed include path error
Version 2.3.4 - silenced unneeded warnings
Version 2.3.5 - resolved errors introduced by J3.3.1 and J2.5.19
Version 2.3.6 - EMERGENCY UPDATE - resolving VEL SQL Injection vulnerability report (Thanks Ahmad Prayitno)
All of my extensions are free and none of my extensions display advertisements or links to my sites or services. If you feel that I have blessed you, then you can bless me by making a contribution to fund future development. Visit the "Website" link to make a contribution.
There was an issue with Joomla 3.x where you couldn't white/blacklist IP addresses. It's fixed now with a recent update. It's free but worth making a donation, I did.
The "Mail Link" feature was a user request! If you have an idea for new functionality - I take requests. Things that make sense for the plugin are added!
Sorry for the delay. I sustained a head injury and have only been doing work for my contract clients while I healed. Many of my extensions will be receiving bug/fix updates today, AdminExile is the first.
Works excellent... if you get locked out... no worries easily fixed. Works great with the new two factor authentication in Joomla.
Hopefully, these measures will stop the nonsense.
I also configure the email alert option so that I get emailed every time someone try to hack into the Joomla backend, and the attempts has gone through the roof in the last year.
If you haven't protected your admin url yet, then do not hesitate.
Download and install this plugin straight away, and within minutes you will have increased the security many fold.
I can test in many environments - but I can't test in all environments. It takes bug reports to find the outliers - the bugs that spring up from system configurations that I didn't test.
Along with the bug reports, it also takes users like you who are willing to take the time to help me test in your environment, where I have no physical presence.
Thanks for helping to make this extension even better!
Other users are as responsible for the current features as I am. When I think of, or a user requests a feature that would make my extensions better - it gets added.
This extension has evolved with great support from the community and people like you.... not that you aren't part of the community...you know what I mean :)