The AdminExile Plugin has long been a favored and highly rated extension in the JED. Read the reviews, check out the 9 pages of documentation, and then try it yourself.
* Access key(s) - key only, or key + key value. Others provide one or the other. AdminExile provides BOTH.
* Front-end Restriction - Restrict certain accounts from logging into the front-end with accounts intended only for back-end use.
* Lost Key Recovery - Useful for individuals using extremely difficult keys, or teams who change the keys frequently.
* IP White and Black Lists - Use individual addresses, or CIDR netmasks to define your lists.
* Brute Force Protection - Penalize users who abuse your system.
* Management of blocked addresses - See a list of blacklist attempts and bruteforce attempts, as well as the ability to reset those IP addresses.
* Admin Notification - When abuse comes from a blacklisted address or brute force is detected, an administrator can be sent a notification.
* Stealth Mode - Prevents tell-tale signs that something exists at /administrator, like the session cookie!
There are far too many features to describe in this page. Visit the documentation link to get the bigger picture.
Version 2.2.0 - Feature requests answered:
1. Email once per attack (optional).
2. Separate email to differentiate blacklist and bruteforce attack.
3. separate email configuration for blacklists
4. performance improvements.
Version 2.2.1 - Joomla 2.5 bugfix. Input attribute test error - not a security issue.
Version 2.2.2 - Fix maillink addressing issue
Version 2.2.3 - Fix custom field error which occurred only in J3.1
All of my extensions are free and none of my extensions display advertisements or links to my sites or services. If you feel that I have blessed you, then you can bless me by making a contribution to fund future development. Visit the "Website" link to make a contribution.
I have this aversion to paying for software - by extension, I have a problem charging for it.
There are so many developers out there donating their time to Joomla development, and free extensions that I felt it was my obligation to make my extensions free.
I'm glad you're having success with the plugin. It's my intention to make the best security extension absolutely free.
During the first 5 days of using AdminExile on ONE of my Joomla sites, it detected and reported to me (via email) over 8,000 admin login attempts from over 270 i.p. addresses.
I simply configured the Blacklist on this site using the ip addresses logged by AdminExile, and my admin Brute Force attacks dropped to zero.
AdminExile is now installed on all of my Joomla sites and I keep a blacklist of i.p. addresses on my desktop. Every time AdminExile warns me of a new attack, I simply add the i.p. address to my desktop blacklist, then copy and past the i.p. addresses into the AdminExile blacklist for every one of my Joomla sites.
It's important to keep your blacklist 'up to date' and in numerical order so you can easily determine if an i.p. address has already been listed, or whether you need to add it to the list.
Yes, you can lock yourself out of your own site, as I've done on two occasions, but both incidences were my own fault.
AdminExile provides a couple of easy solutions for regaining access to your site, depending on how you locked yourself out, and they take only a few moments to deploy.
A highly recommended plugin that would make a wonderful inclusion to the standard Joomla package.
Thank you for providing such a comprehensive and important plugin for all Joomla users!
Awesome review! I'm glad to see someone using it the way I intended. I like your idea of keeping the IP addresses in order to make it easier to determine if you've already entered one. It would also make it easier to see that attacks might be coming from an IP range, so you could then adjust the rule to encompass an entire range instead of individual addresses.
I think the next version will automatically sort the IP addresses in the white/black lists.
You can beat "easy and effective" and that's what I did.
I made it easy, effective and FREE!
Well thought out. Very useful. Good developer.
I'd really like to urge all users of this plugin, to submit a donation to the developer - big or small, anything counts!
As hard as I try, I cannot possibly think of every use case and environment. It takes bug reports from users to make extensions reliable and robust.
I know that many sites rely on AdminExile for protection and that's not a responsibility I take lightly. Submit your bug reports and I'll give them the attention they deserve!
Thanks for the great review!