The Joomla! Extensions Directory ™

AdminExile Plugin

Your /administrator area is vulnerable - secure it with AdminExile. Access keys, IPv4/6 Black/White Lists (IP and CIDR netmasks supported), Brute Force detection. AdminExile has you covered.

The AdminExile Plugin has long been a favored and highly rated extension in the JED. Read the reviews, check out the 9 pages of documentation, and then try it yourself.

Key features:
* Access key(s) - key only, or key + key value. Others provide one or the other. AdminExile provides BOTH.
* Front-end Restriction - Restrict certain accounts from logging into the front-end with accounts intended only for back-end use.
* Lost Key Recovery - Useful for individuals using extremely difficult keys, or teams who change the keys frequently.
* IP White and Black Lists - Use individual addresses, or CIDR netmasks to define your lists.
* Brute Force Protection - Penalize users who abuse your system.
* Management of blocked addresses - See a list of blacklist attempts and bruteforce attempts, as well as the ability to reset those IP addresses.
* Admin Notification - When abuse comes from a blacklisted address or brute force is detected, an administrator can be sent a notification.
* Stealth Mode - Prevents tell-tale signs that something exists at /administrator, like the session cookie!

There are far too many features to describe in this page. Visit the documentation link to get the bigger picture.

Version 2.3.0 - additional error handling for invalid IP address/subnets typed in configuration - new IP configuration interface (With automatic sorting) and IP validation
Version 2.3.1 - fix include path issue experienced in older PHP versions
Version 2.3.2 - PHP Dynamic Loader enhancements (Thanks Richard B.)
Version 2.3.3 - fixed include path error
Version 2.3.4 - silenced unneeded warnings
Version 2.3.5 - resolved errors introduced by J3.3.1 and J2.5.19
Version 2.3.6 - EMERGENCY UPDATE - resolving VEL SQL Injection vulnerability report (Thanks Ahmad Prayitno)

All of my extensions are free and none of my extensions display advertisements or links to my sites or services. If you feel that I have blessed you, then you can bless me by making a contribution to fund future development. Visit the "Website" link to make a contribution.

Report Extension




Reviews: 1
Very easy installation and configuration!
Save my live!
Reviews: 1
Simple, seamless, installation. Perfect plugin. Does exactly what it says
Reviews: 6
It does what it says, with very few steps you can secure your administrator panel, just configure it accordingly and your joomla administrator panel is secure. very well done Developers good luck
Reviews: 10
I have developed and manage quite few websites. I am still trying to find solution to protect them. I have ever purchase. I have installed this plugin on Joomla 2.5 and 3 and have to admit works like charm. If it was paid plugin I still would pay! The plugin works and does the job to protect from brute force. I was able effectively stop brute force attempts. Amazing work. Thank you so much and wish you had older version for Joomla 1.5. I still have few sites that didn’t have upgrades yet and this could be awesome.
Owner's reply

I have this aversion to paying for software - by extension, I have a problem charging for it.

There are so many developers out there donating their time to Joomla development, and free extensions that I felt it was my obligation to make my extensions free.

I'm glad you're having success with the plugin. It's my intention to make the best security extension absolutely free.

Reviews: 1
AdminExile is an easy to install and configure plugin that provides compelling Brute Force security for your Joomla site.

During the first 5 days of using AdminExile on ONE of my Joomla sites, it detected and reported to me (via email) over 8,000 admin login attempts from over 270 i.p. addresses.

I simply configured the Blacklist on this site using the ip addresses logged by AdminExile, and my admin Brute Force attacks dropped to zero.

AdminExile is now installed on all of my Joomla sites and I keep a blacklist of i.p. addresses on my desktop. Every time AdminExile warns me of a new attack, I simply add the i.p. address to my desktop blacklist, then copy and past the i.p. addresses into the AdminExile blacklist for every one of my Joomla sites.

It's important to keep your blacklist 'up to date' and in numerical order so you can easily determine if an i.p. address has already been listed, or whether you need to add it to the list.

Yes, you can lock yourself out of your own site, as I've done on two occasions, but both incidences were my own fault.

AdminExile provides a couple of easy solutions for regaining access to your site, depending on how you locked yourself out, and they take only a few moments to deploy.

A highly recommended plugin that would make a wonderful inclusion to the standard Joomla package.

Thank you for providing such a comprehensive and important plugin for all Joomla users!
Owner's reply

Awesome review! I'm glad to see someone using it the way I intended. I like your idea of keeping the IP addresses in order to make it easier to determine if you've already entered one. It would also make it easier to see that attacks might be coming from an IP range, so you could then adjust the rule to encompass an entire range instead of individual addresses.

I think the next version will automatically sort the IP addresses in the white/black lists.

Reviews: 2
Such a simple idea, but probably not so simple to pull off, except this extension does indeed pull it off! Too often, very effective extensions aren't particularly easy to use, adminexile is a great exception to that...I don't see how it could be any easier! A hearty thank you for a brilliant tool! Should get 6 stars!
Owner's reply

You can beat "easy and effective" and that's what I did.

I made it easy, effective and FREE!

Reviews: 3
I used in my personal site, and I am going to extend to other sites I manage. Easy to install and setup. Very good and clear documentation. I forgot my key and, following the instructions, recovered easily the access to my site.
Reviews: 6
Works like a charm and does exactly what it says.
Thank you so much.
Reviews: 5
This extension does exactly what it says, it works perfectly, I am using it on several sites and it has never ever given me problems. The developer's website also contains information to get out of problems that may occur during its usage (for instance if you forget your secret url)... Can't give more than 5 stars, otherwise I would :)
Reviews: 4
The best extension, that does what it promises. Fantastic stuff. Keep it up.

As long as you go to the plugins, you'll find all the stuff you need.
Reviews: 2
Very straightforward accessory that every Joomla site would be benefited by. You can't even attempt to log in as an admin if you don't provide the key and value pair. Bots can't simply check the /administrator folder to see if you use Joomla.

Well thought out. Very useful. Good developer.
Reviews: 7
This plugin is simply brilliant, and the support from the developer trying to debug and solve a found bug/issue, has been one of the most dedicated experiences I've ever seen on a free plugin.

I'd really like to urge all users of this plugin, to submit a donation to the developer - big or small, anything counts!
Owner's reply

As hard as I try, I cannot possibly think of every use case and environment. It takes bug reports from users to make extensions reliable and robust.

I know that many sites rely on AdminExile for protection and that's not a responsibility I take lightly. Submit your bug reports and I'll give them the attention they deserve!

Thanks for the great review!

Reviews: 1
I just wanted to stop by and leave a brief message in regards to this excellent plugin and it's author. AdminExile has single handily saved me numerous headaches and I wanted to express my gratitude towards it's developer. Thank you Michael for developing and supporting the open source mentality and I will be leaving a donation as soon as my college income allows.


Joe C.
Reviews: 1
Michael you are the man!! Rarely do u see 5 star reviews from up to 95% of reviewers. There's a reason this one's rated so high.. Well done!! You are phenomenal.
Reviews: 41
This extension is typical of Michael Richey's work: it works perfectly, you find yourself installing it on every website and it's FREE! Michael also strives to continually improve his extensions and is hugely responsive to feature requests and constructive advice. Thanks for another great extension :)
Reviews: 30
A plugin for all to use. The support of a professional and high level of knowledge. And other great components. Congratulations MIchael. Thank you for your patience and understanding. You the man!
Reviews: 41
What more can be said? If you are serious about protecting your Joomla admin area, you need this extension. Period! And, like everything developed by Michael Richey, this thing works perfectly, with no hidden back links or superfluous features. A great extension from one of the BEST developers out there helping us!! Thanks!!!!
Reviews: 1
This Extension does exactly what it says. Hide the administrator log in page. Simple and easy, even for a Joomla noob like me!

Easy and fast to configure

None so far, does excatly what it promises

Reviews: 2
Just simple, just works. Congratulations for the developer.
Reviews: 3
This is a very useful extension. Very easy to install and configure. It adds an extra level of security to my Joomla 3 website. It deserves 5 rating.

I thank the developer for his great effort.
Page 2 of 6