The AdminExile Plugin has long been a favored and highly rated extension in the JED. Read the reviews, check out the 9 pages of documentation, and then try it yourself.
* Access key(s) - key only, or key + key value. Others provide one or the other. AdminExile provides BOTH.
* Front-end Restriction - Restrict certain accounts from logging into the front-end with accounts intended only for back-end use.
* Lost Key Recovery - Useful for individuals using extremely difficult keys, or teams who change the keys frequently.
* IP White and Black Lists - Use individual addresses, or CIDR netmasks to define your lists.
* Brute Force Protection - Penalize users who abuse your system.
* Management of blocked addresses - See a list of blacklist attempts and bruteforce attempts, as well as the ability to reset those IP addresses.
* Admin Notification - When abuse comes from a blacklisted address or brute force is detected, an administrator can be sent a notification.
* Stealth Mode - Prevents tell-tale signs that something exists at /administrator, like the session cookie!
There are far too many features to describe in this page. Visit the documentation link to get the bigger picture.
Version 2.2.0 - Feature requests answered:
1. Email once per attack (optional).
2. Separate email to differentiate blacklist and bruteforce attack.
3. separate email configuration for blacklists
4. performance improvements.
Version 2.2.1 - Joomla 2.5 bugfix. Input attribute test error - not a security issue.
Version 2.2.2 - Fix maillink addressing issue
Version 2.2.3 - Fix custom field error which occurred only in J3.1
All of my extensions are free and none of my extensions display advertisements or links to my sites or services. If you feel that I have blessed you, then you can bless me by making a contribution to fund future development. Visit the "Website" link to make a contribution.
Could I make it any easier? That's a good question. I can try.
I was thinking of adding a password generator...
It works fine, it does exactly what it does and it's one installation file for all Joomla versions. Very convenient! I read most of the reviews and it does not worth less than Excellent, plus it's totally free and without any links or annoying copyrights in the front end. All the negative reviews and ratings are 100% fault of the people who made the installation and not the extension's developer fault! The extension rocks and it should its rating should be 5 by 5.
I really try to make good extensions that work. Some people have trouble, and I don't hold that against them. The only think I ask is that when things go bad, let me try to help rather than write a bad review.
Bug fixes and feature additions don't always happen unless users report the bugs and request the features.
Until then I never even knew how frequent brute force attempts to guess the admin password were! Nevermind the fact I changed the default admin username to something random and used a really complicated password, I still I ended up getting a dozen alerts for each joomla site I administer, per day! It really freaked me out.
With AdminExile - no more. Now the wicked hack bots can't even try. Awesome. :D
That was my intention when I wrote this extension. Because you can't bruteforce a form that you can't access.
It's not "you guys", it's just me, a soda, and a bag of tortilla chips.
Thanks for the great review!
I had over 5,000 hack attempts in less than a week. After installing this plugin, I have had exactly zero attempts.
Keep up the good work.
That's amazing! ZERO is the exact number of hack attempts I wanted your site to get!
I'm glad you're pleased! It makes me happy to know that this little plugin is making difference.
After disabling pluging in database (is very good instruction) it allows to login an superuser, but gives blank admin screen.
When logging in as (luckily not disabled) admin superuser and de-install plugin, everything is normal again.
I installed plugin on other small sites with no problems.
Contact me and I can try to help you.
Lost all night searching for something like this. Thought it wouldn't suit me, but it did. Because, actualy, you can completely change text after question mark.
Complete customization? YES!
Any plugin that forces you to use a particular pattern (ahem, like ?token=...) defeats the purpose. I would never accept that someone else knew any part of my security codes - and I would never want to know (or define) any part of yours.
I'm glad that it does suit your needs, and you're welcome!