The Joomla! Extensions Directory ™

AdminExile Plugin

Your /administrator area is vulnerable - secure it with AdminExile. Access keys, IPv4/6 Black/White Lists (IP and CIDR netmasks supported), Brute Force detection. AdminExile has you covered.

The AdminExile Plugin has long been a favored and highly rated extension in the JED. Read the reviews, check out the 9 pages of documentation, and then try it yourself.

Key features:
* Access key(s) - key only, or key + key value. Others provide one or the other. AdminExile provides BOTH.
* Front-end Restriction - Restrict certain accounts from logging into the front-end with accounts intended only for back-end use.
* Lost Key Recovery - Useful for individuals using extremely difficult keys, or teams who change the keys frequently.
* IP White and Black Lists - Use individual addresses, or CIDR netmasks to define your lists.
* Brute Force Protection - Penalize users who abuse your system.
* Management of blocked addresses - See a list of blacklist attempts and bruteforce attempts, as well as the ability to reset those IP addresses.
* Admin Notification - When abuse comes from a blacklisted address or brute force is detected, an administrator can be sent a notification.
* Stealth Mode - Prevents tell-tale signs that something exists at /administrator, like the session cookie!

There are far too many features to describe in this page. Visit the documentation link to get the bigger picture.

Version 2.3.0 - additional error handling for invalid IP address/subnets typed in configuration - new IP configuration interface (With automatic sorting) and IP validation
Version 2.3.1 - fix include path issue experienced in older PHP versions
Version 2.3.2 - PHP Dynamic Loader enhancements (Thanks Richard B.)
Version 2.3.3 - fixed include path error
Version 2.3.4 - silenced unneeded warnings
Version 2.3.5 - resolved errors introduced by J3.3.1 and J2.5.19

All of my extensions are free and none of my extensions display advertisements or links to my sites or services. If you feel that I have blessed you, then you can bless me by making a contribution to fund future development. Visit the "Website" link to make a contribution.

Report Extension




Reviews: 1
i am a joomla 1.5 user and i have allot of extension for this version, i was not using joomla 3 because of the admin security reasons, so as my personal opinion this one is better then jsecure, as i find this cool plug-in i am going to turn my site to version 3 from version 1.5.26, thank you guys for the great effort put on to build this cool plug-in.
Owner's reply

It's not "you guys", it's just me, a soda, and a bag of tortilla chips.

Thanks for the great review!

Reviews: 1
This plugin does a nice job of protecting your [administrator] directory. I used to use a .htaccess file that forced password, but that would still confirm the existence of the folder. After getting hacked twice, I wanted something that would block anyone knowing about the administrator directory period; this plugin does exactly what I wanted. I enabled the optional "value+key" in order to make the access key a little bit harder to guess. Thanks muchly!!
Reviews: 16
OK, Joomla say's I have to write some more, just saying "little VERY useful tool. THANKS TO THE DEVELOPER !" would not be enough... SOOOO, HERE WE GO: IT IS REEEAAALLLYYY REEEAAALLLYYY EXXXELLENT AND I MEAN IT !!! Coz the best start of protecting a site (and frustrate spammers) is not showing them the Admin Login Page in the first place.
Reviews: 2
Been using this on a number of sites for a while now, and it's so easy and simple to use.

Works great on Joomla 3.
Reviews: 1
I just installed it, very easy to do, easy to configure, and it works perfekt for me!!! Thx to the developer!!!
Reviews: 2
This is a wonderful plug-in. Thank You very much. I would have paid You for it, but I'm a poor man, I promise that if I get rich, I will definitely give a good amount of the further development.
Reviews: 1
Simple and straight forward.
I had over 5,000 hack attempts in less than a week. After installing this plugin, I have had exactly zero attempts.

Keep up the good work.
Owner's reply

That's amazing! ZERO is the exact number of hack attempts I wanted your site to get!

I'm glad you're pleased! It makes me happy to know that this little plugin is making difference.

Reviews: 6
Is free and does not have links redirecting to other sites, very honest.
Reviews: 17
Very simple, works 100% of the time. I highly recommend EVERY Joomla site have this installed, it really does add security to your site. I also suggest making a custom link within the extension vs the default for added security.
Reviews: 1
Out of the box, fantastic execution! Tried to crack it a couple of times but didn't let me in the admin login page.
Reviews: 29
I use this plugin on all my sites to protect it form accessing administration panel. It is very simple solution but very useful. Great work.
Reviews: 9
Well written and executed plugin. I am so glad you made this available. Will be making a donation for this!
Reviews: 11
Thank you so much for the developer for making this useful extension ,may God bless you :)
Reviews: 1
I installed the plugin on a large site and when I enter URL with correct ?codekey it redirects to homepage.
After disabling pluging in database (is very good instruction) it allows to login an superuser, but gives blank admin screen.

When logging in as (luckily not disabled) admin superuser and de-install plugin, everything is normal again.

I installed plugin on other small sites with no problems.
Owner's reply

Contact me and I can try to help you.

Reviews: 1
Realy nice extension!

Lost all night searching for something like this. Thought it wouldn't suit me, but it did. Because, actualy, you can completely change text after question mark.

Owner's reply

Complete customization? YES!

Any plugin that forces you to use a particular pattern (ahem, like ?token=...) defeats the purpose. I would never accept that someone else knew any part of my security codes - and I would never want to know (or define) any part of yours.

I'm glad that it does suit your needs, and you're welcome!

Reviews: 17
I use this extension don’t have any problem, Works great. Thank you Michael Richey, If all goes well I will donate. Thank you
Reviews: 2
We have never reviewed an extension before, but as this is such a good one, we thought it only right.

The extension is easy and quick to set up, but very effective.

We have been developing Joomla sites for many years now and this is the type of core extension that all Joomla websites should use.

And its completely free!

Keep up the good work, To show our appreciation we have also made a donation!
Owner's reply

I appreciate the review and the donation! I'll be putting it to good use - school supplies for my son.

Reviews: 1
We have a website composed of 10 000 members on it but we always see hacking attacks so we decided to install this plugin yesterday for the first time.

Excellent it worked for 14h. Then, impossible to get access to the backend anymore. Not even with the key or whatever you explain on your website.

Now, we are facing more than 50 members that can't access to some things they paid for.

We face a 403 forbidden page and nothing more is usable.

Thank you so much, we really appreciate it. No support, no documentation. That's why it's free.
Owner's reply

My software is very clearly written - and not obfuscated. It should be trivial for anyone who knows what they're doing to see that there aren't any 14 hour timers built into the code.

Additionally, there is only one piece of code that sends a response code - and that code is 404 - not 403. 404 is not found - as in the content doesn't exist, while 403 is forbidden - as in, the server has been configured to disallow access.

My guess is that you installed a whole bunch of things at the same time - and you have no idea what went wrong. If I was a betting man - I'd say you caused the error by changing something in your .htaccess file.

Reviews: 1
It's working fine but except 2 issues.
Firstly, while I'm clicking on logout button, its showing "Oops! the link appears to be broken".
Secondly, once I use this blanket url in a browser, the next time if I open the administrator link directly, without using this blanket url, the administrator page is opening directly.
Owner's reply

First: If you're getting an error on logout - it's because you have an invalid redirect URL in the plugin settings.

Second: if you read the description, you would know that this is how the plugin behaves:

"Once you've clicked the second link, your AdminExile key will be active until your session expires (or until you close your browser)."

Reviews: 19
nothing could be simpler than this plugin. The hardest part i would say is choosing a password. 5 stars and 2 thumbs up for this brilliant little plugin.
Page 3 of 6