The Joomla! Extensions Directory ™

AdminExile Plugin

Your /administrator area is vulnerable - secure it with AdminExile. Access keys, IPv4/6 Black/White Lists (IP and CIDR netmasks supported), Brute Force detection. AdminExile has you covered.

The AdminExile Plugin has long been a favored and highly rated extension in the JED. Read the reviews, check out the 9 pages of documentation, and then try it yourself.

Key features:
* Access key(s) - key only, or key + key value. Others provide one or the other. AdminExile provides BOTH.
* Front-end Restriction - Restrict certain accounts from logging into the front-end with accounts intended only for back-end use.
* Lost Key Recovery - Useful for individuals using extremely difficult keys, or teams who change the keys frequently.
* IP White and Black Lists - Use individual addresses, or CIDR netmasks to define your lists.
* Brute Force Protection - Penalize users who abuse your system.
* Management of blocked addresses - See a list of blacklist attempts and bruteforce attempts, as well as the ability to reset those IP addresses.
* Admin Notification - When abuse comes from a blacklisted address or brute force is detected, an administrator can be sent a notification.
* Stealth Mode - Prevents tell-tale signs that something exists at /administrator, like the session cookie!

There are far too many features to describe in this page. Visit the documentation link to get the bigger picture.

Version 2.3.0 - additional error handling for invalid IP address/subnets typed in configuration - new IP configuration interface (With automatic sorting) and IP validation
Version 2.3.1 - fix include path issue experienced in older PHP versions
Version 2.3.2 - PHP Dynamic Loader enhancements (Thanks Richard B.)
Version 2.3.3 - fixed include path error
Version 2.3.4 - silenced unneeded warnings
Version 2.3.5 - resolved errors introduced by J3.3.1 and J2.5.19
Version 2.3.6 - EMERGENCY UPDATE - resolving VEL SQL Injection vulnerability report (Thanks Ahmad Prayitno)

All of my extensions are free and none of my extensions display advertisements or links to my sites or services. If you feel that I have blessed you, then you can bless me by making a contribution to fund future development. Visit the "Website" link to make a contribution.

Report Extension




Reviews: 2
We have never reviewed an extension before, but as this is such a good one, we thought it only right.

The extension is easy and quick to set up, but very effective.

We have been developing Joomla sites for many years now and this is the type of core extension that all Joomla websites should use.

And its completely free!

Keep up the good work, To show our appreciation we have also made a donation!
Owner's reply

I appreciate the review and the donation! I'll be putting it to good use - school supplies for my son.

Reviews: 1
We have a website composed of 10 000 members on it but we always see hacking attacks so we decided to install this plugin yesterday for the first time.

Excellent it worked for 14h. Then, impossible to get access to the backend anymore. Not even with the key or whatever you explain on your website.

Now, we are facing more than 50 members that can't access to some things they paid for.

We face a 403 forbidden page and nothing more is usable.

Thank you so much, we really appreciate it. No support, no documentation. That's why it's free.
Owner's reply

My software is very clearly written - and not obfuscated. It should be trivial for anyone who knows what they're doing to see that there aren't any 14 hour timers built into the code.

Additionally, there is only one piece of code that sends a response code - and that code is 404 - not 403. 404 is not found - as in the content doesn't exist, while 403 is forbidden - as in, the server has been configured to disallow access.

My guess is that you installed a whole bunch of things at the same time - and you have no idea what went wrong. If I was a betting man - I'd say you caused the error by changing something in your .htaccess file.

Reviews: 1
It's working fine but except 2 issues.
Firstly, while I'm clicking on logout button, its showing "Oops! the link appears to be broken".
Secondly, once I use this blanket url in a browser, the next time if I open the administrator link directly, without using this blanket url, the administrator page is opening directly.
Owner's reply

First: If you're getting an error on logout - it's because you have an invalid redirect URL in the plugin settings.

Second: if you read the description, you would know that this is how the plugin behaves:

"Once you've clicked the second link, your AdminExile key will be active until your session expires (or until you close your browser)."

Reviews: 18
nothing could be simpler than this plugin. The hardest part i would say is choosing a password. 5 stars and 2 thumbs up for this brilliant little plugin.
Reviews: 2
The extension is easy in all respects just like the old joomla 1.5 backendtoken but made for 2.5.
Reviews: 1
This extension is a no-brainer, and should be installed on every Joomla site. It's super simple, yet super effective.
Reviews: 18
I will give 6 stars!!

Just what i was looking for, I was so worried about this, as many will have no clue for back-end, but the ones know will have it in no time!!

simply install and define your value!! your set!! Thank you.
Reviews: 6
This is really a great Plugin for joomla 2.5 !! easy to install and active and the example works right away change it to your own Token and your done ( don't forget your token :) u can find it under extensions - Plugin manager )
Reviews: 1
Excellent ! only one issue can't logout
running latest joomla 2.5
cleaned: cache, cookies, data
Owner's reply

Please contact me. I've never experienced, nor heard of an issue like that.

Reviews: 2
Easy to install, does what it says by hiding your Administrator login area from preying eyes and spiders. Should be part of the Joomla core.
Reviews: 4
Easy to install - works a treat with J2.5 helps to keep out trouble without a complex method and shields the administrator page from sight.

( Never a good idea to use purely numeric passwords, mentioned by a previous reviewer )
Reviews: 1
What a very good and useful plugin, I installed it and it works, thanks
Reviews: 1
good plugin.
but, when im try on nginx server i cant login. except i disable this plugin from mysql.
maybee url rewrite problem? o.O
but working good on apache
Owner's reply

Joomla /administrator doesn't utilize mod_rewrite - no SEF urls in /administrator.

Reviews: 1
It's a useful plugin. But I found some issues when I use it with VirtueMart. It seems like AdminExile block VirtueMart too.
Owner's reply

When you emailed your information to me yesterday, you indicated that you were running Joomla 1.5.20 (current is 1.5.26), VirtueMart 1.1.7 (current is 2.0.6), and AdminExile 1.4 (current is 1.9).

Before you write things like this in reviews, you might consider updating your software to the latest revisions.

Reviews: 3
This is a great extension with a great documentation and support from the developer. He goes above and beyond if you need help. Thank you!

Reviews: 1
One word.. whoaaa!

It is easy to use, install, add your keyword, then save.

Even leaving comment here takes longer time than use this plug-in.
Reviews: 31
Brilliant - I used to use a similar extension which was free, but now costs. This is actually better in that it was much cleaner to set up - took several seconds and done! Thank you for bringing this to us for FREE.. Genius :)
Reviews: 1
it s working great and easy use
Reviews: 1
Worked the first time, another layer of security
Reviews: 15
i was looking for some ways that people would not be able to easily come across my admin page.
this does te trick...and very well indeed.
nomore people trying to login as admin :)

i seriously hope lots of ppl will let you make extentions without buying full rights...that may sound harsh. but hey,
i really enjoy your plugins and will deffo donate when i finished this website ;)
Owner's reply

For those who are confused by this review - I offer custom development services. When a customer has an idea for an extension that I think would benefit the community - I offer to build it at a reduced cost in exchange for full copyright and a promise to release it as a free extension in the JED.

These free extensions become a calling card and code example and bring more business to me. I can't say I like charging less - but I can say that I do enjoy giving back to the community.

Page 4 of 6