The Joomla! Extensions Directory ™

AdminExile Plugin

Your /administrator area is vulnerable - secure it with AdminExile. Access keys, IPv4/6 Black/White Lists (IP and CIDR netmasks supported), Brute Force detection. AdminExile has you covered.

The AdminExile Plugin has long been a favored and highly rated extension in the JED. Read the reviews, check out the 9 pages of documentation, and then try it yourself.

Key features:
* Access key(s) - key only, or key + key value. Others provide one or the other. AdminExile provides BOTH.
* Front-end Restriction - Restrict certain accounts from logging into the front-end with accounts intended only for back-end use.
* Lost Key Recovery - Useful for individuals using extremely difficult keys, or teams who change the keys frequently.
* IP White and Black Lists - Use individual addresses, or CIDR netmasks to define your lists.
* Brute Force Protection - Penalize users who abuse your system.
* Management of blocked addresses - See a list of blacklist attempts and bruteforce attempts, as well as the ability to reset those IP addresses.
* Admin Notification - When abuse comes from a blacklisted address or brute force is detected, an administrator can be sent a notification.
* Stealth Mode - Prevents tell-tale signs that something exists at /administrator, like the session cookie!

There are far too many features to describe in this page. Visit the documentation link to get the bigger picture.

Version 2.3.0 - additional error handling for invalid IP address/subnets typed in configuration - new IP configuration interface (With automatic sorting) and IP validation
Version 2.3.1 - fix include path issue experienced in older PHP versions
Version 2.3.2 - PHP Dynamic Loader enhancements (Thanks Richard B.)
Version 2.3.3 - fixed include path error
Version 2.3.4 - silenced unneeded warnings
Version 2.3.5 - resolved errors introduced by J3.3.1 and J2.5.19
Version 2.3.6 - EMERGENCY UPDATE - resolving VEL SQL Injection vulnerability report (Thanks Ahmad Prayitno)

All of my extensions are free and none of my extensions display advertisements or links to my sites or services. If you feel that I have blessed you, then you can bless me by making a contribution to fund future development. Visit the "Website" link to make a contribution.

Report Extension




Reviews: 2
It was very easy to setup and this is a great idea, was looking for something like this, tried another one but got locked out of the site, this extension worked immediately, thank you!
Reviews: 8
How do you make money when all of your very very good extensions are all FREE. You are one of a kind of open dev. I salute you for all your hard work.

Will use your donate button later as soon as I get the next paycheck.
Owner's reply

How do I make money... Well, I don't - not from free extensions anyway.

Most of these extensions were built for my clients. Because they opted to NOT purchase full rights, I released them for free. So my clients paid me to create them, but they didn't pay to own them.

There are several extensions I've created that are, sadly, not mine to give away anymore.

Reviews: 9
The first objective in safety is not to be seen. This extension redirects your browser if you try and access the back-end (e.g. .../administrator ) without a key.

Fast and easy. I am impressed.
Owner's reply

Excellent point Jody -

AdminExile isn't the only thing an administrator/owner should do to secure the administrator area. It is, however, a good first step. Strong passwords should be the next consideration.

Paranoia is a good trait for webmasters.

Reviews: 3
I installed it yesterday. It is as easy as what other reviews said. And it works instantly.
Today when I try to log in again, I can't get the login page! (by the url cached on my firefox)
... ...
Problem solved by removing the www. on the url.
Not sure if it is because that url is itself a subdomain or why, anyway, hope this piece of infn is useful to those who encounter similar situation.
Owner's reply

Subdomain you say... I'll look into that!

Send me a message through my site!

Reviews: 4
Does exactly what it says, takes about half a minute to set up, and it's free! Awesome!
Reviews: 22
This is a must for all Joomla sites!

It works as advertized, I had it up and running in less than 1 minute. I was using another extension, however the programmer failed to support J1.6~ when I made the transition, so now I only use AdminExile on all my sites.

I love the new feature in Version 1.6 - Option to use key + value.

I also use Clean Response on all my sites.

Michael Richey please keep up the great work!
Reviews: 1
I wanted to hide my 1.7 Administrator login page and this does exactly that, and does it simply and cleanly. Excellent!

I was happy to see the added feature which would allow me to block a Manager from logging into the front end (solving another of my needs), but it does not work as I expected. I'm emailing Michael for help. AdminExile still gets an Excellent rating, as the primary function works flawlessly.

Owner's reply

wweb pointed out a bug with the front end restriction option which turned out to be an out-of-place quotation mark (it's always something silly/simple).

Reviews: 7
I have been plagued for weeks by some dictionary hackers trying to break into my Joomla admins. This beautiful plugin has put an end to that headache for me. And by bumping would-be hackers to the front page, it increases the traffic to my Google ads as well. What a wonderful extension!
Reviews: 4
Everybody should protect the login page.

Working in 2 min.

Reviews: 8
Very useful and really good extension to any Joomla site.
One side note: In 1.5.25 it first redirects you to your homepage and after one more try you can login in your admin backend.
It's definitely a bug and should be removed, otherwise I would say KUDOS to you guys, keep the good work!
Greetings from Croatia!
Owner's reply

The problem you describe is caused by a Joomla bug introduced in Joomla 1.5.22. The issue is documented in the Joomla bug tracker in issues 23216 and 24976 (it's actually just 1 issue). There are several proposed fixes, but none have been implemented.

This one has been open for more than a year.

This one has been open for almost a year.

I agree that it should be removed. Unfortunately, I've done all I can to resolve it - the issue is within Joomla.

Reviews: 1
I have a new site made with Joomla 1.7 and I was searching for a free substitute of Jsecure, that I was using form my Joomla 1.5 site, and I've found AdminExile.
It works fine, easy to install and add a first step of security to your Joomla site.
This plugin is very simple, so there is nothing else to write.
Thanks to the author.
Reviews: 9
Works really fine, and protects my site from unauthorizes access.
Does what it says and does it good :)
Reviews: 5
This plugin is brilliant, installed and working in seconds.

Thank you for developing this and a bigger thank you for sharing.
Reviews: 8
Without this plugin, it's possible to add a password barrier to your admin URL via htaccess. If you build Joomla sites for clients, however, you know that every required password is another thing your client can lose (and that you'll have to support). AdminExile secures the admin interface without an extra password barrier. It's simply a must-have, headache-free security control.
Reviews: 2
This plugin works so well that I want to see it added to the Joomla core for we will then get a hefty increase in security
Reviews: 2
Easily installed on Joomla 1.7 just days after it's release. Thank you for keeping Joomla! sites secure and up to date.
Reviews: 9
Love this plugin! I choose this plugin due to the amount of good reviews and once it worked first time perfectly I owe it the to author to give him my gratitude!

I hope to see more plugin's from you in the future of this same quality.
Reviews: 7
I had tried to use a couple of other security extensions to protect the Admin page of my website, and had no luck. One even locked me out of the back-end completely and it took ripping things out and replacing other things from other Joomla installs with a mixture of FTP and phpMyAdmin to gain access again. Not cool.

On The Other Hand, AdminExile works like a charm straight out of the box. The protection is simple, but highly effective. I would (and will!) recommend it to anyone looking to add an extra layer of protection to their Joomla websit.! Good show!
Reviews: 2
This plug-in is very easy to understand and use both in install and application. Works like a charm and should be a common feature in every Joomla! site. Thanks!
Reviews: 1
This is a need to have addon.
Even with the slight problems that i have i still love it.

When i log in the back-end it sends me back to the front-page and i have to fill in the key again than it goes straight to the back-end, aside from that I LOVE IT :D
Owner's reply

That issue is described in the extension description and is caused by a Joomla 1.5 bug (you'll find the issue numbers in the description as well). It does not occur in Joomla 1.6. When the Joomla core developers implement one of the submitted fixes, this issue will go away.

I'm sorry you experienced this issue, but it's not caused by the plugin.

Page 5 of 6