The AdminExile Plugin has long been a favored and highly rated extension in the JED. Read the reviews, check out the 9 pages of documentation, and then try it yourself.
* Access key(s) - key only, or key + key value. Others provide one or the other. AdminExile provides BOTH.
* Front-end Restriction - Restrict certain accounts from logging into the front-end with accounts intended only for back-end use.
* Lost Key Recovery - Useful for individuals using extremely difficult keys, or teams who change the keys frequently.
* IP White and Black Lists - Use individual addresses, or CIDR netmasks to define your lists.
* Brute Force Protection - Penalize users who abuse your system.
* Management of blocked addresses - See a list of blacklist attempts and bruteforce attempts, as well as the ability to reset those IP addresses.
* Admin Notification - When abuse comes from a blacklisted address or brute force is detected, an administrator can be sent a notification.
* Stealth Mode - Prevents tell-tale signs that something exists at /administrator, like the session cookie!
There are far too many features to describe in this page. Visit the documentation link to get the bigger picture.
Version 2.3.0 - additional error handling for invalid IP address/subnets typed in configuration - new IP configuration interface (With automatic sorting) and IP validation
Version 2.3.1 - fix include path issue experienced in older PHP versions
Version 2.3.2 - PHP Dynamic Loader enhancements (Thanks Richard B.)
Version 2.3.3 - fixed include path error
Version 2.3.4 - silenced unneeded warnings
Version 2.3.5 - resolved errors introduced by J3.3.1 and J2.5.19
Version 2.3.6 - EMERGENCY UPDATE - resolving VEL SQL Injection vulnerability report (Thanks Ahmad Prayitno)
All of my extensions are free and none of my extensions display advertisements or links to my sites or services. If you feel that I have blessed you, then you can bless me by making a contribution to fund future development. Visit the "Website" link to make a contribution.
Will use your donate button later as soon as I get the next paycheck.
How do I make money... Well, I don't - not from free extensions anyway.
Most of these extensions were built for my clients. Because they opted to NOT purchase full rights, I released them for free. So my clients paid me to create them, but they didn't pay to own them.
There are several extensions I've created that are, sadly, not mine to give away anymore.
Fast and easy. I am impressed.
Excellent point Jody -
AdminExile isn't the only thing an administrator/owner should do to secure the administrator area. It is, however, a good first step. Strong passwords should be the next consideration.
Paranoia is a good trait for webmasters.
Today when I try to log in again, I can't get the login page! (by the url cached on my firefox)
Problem solved by removing the www. on the url.
Not sure if it is because that url is itself a subdomain or why, anyway, hope this piece of infn is useful to those who encounter similar situation.
Subdomain you say... I'll look into that!
Send me a message through my site!
It works as advertized, I had it up and running in less than 1 minute. I was using another extension, however the programmer failed to support J1.6~ when I made the transition, so now I only use AdminExile on all my sites.
I love the new feature in Version 1.6 - Option to use key + value.
I also use Clean Response on all my sites.
Michael Richey please keep up the great work!
I was happy to see the added feature which would allow me to block a Manager from logging into the front end (solving another of my needs), but it does not work as I expected. I'm emailing Michael for help. AdminExile still gets an Excellent rating, as the primary function works flawlessly.
wweb pointed out a bug with the front end restriction option which turned out to be an out-of-place quotation mark (it's always something silly/simple).
One side note: In 1.5.25 it first redirects you to your homepage and after one more try you can login in your admin backend.
It's definitely a bug and should be removed, otherwise I would say KUDOS to you guys, keep the good work!
Greetings from Croatia!
The problem you describe is caused by a Joomla bug introduced in Joomla 1.5.22. The issue is documented in the Joomla bug tracker in issues 23216 and 24976 (it's actually just 1 issue). There are several proposed fixes, but none have been implemented.
This one has been open for more than a year.
This one has been open for almost a year.
I agree that it should be removed. Unfortunately, I've done all I can to resolve it - the issue is within Joomla.
It works fine, easy to install and add a first step of security to your Joomla site.
This plugin is very simple, so there is nothing else to write.
Thanks to the author.
On The Other Hand, AdminExile works like a charm straight out of the box. The protection is simple, but highly effective. I would (and will!) recommend it to anyone looking to add an extra layer of protection to their Joomla websit.! Good show!
Even with the slight problems that i have i still love it.
When i log in the back-end it sends me back to the front-page and i have to fill in the key again than it goes straight to the back-end, aside from that I LOVE IT :D
That issue is described in the extension description and is caused by a Joomla 1.5 bug (you'll find the issue numbers in the description as well). It does not occur in Joomla 1.6. When the Joomla core developers implement one of the submitted fixes, this issue will go away.
I'm sorry you experienced this issue, but it's not caused by the plugin.