The AdminExile Plugin has long been a favored and highly rated extension in the JED. Read the reviews, check out the 9 pages of documentation, and then try it yourself.
* Access key(s) - key only, or key + key value. Others provide one or the other. AdminExile provides BOTH.
* Front-end Restriction - Restrict certain accounts from logging into the front-end with accounts intended only for back-end use.
* Lost Key Recovery - Useful for individuals using extremely difficult keys, or teams who change the keys frequently.
* IP White and Black Lists - Use individual addresses, or CIDR netmasks to define your lists.
* Brute Force Protection - Penalize users who abuse your system.
* Management of blocked addresses - See a list of blacklist attempts and bruteforce attempts, as well as the ability to reset those IP addresses.
* Admin Notification - When abuse comes from a blacklisted address or brute force is detected, an administrator can be sent a notification.
* Stealth Mode - Prevents tell-tale signs that something exists at /administrator, like the session cookie!
There are far too many features to describe in this page. Visit the documentation link to get the bigger picture.
Version 2.2.0 - Feature requests answered:
1. Email once per attack (optional).
2. Separate email to differentiate blacklist and bruteforce attack.
3. separate email configuration for blacklists
4. performance improvements.
Version 2.2.1 - Joomla 2.5 bugfix. Input attribute test error - not a security issue.
Version 2.2.2 - Fix maillink addressing issue
Version 2.2.3 - Fix custom field error which occurred only in J3.1
All of my extensions are free and none of my extensions display advertisements or links to my sites or services. If you feel that I have blessed you, then you can bless me by making a contribution to fund future development. Visit the "Website" link to make a contribution.
Even with the slight problems that i have i still love it.
When i log in the back-end it sends me back to the front-page and i have to fill in the key again than it goes straight to the back-end, aside from that I LOVE IT :D
That issue is described in the extension description and is caused by a Joomla 1.5 bug (you'll find the issue numbers in the description as well). It does not occur in Joomla 1.6. When the Joomla core developers implement one of the submitted fixes, this issue will go away.
I'm sorry you experienced this issue, but it's not caused by the plugin.
I've tried all the free plugins to acomplish this task and AdminExile is by far the best. Kudos.
Wow, I never tried using an all numeric key. Thanks for the report - I'll take a close look at that.
Not just that, but also the support from Michael Richey is truly amasing. He gets involved in your case to solve any inconvenience.
Really good security results and developer support!
Not sure how effective it would be against a determined hacker but certainly gives me a bit more peace of mind. Thanks for developing it and sharing it - great plugin.
You are correct, a determined hacker willing to employ brute force against the plugin might be able to get past a key less than 8 characters long. Remember, getting past AdminExile doesn't get them logged in, just to the login screen.
So, standard password rules should apply. Long keys with a mix of upper and lower case letters and numbers will be the most secure.
i haven't got an account here, i've registered this one only to thank you :-)
keep up the good work!
Reviews are sometimes the only feedback a developer gets. I feel honored that you decided to register to leave your review. Hopefully you grace other developers for their contributions.
I've never understood why CMS/Portals don't allow you to configure the admin backend during install, including setting a different directory...
I grasp why... but still, there should be an easier way to do it then all the hacks mentioned in forums and whatnot... However this Extension went and secured access to it for me anyhow! =D
An extra layer of security can go a long way if used properly.
I am tempted to write an additional plugin even though I suck at code, that would rely on a cron job that would randomize the key for the day, and then e-mail all users in the Site Admin group the passkey.
Keep up the great work, I'd love to see what else you come up with.
That is an interesting idea.... I will definitely put some thought into that. If I add it to AdminExile it will be optional, and the plugin will remain free.
Thank God I have a full backup, which i'll restore very quickly.
My review is out of my experience, my sincere apologies to author if this hurts.
I wish you would have contacted me. What you describe is not possible from this extension. It can only run in administrator, not the front end. I suspect that you have other issues.