The AdminExile Plugin has long been a favored and highly rated extension in the JED. Read the reviews, check out the 9 pages of documentation, and then try it yourself.
* Access key(s) - key only, or key + key value. Others provide one or the other. AdminExile provides BOTH.
* Front-end Restriction - Restrict certain accounts from logging into the front-end with accounts intended only for back-end use.
* Lost Key Recovery - Useful for individuals using extremely difficult keys, or teams who change the keys frequently.
* IP White and Black Lists - Use individual addresses, or CIDR netmasks to define your lists.
* Brute Force Protection - Penalize users who abuse your system.
* Management of blocked addresses - See a list of blacklist attempts and bruteforce attempts, as well as the ability to reset those IP addresses.
* Admin Notification - When abuse comes from a blacklisted address or brute force is detected, an administrator can be sent a notification.
* Stealth Mode - Prevents tell-tale signs that something exists at /administrator, like the session cookie!
There are far too many features to describe in this page. Visit the documentation link to get the bigger picture.
Version 2.3.0 - additional error handling for invalid IP address/subnets typed in configuration - new IP configuration interface (With automatic sorting) and IP validation
Version 2.3.1 - fix include path issue experienced in older PHP versions
Version 2.3.2 - PHP Dynamic Loader enhancements (Thanks Richard B.)
Version 2.3.3 - fixed include path error
Version 2.3.4 - silenced unneeded warnings
Version 2.3.5 - resolved errors introduced by J3.3.1 and J2.5.19
Version 2.3.6 - EMERGENCY UPDATE - resolving VEL SQL Injection vulnerability report (Thanks Ahmad Prayitno)
All of my extensions are free and none of my extensions display advertisements or links to my sites or services. If you feel that I have blessed you, then you can bless me by making a contribution to fund future development. Visit the "Website" link to make a contribution.
I've tried all the free plugins to acomplish this task and AdminExile is by far the best. Kudos.
Wow, I never tried using an all numeric key. Thanks for the report - I'll take a close look at that.
Not just that, but also the support from Michael Richey is truly amasing. He gets involved in your case to solve any inconvenience.
Really good security results and developer support!
Not sure how effective it would be against a determined hacker but certainly gives me a bit more peace of mind. Thanks for developing it and sharing it - great plugin.
You are correct, a determined hacker willing to employ brute force against the plugin might be able to get past a key less than 8 characters long. Remember, getting past AdminExile doesn't get them logged in, just to the login screen.
So, standard password rules should apply. Long keys with a mix of upper and lower case letters and numbers will be the most secure.
i haven't got an account here, i've registered this one only to thank you :-)
keep up the good work!
Reviews are sometimes the only feedback a developer gets. I feel honored that you decided to register to leave your review. Hopefully you grace other developers for their contributions.
I've never understood why CMS/Portals don't allow you to configure the admin backend during install, including setting a different directory...
I grasp why... but still, there should be an easier way to do it then all the hacks mentioned in forums and whatnot... However this Extension went and secured access to it for me anyhow! =D
An extra layer of security can go a long way if used properly.
I am tempted to write an additional plugin even though I suck at code, that would rely on a cron job that would randomize the key for the day, and then e-mail all users in the Site Admin group the passkey.
Keep up the great work, I'd love to see what else you come up with.
That is an interesting idea.... I will definitely put some thought into that. If I add it to AdminExile it will be optional, and the plugin will remain free.
Thank God I have a full backup, which i'll restore very quickly.
My review is out of my experience, my sincere apologies to author if this hurts.
I wish you would have contacted me. What you describe is not possible from this extension. It can only run in administrator, not the front end. I suspect that you have other issues.
Before finding this plugin, I did buy the paid version of jsecure. Unfortunately, it doesn't work properly with Joomla 1.6. After a week of frustration and trying to decipher their forum, I finally gave up.
Many thanks to adminexile and its developer. I will make donation. Keep up the great work!
I was upset that JSecure went commercial, which is why I wrote this plugin. It's good to hear your review!