The Joomla! Extensions Directory ™


Securitycheck ComponentPlugin

Securitycheck is a medium protection suite. This new version includes:

* A new and modular interface to manage the entire extension quickly and easily.

* Web Firewall
The web firewall has been tested against more than 90 SQL, LFI and XSS attacks patterns, and includes the following features:
- Blacklist.
- Whitelist.
- Events recording, which can be viewed by admins from backend.
- Redirection to a default page if an attack is detected.
- Second level protection to find suspect words.
- Session protection

* File Manager
You can check file/folder permissions and easily view misconfigured configurations.

* .Htaccess protection
Want to hide your backend url? Add a secret key to your admin page to prevent dictionary and brute force attacks.

* Vulnerabilities checking
Securitycheck performs a check of the versions of all the components of your Joomla installation, comparing them with its database to show if there are vulnerable extensions. Forget
individually test of every component to avoid vulnerabilities: Securitycheck does it for you.

* Remote Management
Manage the extension remotelly through our Securitycheck Pro Control Center, which allows you to get all your extensions status, launch tasks and even update them from a centralized console.

* Akeeba Live Update integration
We have included this feature to easily manage and update new releases.

++ Please, read the user guide before install the extension.

Report Extension

 

 

2014-08-04
Reviews: 1
First of All, I never ever right reviews. But this time I simply have to say that using this extension was the wisest decision I took.

Over the last 9 months I have been using SecurityCheck. I chose this after a lot of research into free and paid extensions, but this extension offered a lot, at no cost. One of my websites was hacked nine months ago and since installing this extension, the site has been protected from over 500 hacking attempts. I highly recommend this extension to all Joomla! users.

A big thanks to the developers for a wonderful extension.

Cheers,
Sriraag
2014-07-22
Reviews: 1
Works right out of the box as a charm. Easy to install and configure, in the first week it already blocked 4 attacks.

It has become in a must have for me.
2014-07-07
Reviews: 1
Sounds like a great extension to further protect our website. So far, it has given me good results and I hope you go further mejorandfo. diseñadors congratulations to this extension. Thank you.
2013-11-06
Reviews: 7
This works very well right out of the box, even for a novice. One thing, which takes some getting used to, is that it prohibits being logged onto the front and back ends at the same time. It took me awhile to figure out why but the developer got back to me very quickly and the reasons far outweigh the convenience of logging in to the front and back simultaneously. I would strongly recommend this component.
2013-10-04
Reviews: 10
Among other things I run a member site for which I need better security. I chose to test Securitycheck.

At first I was impressed with the professional look and all different levels of security one may set, but when I wanted to show a possible customer the professionalism of the extensions, I uncovered that the htaccess protection was not working. Even though I had selected an extra admin url password, and the ext said everything was ok, there was no protection. I wrote to the forum and got the answer that I needed to upgrade and reinstall, but I do run all the latest versions, so I put reinstalling on hold and simply reverted to my previous backend protection with AskMyAdmin, which as proved itself over a long period.

My main purpose for using Securitycheck though, was the ability to blacklist IP numbers. I have a few "usual suspects" that ends up through Login Failed Log. The first two IPs are blocked, but the one's after that keeps trying to log in from time to time, regardless. So, probably something is askew even though the versions are ok. I still haven't found the time to make the reinstall for further evaluation.

Finally, today, I found a missing piece of function that made the decision for me. I need to create a few help admin profiles for specific tasks. I checked through all my extensions to set the permissions to No, but whoa!: this security extension lacks the Permissions settings in it's Global settings! I can't hide it from the other admins...

One would think that this would be a basic thing for a security extension that boasts about it's usefulness.

So, that's all folks. That was it for me. No more Securitycheck on my sites. I feel very much I just cannot trust it, which is a huge setback when it comes to an extension that is there to make me feel more secure.
Owner's reply

Hi Amema,

I respect your opinion, but I would like to clear some things for everyone who read your review:

Backend protection using htaccess files is working fine. Maybe it doesn't work for you, but believe me when I say this is a well tested
feature that works in thousand of sites that use the extension. If you understand spanish, you can read an article where the
blogger choose how this feature works (http://www.nosolocss.com/blog/joomla/proteger-el-acceso-al-backend-de-joomla).
You say you wrote to the forum and you got the answer that you need to upgrade and reinstall: THIS IS FALSE. Everybody can see the forum entry (http://securitycheck.protegetuordenador.com/index.php/forum/6-bug-report/160-htaccess-protection-doesn-t-protect)
I did some questions, but I didn't told you what you say. You posted it and I replied to you quickly, but you didn't reply to me again...
I'm sure there is a simple explanation to your issue, but you gave me no option to see what was happening.
I'm serious: if I offer a feature in my products, I'm sure it works. Of course you can found problems, but I don't going to offer
something that it doesn't work. It's a nonsense...


The extension works fine blocking two IP address, but the third you added is not blocked. Are you sure there is no typos?
Blacklist feature has no limits: it can block one or thousands of IP address. Of course, you said it's a problem of the extension...

Yes, the extension doesn't offer the ability to hide it from other admins. This is a must in my TODO list, but I haven't time to do it yet.

I'm really surprised about your review title. You say you don't trust in the extension but, did you do some test to prove the extension? How can you evaluate the extension if you don't do tests? Are you a security expert? I can offer lots of examples of how the extension works: you can see them under the 'Joomla Security' paragraph of the forum.


I do a great effort to offer this extension for free. Despite being a free product, it's comprehensively tested to protect against lots of threats. I have included several features to make admin's life easier (as the 'Easy config' option), but everything can be improved.

Regards.

2013-09-14
Reviews: 1
very well. I like very much the file check, because we can upgrade and see vulnerabilities.
2013-08-26
Reviews: 2
Very intuitive, no need even to configure.
Wonderfully done.
Highly recommendable.
Thank you guys.
2013-07-27
Reviews: 2
I just installed this extension and just to say that so far, it is well programed and very intuitive. A nice view of what is happening on my website (admin attempt...).
Bravo, and thank you very much.
Alex
2013-05-29
Reviews: 2
After having one of our sites being hacked, I decided to do extra securitywork on it. After trying some components I stayed with this one because of the nice features.
2013-03-25
Reviews: 7
Security is becoming a huge issue and I manage about 100 Joomla sites so I test a lot of security extensions. This one works right out of the box, and it gives me a log of attempted exploits against the site, does a really good job.
2013-03-08
Reviews: 1
Im using this comonent on few sites.
Im planing to use it in future ... for new projects ...

Most important thing is great support, but also nice protection.

Thanks, and all the best !
2013-02-11
Reviews: 1
We had some errors, but support is excellent!

Many of commercial services way worse than support of this free extension. Highly recommend and best wishes to the developers!
2013-02-09
Reviews: 20
I chose this extension as firewall for my project.

Future will show but seems authors know what they do.

Don't have any problem with it yet, no serious attack also, but logs show many incorrect urls (potentially dangerous) which this extension blocks.
2013-02-06
Reviews: 4
block all attack!!love this

thanks :)
2013-01-07
Reviews: 6
Even a good ext. without a support is always just half baked thing. Not the case with this ext. I operate a site with approx. 70.000 and troubles came up. With José excellent support the problem could be located and solved. Many thanks.
2012-07-13
Reviews: 3
Very Thanks to developer for this nice extension. At first, I got few problem, But I got excellent support from developer after I sent email to him. I detected a problem with this component and one of my original component. But it's NOT a big deal. After few hours, he sent upgraded component to me. What a fantastic support! I suggest you all to use this extension. You will not get regret for using it.
2012-05-24
Reviews: 3
Excellent component and great support!

The support you get from the developer puts this component over the top. He provides terrific support also for the free version.

For security this component is a must-have for any serious Joomla site.

Highly recommended.
2012-05-04
Reviews: 1
A great extension that will make your Joomla more secure. I have to say that I detected a problem with the plugin and the template of my website and the author has solved in record time (in the free version) by creating a new version of the extension. Thanks!
2012-04-28
Reviews: 22
We have been using this component for a little while now and find it pretty useful. The only thing however that is missing is module and plugin security checking. If this was included this would be one of the best non-commercial security audit tools for Joomla that I have found to date. If this component could do that, I think it would get a lot more attention than it already has too and people will probably donate more as well. It is nice to see more non-commercial security audit tools out there and that you take security seriously. We thank you for your hard work put into this component and future developments. Nice work!

PROS: Very simple to install and check site security status of installed components, there are regular updates, support is great and the developer takes security seriously.

CONS: The only con is this component doesn't scan plugins and modules.

All in all this is a great component and I would especially recommend this to novice webmasters as well as advanced Joomla webmasters. It is simple, effective and to the point.
Owner's reply

Thank you for your review, B0RG!!

I take note of your suggestions for future developments.

2012-03-25
Reviews: 1
I installed this plugin and it ran happily
and one fine morning it said

"It has been detected a sequence that could mean a hacker attack. Your request can not be processed." and with couple of php errors.

I don't know how long my site was that way.

Bugs are something I can understand, but if the site goes down with the above error and worst you cant even access the admin page. I afraid I can't suggest anybody to use this.

I am one advanced user of Joomla so I could recovery from it. I am wondering people with less knowledge of Joomla.
Owner's reply

You didn't contact me in any way (forum or email) to see what was happening, but you put this bad review here...
You, as an "advanced user" of Joomla, should know that all extensions have to be tested in a test environment and, if you have any problem, contact with the developer.
You say your problem was a bug, but I will give you an example: some weeks ago I received an email of a person with a "problem" like yours: the plugin was blocking the entire site. After some test, we discovered that the template was saving patterns in a cookie that could be confused as an sql injection attack, so the plugin was working fine.
Did you read the documentation? If you have done it, you will know that every filter can be disabled if you have some kind of problem with any extension and that the plugin shows a 4xx error if an attack is detected.

Page 1 of 2