- Restrict administrator with a secret URL parameter
- Web Application Firewall to block common exploits (SQL injection, XSS, DFI, RFI, malicious user agent, CSRF/spam-bot protection, uploads scanner)
- Bad word filtering
- IP Whitelisting for the administrator section
- IP Blacklisting
- Geographic block (deny access to specific countries/continents)
- Modification of Generator meta tag and other sensitive HTTP headers
- Email on administrator login
- Block front-end Super Administrator log-in
- Block Super Administrator user modification
- Block extensions installation
- Block visual fingerprinting (tmpl, template and tp URL parameters)
- Integration of the Bad Behavior anti-spam library
- Project Honeypot IP blacklist integration
- Automatic IP blocking of repeat offenders
- Email notifications of all detected security issues
- URL redirections (exclusive support for query parameters!)
- Scheduled site maintenance operations
The software is GPL; buying a single subscription you can install it on as many sites as you want and keep it running even after your subscription expires, without encrypted code, domain limitations or other such nuisances.
I cannot emphasise enough quite how much this is a fantastic extension to have. Having given the free version a try once i looked at the comparison table to see how much more functionality the commercial version gives you, it was a no brainer really. So here I am two weeks in and I love it.
Cannot recommend this enough to anyone - this should be one of the first things you install on your joomla site !!
Nicholas, you are awesome !
Everything about the functionality seems to so carefully though of and the ease of use and simplicity for the user is amazing.
This a very clever and professional piece of work. Thanks a lot for this great component.
I can't believe I ever ran my site WITHOUT this tool. Very easy to set up, with thorough documentation, I had it running within 15 minutes. That process REALLY opened my eyes to how many basic changes you can make to your site to help increase security - along with many more sophisticated means as well.
Using this tool has also shown me that security paranoia is well justified. My sites - which have only low to moderate traffic - are the targets of basic hacking attempts several times each day (I had no idea).
While using this tool is clearly not the magic bullet for site security, it gives you a big boost in the right direction.
By default, it does tons of hugely useful things which I can remember having to do manually (and frequently making mistakes and breaking entire sites!) and with the update feature, I am happy to allow clients to maintain the site themselves.
The WAF is great, if a little strict, by default - but configurable enough to be able to enable and disable features to your requirements.
Support has been top notch, quick, responsive and helpful. Documentation is very good (if you read it!) and it integrates well with Akeeba Backup as well - prompting to take a backup prior to updating, for example.
Only slight frustration is the rate at which Nicholas releases new versions, I'm constantly having clients call me telling me it's out of date! But that's a good thing! :))
Support requests are handled fast and accurate. Admin Tools and (from the same firm) Akeeba Backup are the first extensions we install on a new site.
The protection, the documentation are very complete.
You must read all the documentation before using it and after that it is very good.
The updates from my sites does not work all the time but I had the url and I can use it.
Bravo and thank you.
If you want to protect your website you have two choices:
A. Shot off your server, or
B. Use ATP
NOTE - The best updating is uninstall old version, clean system and install the new version to eliminate any possible problems.
The rest I can say with full confidence I sleep very well in the night.
Nick is helpful, but you have to configure the ATP for your needs.
Thanks again for this program.
The Web Application Firewall is the killer feature of this extension - the e-mail alerts that you can set up for security threats are invaluable. The ability to give the administrator login page a special location (like /administrator?impossible_to_guess1989) is also an important feature. It also contains a number of tools for stuff you should already be doing even if you don't have the extension, such as changing the db prefix and password protecting the admin directory.
AdminTools Pro was relatively easy to set up, and the documentation is extensive.
Thank you for all the hard work, Akeeba!
I really hope that with the admin tools will be over now
Many greetings from classic park
While Admin Tools can certainly help towards your goal, I strongly encourage you to read our site unpacking walkthrough and follow all of its instructions. It's available on AkeebaBackup.com under Documentation, Walkthroughs.