* A new and modular interface to manage the entire extension quickly and easily.
* Web Firewall
The web firewall has been tested against more than 90 SQL, LFI and XSS attacks patterns, and includes the following features:
- Events recording, which can be viewed by admins from backend.
- Redirection to a default page if an attack is detected.
- Second level protection to find suspect words.
- Session protection
* File Manager
You can check file/folder permissions and easily view misconfigured configurations.
* .Htaccess protection
Want to hide your backend url? Add a secret key to your admin page to prevent dictionary and brute force attacks.
* Vulnerabilities checking
Securitycheck performs a check of the versions of all the components of your Joomla installation, comparing them with its database to show if there are vulnerable extensions. Forget
individually test of every component to avoid vulnerabilities: Securitycheck does it for you.
* Akeeba Live Update integration
We have included this feature to easily manage and update new releases.
++ Please, read the user guide before install the extension.
At first I was impressed with the professional look and all different levels of security one may set, but when I wanted to show a possible customer the professionalism of the extensions, I uncovered that the htaccess protection was not working. Even though I had selected an extra admin url password, and the ext said everything was ok, there was no protection. I wrote to the forum and got the answer that I needed to upgrade and reinstall, but I do run all the latest versions, so I put reinstalling on hold and simply reverted to my previous backend protection with AskMyAdmin, which as proved itself over a long period.
My main purpose for using Securitycheck though, was the ability to blacklist IP numbers. I have a few "usual suspects" that ends up through Login Failed Log. The first two IPs are blocked, but the one's after that keeps trying to log in from time to time, regardless. So, probably something is askew even though the versions are ok. I still haven't found the time to make the reinstall for further evaluation.
Finally, today, I found a missing piece of function that made the decision for me. I need to create a few help admin profiles for specific tasks. I checked through all my extensions to set the permissions to No, but whoa!: this security extension lacks the Permissions settings in it's Global settings! I can't hide it from the other admins...
One would think that this would be a basic thing for a security extension that boasts about it's usefulness.
So, that's all folks. That was it for me. No more Securitycheck on my sites. I feel very much I just cannot trust it, which is a huge setback when it comes to an extension that is there to make me feel more secure.
I respect your opinion, but I would like to clear some things for everyone who read your review:
Backend protection using htaccess files is working fine. Maybe it doesn't work for you, but believe me when I say this is a well tested
feature that works in thousand of sites that use the extension. If you understand spanish, you can read an article where the
blogger choose how this feature works (http://www.nosolocss.com/blog/joomla/proteger-el-acceso-al-backend-de-joomla).
You say you wrote to the forum and you got the answer that you need to upgrade and reinstall: THIS IS FALSE. Everybody can see the forum entry (http://securitycheck.protegetuordenador.com/index.php/forum/6-bug-report/160-htaccess-protection-doesn-t-protect)
I did some questions, but I didn't told you what you say. You posted it and I replied to you quickly, but you didn't reply to me again...
I'm sure there is a simple explanation to your issue, but you gave me no option to see what was happening.
I'm serious: if I offer a feature in my products, I'm sure it works. Of course you can found problems, but I don't going to offer
something that it doesn't work. It's a nonsense...
The extension works fine blocking two IP address, but the third you added is not blocked. Are you sure there is no typos?
Blacklist feature has no limits: it can block one or thousands of IP address. Of course, you said it's a problem of the extension...
Yes, the extension doesn't offer the ability to hide it from other admins. This is a must in my TODO list, but I haven't time to do it yet.
I'm really surprised about your review title. You say you don't trust in the extension but, did you do some test to prove the extension? How can you evaluate the extension if you don't do tests? Are you a security expert? I can offer lots of examples of how the extension works: you can see them under the 'Joomla Security' paragraph of the forum.
I do a great effort to offer this extension for free. Despite being a free product, it's comprehensively tested to protect against lots of threats. I have included several features to make admin's life easier (as the 'Easy config' option), but everything can be improved.
PROS: Very simple to install and check site security status of installed components, there are regular updates, support is great and the developer takes security seriously.
CONS: The only con is this component doesn't scan plugins and modules.
All in all this is a great component and I would especially recommend this to novice webmasters as well as advanced Joomla webmasters. It is simple, effective and to the point.
Thank you for your review, B0RG!!
I take note of your suggestions for future developments.
and one fine morning it said
"It has been detected a sequence that could mean a hacker attack. Your request can not be processed." and with couple of php errors.
I don't know how long my site was that way.
Bugs are something I can understand, but if the site goes down with the above error and worst you cant even access the admin page. I afraid I can't suggest anybody to use this.
I am one advanced user of Joomla so I could recovery from it. I am wondering people with less knowledge of Joomla.
You didn't contact me in any way (forum or email) to see what was happening, but you put this bad review here...
You, as an "advanced user" of Joomla, should know that all extensions have to be tested in a test environment and, if you have any problem, contact with the developer.
You say your problem was a bug, but I will give you an example: some weeks ago I received an email of a person with a "problem" like yours: the plugin was blocking the entire site. After some test, we discovered that the template was saving patterns in a cookie that could be confused as an sql injection attack, so the plugin was working fine.
Did you read the documentation? If you have done it, you will know that every filter can be disabled if you have some kind of problem with any extension and that the plugin shows a 4xx error if an attack is detected.
Besides, the plugin has detected a set of attacks to my web, and it was all recorded and I was advised. It makes me feel safer.
It's easy and it's free. Maybe i'll update to pro version in the future.
A quite nice job, congratulations to developer.