Joomla! Extensions Directory



Site Security

This plugin adds a simple but, in most cases, fondamental protection against SQL injection and LFI (local files inclusion) attacks. It checks data sent to Joomla and intercepts a lot of common exploits, saving your site from hackers.

  • Get this

  • Filters requests in POST, GET, REQUEST and blocks SQL injection / LFI attempts.
  • Notifies you by e-mail when a alert is generated.
  • Protect also from unKnown 3rd Party extensions vulnerability.
  • White list for safe components (at your risk ;) )
  • automatic ip blocking on attack

Enable mail report and prepare yourself to be scared!

Anyway remember that security it is a 'forma mentis', not a plugin!


Version 1.4 Apr 28th, 2014:
* minor code fixes (not security related)
* default table type set by DB engine
* table creation by sql install file

Version 1.2 Mar 26th, 2013:
* Joomla! 3.0 compatility & coding style
* try - catch table checking
* InnoDB table support
* it works fine, nothing else to do on J2.5 ;)

Version 1.1 (Mar 10th, 2011)
* ip auto banning on attack (ip blocking)
* RegEx improvements to intercept more SQL attacks

Version 1.0 (Jan 7st, 2011)
* Joomla! v1.6 compatibility
* send mail also when error is raised
* minor code optimization

Version .98a (Jun 1st, 2010) Thanks to Jeff
* fixed backtics matching
* fixed union all matching
* fixed ....// exploit
* added more info to report mail

Version .98 (May 29th, 2010)
first release.

Please, keep in mind, I repeat: this plugin intercepts a lot of common exploits, not ALL!! this should be intended as an help, this is not "THE SOLUTION".

Ease of use

Just install, enable and (optionally) configure things like IP blocking, email notification.

I used this to: I install this on all my Joomla sites now. It's great to get emails seeing that hack attacks have been stopped. Simple to install and configure - just what you want. It's a shame it's not a standard feature of Joomla.

IPv6 please

Posted on 29 October 2014

If installed on a server that uses IPv6 the server will return a 500.

So IPv6 support would be nice and make it usable again.

Features and functionality is excellent!

If you dont use IPv6, than this is the best plugin for blocking unwanted users.

Very useful extension

Posted on 29 October 2014

It is very useful plugin which make it clear when and what type of attack on your site happens, so you can choose god way to protect it.

I hope that in next release subject will be customizable.

Excellent Plugin

Posted on 24 July 2014

I love the pure simplicity of this plugin. So easy to set up you might think it doesn't work! On the contrary...this plugin has saved my website time and time again from hacker attempts. Definitely a MUST HAVE for your website.

Great Plugin

Posted on 18 June 2014

This plug in has protected my personal sites after losing one to a sql injection attack.


A useful plg

Posted on 21 February 2014

A eally useful plugin, helps a lot to prevent attacks on the DB.

Although the assistance is timely and of high quality.

For sure I would recommend it to a friend

I have tried to find an effective method to prevent, or at least hinder SQL injection attacks from wannabe script jockeys, so far this plugin has stopped two such attacks. I like the idea of IP blocking. It's a shame that so many wannabe hackers are using automated Pen-testing software to find vulnerabilities. none more so observed than that on WordPress and older Joomla installation. I have no errors to report on the functionality of this great plugin (as yet) and encourage the use of this plugin to anyone looking for FREE SQL injection protection. Keep up the good work Dev'. 5 Stars!

Its Really Really a Great Plugin, i have experimented with all possibilities to hack, and its worked excellent, It will give you a detailed report and also you can set the time for temporary Banning of IP.

Thanks for sharing such a great plugin.


Posted on 08 August 2013

This blocks POST, GET, REQUEST and blocks SQL injections.

There will be detailed report, with attempt string, and hacker's IP.

I try to report each attack at projecthoneypot

Report looks like:

** Local File Inclusion (and string)









This plugin Rocks and Roll


Posted on 02 May 2013

Very Good Extension... Saved me a lot of trouble tracing potential attacks, and avoiding them.

Marco's Google(TM) bot access

Marco's Google(TM) bot access

Free | Site Access | marco maria leoni
2.5 3
2 reviews
This plugin allows to spiders and robots, like Google(TM), MSNBot(TM) or Yahoo(TM), to access the pages of the site reserved to the 'Registered' users. Sometimes you have to protect interesting contents to get users' registration for commercial purposes or simply to create a community. But if content are not accessible, how can users know about their existance? With this plugin the search engine can index these pages and bring to your site more visitors. You can define an user for every search engine, and using the joomla 2.5/3.x ACL, you can define which pages are readable by each robots and by registered users and the pages which only registered users can read; or you can simply let spiders read all the pages. Search engine robots are recognized and are automatically logged in, as a specific Joomla! user, so they are allowed to read the content reserved to that user or group. This way contents are indexed, but no cache copy is made due the 'noarchive' meta tag, so an user can find the pages on the search engine, but he has to register to see the content of the page, because a normal visitor will not be logged in and he is redirect to the login/registration page! PLEASE NOTE: IMPORTANT! Without ip check, an advanced user can easily impersonate the bot of a search engine, so don't use this plugin to protect very confidential informations. Of course confidential info should not be exposed on search engines, anyway! Ip check feature will be released in a future version.
Marco's noFollow

Marco's noFollow

Free | SEO & Metadata | marco maria leoni
2.5 3
14 reviews
This plugin allows you to add "rel" and "target" attributes to all outgoing links in articles on your Joomla!, so you can avoid to disperse the Page Rank on the web by setting the attribute rel = "nofollow" on all outbound links, and you can keep visitors on your site by setting the target = "_blank" attribute. Configuration is very easy, simply select the action to be taken for the two attributes. You can enter the value if no value was specified, or force a value or remove it. You can also add the code {mnf=off} at any point of a single item to explicitly disable the bot for a single item. Apr 28th, 2014 * unified j2.5 & j3.x version * better error handling * php 5.4 strict code improvement Mar 23rd, 2013: * Joomla! 3.0 compatible! Jan 18th, 2011: * Joomla! 1.6 compatible! * include/exclude css classes list * minor code improvement May 4th, 2010: * Added rewriting for tag in clickable areas of image maps April 25th, 2010: * initial release
Marco's parallax background scroller

Marco's parallax background scroller

Free | Page Background | marco maria leoni
2.5 3
5 reviews
A plugin for parallax background scrolling in Joomla! This is a nice background scrolling effect with a simulation of a pseudo parallax effect. You can insert one or more image in your articles and define an horizontal stripe (view port) to see the images as they was really a landscape through a window. See this plugin in action! Features . Easy to use and configure . CSS3 and responsive . plugin works on J2.5 and J3.x sites; Kwown bugs Does not works on all IOS devices, sorry. This is not a bug, really, it's the not compliant support for CSS3 in IOS.
Marco's PrestaShop Authentication

Marco's PrestaShop Authentication

Free | Site Access | marco maria leoni
2.5 3
1 review
This plugin allows to customers of a PrestaShop™ e-commerce to access the Joomla! site without a new registration. This is a fast authentication bridge between the two systems. Prestashop to Joomla bridgeThis plugin allows to use an existent PrestaShop e-commerce to authenticate its users on a Joomla installation. Features plugin works on J2.5 and J3.x sites; no need of double registration; allows you to use PrestaShop for the e-commerce and Joomla! for the CMS; History v1.01 addedd support for PrestaShop 1.6 v1.00 first release for Prestashop 1.5
Marco's Extended Debug

Marco's Extended Debug

Free | Development | marco maria leoni
1 review
Marco's Extended Debug is a partial rewrite of the base System - Debug plugin distributed with Joomla!. It extends the basic functionality by adding other information such as the dump of GPC variables (GET, POST, cookies), the dump of the session variable, but, above all, adds the ability to limit sending debug information to specific IPs or networks, so you can use it on production machines. It can also send debug info to: front end only, back end only or to both interfaces. From version 2.6 Marco's Extended Debug can also log PHP errors, this avoid that php error messages break page layout or block jscript, ajax or jquery. You can also set how many error log: this avoid 'infinite' html page if the error is in a loop! Can limit output to single IPs like or entire networks like or combine values Dumps requests in $POST, $GET, $_COOKIES Dumps VALUES in $_SESSIONS Dumps remote client info (IP, referres, method) Add specific css classes and IDs for better reading (add also css file) Log php errors (v2.6+) Note: It's a developers' plugin. == HISTORY Version 2.6 (Nov 2nd, 2013) Joomla! 2.5 release PHP Error Logging Version 2.5.1 (Sep 26th, 2013) Joomla! 2.5 release Side selection Disable CPG Version 2.5.0 (Sep 25th, 2013) release Joomla! 2.5 Version 1.5.1 (Sep 5th, 2010) first release Joomla! 1.5
Marco's buy me a beer

Marco's buy me a beer

Free | Donations | marco maria leoni
2.5 3
5 reviews
This implementation of Buy me a beer in Joomla!, is a smart & funny way to get a donation without the need to specify ethical reasons: "Do you think my job was useful? Ok, buy me a beer, I just wanna have a drink, not save the world!" Features works on multilingual site; every text in the donation form can translated using Joomla's language override feature; automatic PayPal's interface language selection; multiple donations per page with multiple configuration; images available for beer wine (red, white), coffee, cappuccino, pizza and hamburger; plugin template supports override (J3+ only); plugin also works as a module by incapsulating it in to a 'Custom HTML'; Buy me a beer works on multilingual site and you can choose every text in the donation form, and translate it with language override facility. You can use multiple donation forms per page, and and also use the plugin also as a module by incapsulate it in to a 'Custom HTML' module. Plugin comes with a series of images: beer, wine, but there are not only drinks, pizza, hamburger, and so on. v 1.1 - added PayPal buttons language override
Marco's Pinned Site for IE9

Marco's Pinned Site for IE9

Free | Browsers & Web Standards | marco maria leoni
0 reviews
Internet Explorer 9, or greater, has a new feature: dragging a site (pinning) on the task bar and use it as it was a desktop application. This plugin allow you to pin a Joomla! site from IE9+ into the application task bar of Windows 7. You can set up a static jump list with the most important pages from your site and a dymamic one, automatically generated from latest news (you can select category and/or section).

Marco's SQL Injection

marco maria leoni
Date added:
Nov 18 2014
GPLv2 or later
Free download
Uses updater:
Download DemoNot available SupportNot available Documentation
  • Overall
  • Functionality

  • Ease of use

  • Documentation

  • Support