Access & Security

Akeeba Backup

Akeeba Backup

Free | Site Security | Akeeba Ltd
3 4 Alpha
Score:
100
1045 reviews
Akeeba Backup Core is the most widely used open-source backup component for the Joomla! CMS. Its mission is simple: create a site backup that can be restored on any Joomla!-capable server, making it ideal not only for backups but also for site transfers or even deploying sites to your clients' servers. Akeeba Backup creates a full backup of your site in a single archive. The archive contains all the files, a database snapshot and an installer similar in function to the standard Joomla! installer. The backup and restore process is AJAX powered to avoid server timeouts, even with huge sites. Alternatively, you can make a backup of only your database, or only your files. Akeeba Backup is the reliable, easy to use, open source backup solution for your Joomla! site. Akeeba Backup has won six J.O.S.C.A.R. awards at J and Beyond. Download it for free to find out why! Joomla! 3.4 and later, PHP 5.4 and later (including PHP 7). We have older versions for Joomla! 1.5 to 3.3 and older PHP versions on our site. Features: The Configuration Wizard configures itself for optimal operation with your site, automatically. The fastest and most reliable native PHP backup engine. One click backup. Integrated restoration for same server restoration. Site transfer wizard. Transfer your site between servers fast and easily. Restore with Akeeba Kickstart (free of charge script): restore extracting the backup directly on the server; no need to upload thousands of files by FTP! Choose between standard ZIP or highly efficient JPA archive format. Exclude specific files, folders. Exclude specific database tables or their contents. Unattended backup mode (CRON job scheduling), fully compatible with Webcron.org Archives can be restored on any host. Useful for transferring your site between subdomains/hosts or even to/from your local testing server (e.g. XAMPP, WAMPServer, MAMP, etc). and much, much more! Note: The Akeeba Backup Core component is free of charge, its support is not. We can't tell you what you need to get support because of JED censorship, but you can find out about it on our site. In any case, Akeeba Backup's documentation, video tutorials, troubleshooting wizard and reading the public tickets is free of charge. *** IF YOU CAN'T FIND HOW TO ENABLE A FEATURE LISTED HERE, PLEASE READ THE (FREE) DOCUMENTATION AND WATCH OUR VIDEO TUTORIALS! ***
c m p
Admin Tools

Admin Tools

Free | Site Security | Akeeba Ltd
3 4 Alpha
Score:
100
195 reviews
Admin Tools is a true Swiss Army knife for your site. Our freely available Admin Tools Core will detect, notify you about new Joomla! releases, fix your files' and directories' permissions, protect your administrator directory with a password, change your database prefix, migrate links pointing to your old domain on-the-fly and perform database maintenance, all with a single click. Written and maintained by the same developer as Akeeba Backup and the Joomla! updater component of Joomla! 2.5.4 and later. Note: a commercial edition (Admin Tools Professional) with extra security-oriented features is also available from our site for a fee. This listing is about the free version, Admin Tools Core. Note 2: The software is free of charge, its support is not. You need a subscription to request support. However, its documentation, the troubleshooting wizard and searching the public tickets is free.
c m p
ACL Manager

ACL Manager

Paid download | Site Access | PWT Extensions
3
Score:
100
151 reviews
PWT ACL - formally known as ACL Manager - makes Joomla ACL easy to understand and manage. It provides a great overview of all Joomla ACL settings and will detect & fix issues with the Joomla assets table easily. Easily understand and manage Joomla ACL Dozens of permission screens, nested groups, inherited permissions... The Joomla ACL system can be very confusing. By using PWT ACL you will quickly understand the concept and power of the permissions management in Joomla. It prevents you making mistakes and guide you to set up Joomla ACL permissions quickly. Joomla user permission overview Users assigned to several groups could become confusing in Joomla. The permissions are combined and settings are being overruled. No issue for PWT ACL! Open the user in PWT ACL and see exactly what actions are allowed and what actions are denied to the user on the site. Diagnostics tool to fix asset table issues PWT ACL comes with a powerful diagnostics tool that is able to detect and fix any issue related to the Joomla assets database tables. Issues are often caused by migrations and 3rd party extensions, resulting in conflicts and slower websites. The PWT ACL diagnostics will fix and rebuild the assets database table for you and any table that has relations with the assets table. ACL support for any component With PWT ACL you can set basic ACL permissions for any component. Even for 3rd party components that don't support Joomla ACL by default. This allows you to set custom backend access to components for your users. On top of the Joomla core PWT ACL does not use its own database tables. The entire extension is designed on top of the Joomla core and uses the core permissions system. So even if you remove PWT ACL your permission setup will remain in place. Clear, revert, copy, import and export permissions We provided several useful tools for you when configuring permissions for groups. Clear all permissions to start over or revert them to the default Joomla permissions. Copy permissions between groups and even export and import permissions between several Joomla sites. No need to set up the same permissions over and over again! Wizard to set up group permissions Use the PWT ACL wizard to quickly setup limited access for groups in the backend. Want to allow access to one or a few backend components? Use the wizard and configure the permissions within seconds for new or existing groups. Show only the editable items By default your users will be able to see for instance in the Joomla backend overview, but the can't click on the title to edit. With the enhanced ACL settings of PWT ACL, you can remove all items that a user can't edit from the list views for Articles, Contact and Modules. A user will only see the items they can edit. CLI support for fixing asset issues If you prefer to automate fixing the asset issues and rebuilding the assets table on a regular basis you can set up cronjobs. PWT ACL has two CLI scripts available, one for fixing asset issues and one for rebuilding the assets database table. Available in 28 languages ACLManager is available in Afrikaans, Amharic, Arabic, Brazilian Portuguese, Bulgarian, Catalan, Chinese, Croatian, Danish, Dutch, English, Farsi, Finnish, French, German, Greek, Hungarian, Italian, Japanese, Norwegian, Polish, Portuguese, Russian, Slovenian, Spanish, Swedish, Thai & Ukrainian.
c p
Admin Tools Professional

Admin Tools Professional

Paid download | Site Security | Akeeba Ltd
3 4 Alpha
Score:
100
150 reviews
From the makers of Akeeba Backup Core/Professional and Admin Tools Core, this is the enhanced release of Admin Tools, available on a subscription basis. On top of what Admin Tools Core already offers, Admin Tools Professional has these exclusive features: - Security tightening .htaccess (Apache), nginx.conf (NginX) and web.config (IIS) file generator with a simple yet powerful user interface - Restrict administrator with a secret URL parameter - Web Application Firewall to block common exploits (SQL injection, XSS, DFI, RFI, malicious user agent, CSRF/spam-bot protection, uploads scanner etc) - Bad word filtering - IP Whitelisting for the administrator section - IP Blacklisting - Geographic block (deny access to specific countries/continents) - Modification of Generator meta tag and other sensitive HTTP headers - Email on administrator login - Block front-end Super Administrator log-in - Block Super Administrator user modification - Block extensions installation - Block visual fingerprinting (tmpl, template and tp URL parameters) - Integration of the Bad Behavior anti-spam library - Project Honeypot IP blacklist integration - Automatic IP blocking of repeat offenders - Email notifications of all detected security issues - URL redirections (exclusive support for query parameters!) - Scheduled site maintenance operations The software is GPL; buying a single subscription you can install it on as many sites as you want and keep it running even after your subscription expires, without encrypted code, domain limitations or other such nuisances.
c m p
AdminExile

AdminExile

Free | Site Security | Michael Richey
3
Score:
100
140 reviews
Your /administrator area is vulnerable - secure it with AdminExile. Access keys, IPv4/6 Black/White Lists (IP and CIDR netmasks supported), Brute Force detection. AdminExile has you covered. The AdminExile Plugin has long been a favored and highly rated extension in the JED. Read the reviews, check out the 9 pages of documentation, and then try it yourself. Key features: - Access key(s) - key only, or key + key value. Others provide one or the other. AdminExile provides BOTH. - Front-end Restriction - Restrict certain accounts from logging into the front-end with accounts intended only for back-end use. - Lost Key Recovery - Useful for individuals using extremely difficult keys, or teams who change the keys frequently. - Stealth Mode - Prevents tell-tale signs that something exists at /administrator, like the session cookie! There are far too many features to describe in this page. Visit the documentation link to get the bigger picture.
p
KeyCAPTCHA

KeyCAPTCHA

Free | Site Security | Mersane, Ltd
3
Score:
100
125 reviews
KeyCAPTCHA - CAPTCHA with social features. You may support charity funds by using KeyCAPTCHA. Unlike many other captchas, it does not require any text typing. Free Variants of Using KeyCAPTCHA: 1. Anti-spam protection. Social advertising. Monetization through commercial ads. 2. Anti-spam protection. Monetization through commercial ads. 3. Anti-spam protection. Social advertising. 4. Anti-spam protection without any ads. Social features: You may support charity funds by enabling social advertising in KeyCAPTCHA. Also you can earn money by specifying social and commercial advertising shares in KeyCAPTCHA on your website. Integration with Joomla extensions: * Standard Joomla Registration, Contact Us, Reset Password and Remind Username forms * JComments * VirtueMart forms: Registration, Checkout, Ask Question !!! * JoomShopping * Community Builder (CB comprofiler) Registration and Forgot login forms * JomSocial registration form * AlphaRegistration * K2 Registration form * DFContact * ALFcontact * Phoca Guestbook * Easybook Reloaded * K2 Comments * yvComment * JXtened comments * FlexiContact * JoomlaDonation * Compatible with RocketTheme templates * ChronoForms (up to 3.x) * AdsManager * QContacts * Job Board * Mosets Tree (review form) * HikaShop * JWHMCS Integrator * JoomGallery KeyCAPTCHA Unique Technologies: * Instead of guessing symbols, our CAPTCHA offers visitors to complete an easy interactive task. * If KeyCAPTCHA hasn't been solved correctly, page refreshing doesn't take place that allows the user not to fill in the form repeatedly. It occurs since there is an initial checkup of CAPTCHAs in the KeyCAPTCHA servers before sending a filled-in form to the protected web server. * Our CAPTCHA also can be used even if your hosting provider blocks all outgoing connections. Installation: 1. Register on and log-in to our site https://www.keycaptcha.com 2. Add your site URL to a Site list. 3. Follow the CAPTCHA installation instructions in our Wizard. Upgrade: To upgrade KeyCAPTCHA plugin you have to uninstall the previous version.
p
Improved AJAX Login & Register

Improved AJAX Login & Register

Paid download | Site Access | Offlajn
3
Score:
100
110 reviews
Register and Login with Facebook | Google | Twitter | LinkedIn | Microsoft account! Create your own registration form easily in the Live Form Editor using Drag & Drop! Check this short tutorial video here: http://www.youtube.com/watch?v=mmYhhh3V6Wc Changelog: http://offlajn.com/improved-ajax-login-and-register/improved-ajax-login-a-register-changelog.html Login with your social account No more registration required, just one click and you can log in with your Facebook, Google, Twitter or Microsoft account. If you already have lots of users in joomla, they don't need to create new account, Improved AJAX Login will auto link people with same email address. The component includes tutorials to help at configurations. Need a new Login and Registration interface? Improved AJAX Login is a very elegant extension, it speeds up the Login, Logout and Registration procedures with AJAX technology. These process never were so simple and easy, and the clean & smooth design, of course. How does it work so fast? The Improved AJAX Login does the dirty work in the background, the login process will only take a moment, it's lightning fast! This module does not need to reload your webpage, the user is logged in as soon as he hits the login button. The Login also warns the user on unsuccesful login attempts with nicely decorated popup fields. The validation of the registration form is also make in the background, and mark the incorrect fields with an error massage. Go ahead to the demo page and try it yourself! AJAX-powered User menu After login with Improved AJAX Login a stylish User menu will appear instead of the login form. User menu is fully customisable and have some default menu items like Edit Your Details, Show Cart (only if VirtueMart installed) and of course Logout. User menu is also AJAX-powered so all menu items are loading in the background. Some more words of the registration The Improved Ajax Login & Register has an own popup-box for the fields. You can use captcha, to avoid bots registration to your site. As it previously mentioned, this extension make the validation and the register process with the AJAX technology, so there won't be any page-refresh during the registration. Live Form Editor Live editor using the WYSIWYG method (What You See is What You Get) to make well-planned forms in seconds, because you see the result live. There are many predefined fields like Address, Date of birth, Terms of Services, etc. But you can also add custom fields: textfield, select list, checkbox, etc.
c m p
RSFirewall!

RSFirewall!

Paid download | Site Security | RSJoomla!
3
Score:
100
109 reviews
Keep your website safe RSFirewall! is the most advanced Joomla! security extension, developed by us at RSJoomla!, that you can use to protect your Joomla! website from intrusions and hacker attacks. It's backed up by a team of experts that are trained to be always up to date with the latest known vulnerabilities and security updates, making RSFirewall! the best choice in keeping your website safe. Specs » Compatible with Joomla! 3.x Highlights » Backend Password - Add an extra layer of security by typing in a password before logging in the administration! » Blacklist - Block unwanted (single or multiple using wildcards ..., CIDR notation and ranges) IP addresses. » IPv6 support » Whitelist - Bypass protections for selected IPs. » Stop brute-force login attempts - Capture login attempts (as well as incorrect passwords). » Malware database - Detects obfuscated, encoded as well as potentially dangerous files (eg. base64encode, eval, gzinflate, pregreplace /e) » Automatically drop dangerous files when they're uploaded - such as .php, .js, .exe, .com, .bat, .cmd » Disable the creation of new Administrators » Protects selected Administrators from any changes - including password change! » Log all security events and send messages to specified email address(es) » Powerful exception system - Disable protections based on User Agent, URL or component (regular expressions allowed). » Database Check - Optimize & repair your database tables. » Display CAPTCHA in the administration section after a predefined number of failed login attempts. Active Protections » Country blocking - Allows you to select which countries have access to your Joomla! website (also blocks anonymous proxies). Based on GeoIP Lite Country database. » Local file inclusion (LFI) » Remote file inclusion (RFI) » SQL injection (SQLi) » HTML, Javascript and CSS filtering (XSS) » Denial of Service (DoS) - Block unwanted User Agents » Automatic blacklist » Actively scans POST and GET variables. » Keeps an eye on sensitive Joomla! files and alerts you if they are changed. System Check » Check for the latest Joomla! & RSFirewall! versions. » Provides suggestions on how to tighten your PHP & Joomla! configuration. » Scan Joomla! core files for integrity. » Scan files and folders for common permission errors. » Scan files for common malware.
c m p

Quick Logout

Free | Site Access | John Muehleisen
3
Score:
100
66 reviews
The Quick Logout component adds a new menu item type to Joomla 2.5 and 3.x that logs a registered user out without the confirmation step. In addition, you can specify the page to redirect the user to when logging out. When Joomla is configured to use a "guest" user group, you can set this menu item to show to "registered" users, and combine it with a "Login" menu item that is set to show only go "Guest" users. If these 2 menu items are next to each other on the menu, it appears to be a single menu item that switches from "Login" to "Logout" depending on the status of the user.
c
Securitycheck Pro

Securitycheck Pro

Paid download | Site Security | Texpaok
3 4 Alpha
Score:
100
64 reviews
Securitycheck Pro is a global protection suite designed to protect your website without affecting your server's speed. This version includes: A modular interface to manage the entire extension quickly and easily. Web Firewall The web firewall protects against SQL Injection, Cross-site scripting, LFI and RFI, Headers modification, CSRF, clickjacking and brute force and dictionary attacks, and includes the following features: Ipv6 supported. Blacklist (ip range allowed). Whitelist (ip range allowed). Dynamic blacklist. Events recording, which can be viewed by admins from backend. Alert or strict mode. Redirection to a default page or drop connection if an attack is detected. Second level protection to find suspect words (with editable list of suspect words). Base64 check. Email notification. Filter exception, mode and priority selection for greater flexibility. User session protection. Session hickjacking protection. Export logs in csv format. File Manager You can check file/folder permissions and easily view misconfigured configurations. Any problem? Click 'Repair' button and permissions will be corrected. File Integrity Thousands of files in our Joomla website, how to know if one of them is modified? With File Integrity you will be alerted when a change occurs in any file. Malware scanner The most advanced malware scanner on the market. Look for suspicious patterns, known malware filenames and files with multiple extensions and check them against an online service with 40 anti-malware engines and millions of hashes on it databases. And all with two clicks! .Htaccess protection Lot of traffic from bots? Block malicious user-agents and increase overall security esily with this feature. Want to hide your backend url? Add a secret key to your admin page to prevent dictionary and brute force attacks. Track failed login attempts We can monitorize failed login attempts from backend and frontend and take actions against them. Email on backend login You receive an email every time someone access to the backend. Forbid new administrative accounts Even if they are created not using the Joomla backend. Geoblock Forbid troublesome countries' access to your site this feature, which allows us to block IP addresses based on its geolocation. Upload scanner We can check uploaded files looking for files with multiple extensions and forbid certain extensions. Remote Management Manage the extension remotelly from a centralized console. Rules Management Trusted users? Now you can choose to which groups apply Web Firewall rules. Cron Plugin Get files status without afecting QoS. Launch File Manager or File Integrity tasks when your server has less workload. ACL checking Administrators got an alert if an insecure ACL configuration is set for Guest or Public groups. This could save us of many headaches. Module Info Check your Joomla security status at a glance. Url Inspector The url inspector allows us to ban IPs that use forbidden words in urls. This way we have a powerful mechanism to control all queries to our website, even those that are redirected to a 404 page. Vulnerabilities checking Securitycheck Pro performs a check of the versions of all the components, plugins and modules of your Joomla installation, comparing them with its database to show if there are vulnerable extensions. Forget individually test of every extension to avoid vulnerabilities: Securitycheck Pro does it for you. Vulnerabilities database Securitycheck Pro incorporates a database where you can see all the vulnerabilities known to our version of Joomla. This database is constantly updated to include the latest vulnerabilies. Performance This feature has been designed to improve Joomla's performance. Now we can optimize and repair our mysql database.
c m p
AJAX Register

AJAX Register

Paid download | Site Access | Emir Sakic
3
Score:
100
61 reviews
AJAX Register gives your Joomla site a better user experience for registration through inline field validation, also allowing you to extend your registration form with unlimited number of custom fields saved under each user profile. You can create additional text or text area input fields or even radio buttons, select lists or check boxes with unlimited number of options, upload fields for images and documents which allows you to require additional information on registration that is perfectly fit for just your site. Besides giving a better user experience, AJAX Register will also eliminate spammers via several types of CAPTCHA options. It also features auto-login after successful registration, custom redirection URLs, Email as Username option, automatic password generation, selectable user group and multiple forms to register users into different user groups, each group with different custom fields for registration. AJAX Register will seamlessly override Joomla's own registration component, you won't even notice it's there. Just install it and you already have new AJAX based account registration, but would you need to customise it, you will find different configuration options in admin and powerful layout and translation possibilities. Increase the number of registered users on your site by offering a user-friendly, foolproof registration experience! Key features: • AJAX technology, making the registration process quick and user friendly • Seamless integration overriding the core registration component • Easy installation, no additional settings required, no core hacks • Native MVC structure • Add unlimited custom fields for registration • On-the-fly field validation as you type • Asynchronous check for username and email availability • Live password strength check • Error messages and information inline presentation • Redirection options after successful registration, to referrer or custom URL • Possibility to turn system messages on and off • Auto-login after successful registration and account activation • Built-in CAPTCHA, reCAPTCHA (v1/v2), Honeypot, custom questions with asynchronous validation • Extra field types: text field, textarea, select list, checkboxes, radio buttons, links, file upload • Unlimited number of options for multi-select fields • Conditional fields, set custom dependency for each field • Allow user to select user group to be registered into, choose available groups • Create multiple registration forms to register users to different groups, with different extra fields and different redirections • Email extra fields values after each registration to administrators • Option to use Email as Username • Optional automatic password generation on registration • Option to separate First Name and Last Name on registration • Username blocks, words censor • IP filters, whitelist/blacklist, ranges and wildcards supported • Backend administration with customization settings • Custom fields info available within user profile and user manager • Users CSV export with custom fields info • ACL permissions for backend • Automatic one-click updates • Multilanguage support, simple translation • Templates for easy layout editing • CSS Styling
c p
SCLogin Enhanced Login

SCLogin Enhanced Login

Free | Site Access | SourceCoast Extensions
3
Score:
100
58 reviews
SCLogin is a free and fully supported enhanced login module for Joomla 2.5 and Joomla 3.x. This module is based off the Joomla 3.x login module, with improvements like: * A horizontal mode * An easy template system * Improved two-factor authentication that asks for a separate password only from those users who have it configured * Streamlined looks * Modal popup view for login * Customizable user menu displayed when user's are logged in Additionally, the new module seamlessly integrates with JFBConnect for Facebook, Google, LinkedIn and Twitter authentication and login on your site. Go ahead, give it a try!
m
Marco's SQL Injection

Marco's SQL Injection

Free | Site Security | marco maria leoni
3
Score:
100
55 reviews
This plugin adds a simple but, in most cases, fondamental protection against SQL injection and LFI (local files inclusion) attacks. It checks data sent to Joomla and intercepts a lot of common exploits, saving your site from hackers. Filters requests in POST, GET, REQUEST and blocks SQL injection / LFI attempts. Notifies you by e-mail when a alert is generated. Protect also from unKnown 3rd Party extensions vulnerability. White list for safe components (at your risk ;) ) automatic ip blocking on attack Enable mail report and prepare yourself to be scared! Anyway remember that security it is a 'forma mentis', not a plugin! HISTORY Version 1.4 Apr 28th, 2014: * minor code fixes (not security related) * default table type set by DB engine * table creation by sql install file Version 1.2 Mar 26th, 2013: * Joomla! 3.0 compatility & coding style * try - catch table checking * InnoDB table support * it works fine, nothing else to do on J2.5 ;) Version 1.1 (Mar 10th, 2011) * ip auto banning on attack (ip blocking) * RegEx improvements to intercept more SQL attacks Version 1.0 (Jan 7st, 2011) * Joomla! v1.6 compatibility * send mail also when error is raised * minor code optimization Version .98a (Jun 1st, 2010) Thanks to Jeff * fixed backtics matching * fixed union all matching * fixed ....// exploit * added more info to report mail Version .98 (May 29th, 2010) first release. Please, keep in mind, I repeat: this plugin intercepts a lot of common exploits, not ALL!! this should be intended as an help, this is not "THE SOLUTION".
p
Antispam by CleanTalk

Antispam by CleanTalk

Paid download | Site Security | CleanTalk
3 4 Alpha
Score:
100
50 reviews
Max power, all-in-one, premium anti-spam plugin. No comment spam, no registration spam, no contact spam, protects any Joomla forms. Just install and forget. No CAPTCHA, no questions, no counting animals, no puzzles, no math and no spambots. Invisible antispam without CAPTCHA, questions, puzzles, counting animals, math and etc. CleanTalk Anti-Spam is a Joomla! partner https://www.joomla.org/about-joomla/partners.html Anti-Spam features Stops spam comments. Stops spam registrations. Stops spam contact emails. Stops spam orders. Stops spam bookings. Stops spam subscriptions. Stops spam in widgets. Checks and removes the existing spam comments and spam users. Spam protection • Stops spambots at VirtueMart. • Stops spambots at JComments 2.3, 3.0, K2. • Stops spambots contact emails on Joomla feedback from, Rapid Contact, VTEM Contact, Sobipro, RS Form, Breezing forms, Easybook Reloaded. • Spam protection for any Joomla forms (with enabled anti-spam option 'Enable anti-spam test for any contact forms'). Cloud anti-spam for Joomla. CAPTCHA less, no spam comments, no spam registrations, no spam contact emails Spam is one of the most irritating factors. Spam become every year more and conventional anti-spam can no longer handle all the spambots. CleanTalk prevents spam and automatically blocks it. You'll be surprised of effective protection against spam. Anti-spam plugin info CleanTalk is an anti-spam protection 4 in 1 for Joomla that protects login, comments, contact and VirtueMart forms all at once. You don't need to install separate anti-spam plugins for each form. This allows your website to work faster and save resources. After installation you will forget about spam, CleanTalk plugin will do all the work. You won't have to deal with spam, CleanTalk will do this for you automatically. CleanTalk is a transparent anti-spam protection, we provide detailed statistics of all entering comments and logins. You can always be sure that there are no errors. We have developed a mobile app for you to see anti-spam statistics wherever. We have developed antispam for Joomla that would provide maximum protection from spambots and you can provide for your visitors a simple and convenient form of comments/registrations without annoying CAPTCHAs and puzzles. Used to detect spam multistage test that allows us to block up to 99.998% of spambots. The anti-spam method offered by CleanTalk allows switching from the methods that trouble the communication (CAPTCHA, question-answer etc.) to a more convenient one. The CleanTalk is premium anti-spam for Joomla, please look at the pricing. We try to provide anti-spam service at the highest level and we can not afford to offer a free version of our service, as this will immediately affect the quality of providing anti-spam protection. Paying for a year of anti-spam service, you save a lot more and get: Up to 99.998% protection against spambots. Time and resources saving. More registrations/comments/visitors. Protect several websites at once at different CMS. Easy to install and use. Traffic acquisition and user loyalty. 24/7 technical support. Clear statistics. No captcha, puzzles, etc. Free mobile app to control anti-spam function on your website. Low false/positive rate This plugin uses multiple anti-spam tests to filter spambots with lower false/positive rate as possible. Multiple anti-spam tests avoid false/positive blocks for real website visitors even if one of the tests failed. How effective is CleanTalk Accurately blocking spam is not an easy thing to do, but CleanTalk has a very low proven False/Positive rate. Here is actual statistics on false positives for all customers. Registrations - 0.007% Comments - 0.001% Contact forms - 0.001% Orders - 0.008% Spam attacks log Service CleanTalk (this plugin is a client application for CleanTalk anti-spam service) records all filtered comments, registration and other spam attacks in the "Log of spam attacks" and stores the data in the log up to 45 days. Using the log, you can ensure reliable protection of your website from spam and no false/positive filtering. Spam FireWall CleanTalk has got an advanced option "Spam FireWall", this option allows blocking the most active spambots before they get access to a website. It prevents loading of pages of the website by spambots, so your web server doesn't need to perform all scripts on these pages. Also, it prevents scanning of pages of the website spambots. Therefore Spam FireWall significantly can reduce the load on your web server. Spam FireWall also makes CleanTalk the two-step protection from spambots. Spam FireWall is the first step and it blocks the most active spambots, CleanTalk Anti-Spam is the second step and it checks all other requests on the website at the moment before submitting comments/registers and etc. Private blacklists: Personal blacklists are very flexible and powerful tool, you can block or allow IP address, email address or mask e-mail (*@mail.com - will block/allow every address ending on @mail.com) Anti-Spam service Automatically block comments and registrations from your private black IP/email address list. This option helps to strengthen the protection from a manual spam or block unwanted comments from users. You can add not only the certain IP addresses but also a separate subnet to your personal blacklist. SpamFireWall It allows you to add individual IP addresses and subnets to SpamFireWall. It blocks the attacks from IP addresses which are not included in the SFW base yet. This option can help to block HTTP/HTTPS DDoS, SQL, brute force attacks and any others that made it through the HTTP/HTTPS. You can add not only the certain IP addresses but also a separate subnet to your personal blacklist. Check existing comments and users for spam. Bulk removal With the help of anti-spam by CleanTalk, you can inspect through existing comments and users to find and quickly delete spam comments/users at once. To use this function, go to plugin settings: Extensions -> Plugin Manager -> Anti-spam by CleanTalk then click the button “Check spam users” or “Check Spam comments”. How it works: the plugin takes the data of each comment (IP/email and date), by the comment date or the user registration date, it is checked what the IP/email status in the CleanTalk blacklist database was for that date. Based on this data a list of deletions is generated, which you can edit. Blocking users by country Automatically block comments and registrations from the countries you have set a ban for. This option is useful in cases of manual spam protection and for protection enhancement. If your site is not intended for an international audience and you do not expect comments/users from other countries. Blocking comments by "stop words" You can block comments which contain "stop words" to enhance spam filtering and messages with obscene words blocking. You can add particular words or phrases. How does Spam FireWall work? The visitor enters to your website. HTTP request data is checked of the nearly 5,8 million of certain IP spambots. If it is an active spam bot, it gets a blank page, if it is a visitor then it gets a site page. This is completely transparent to the visitors. All the CleanTalk Spam FireWall activity is being logged in the process of filtering. Spam FireWall DDoS Protection (Experimentally option) Spam FireWall can mitigate HTTP/HTTPS DDoS attacks. When an intruder makes GET requests to attack your website. Spam FireWall blocks all requests from bad IP addresses. Your website gives infringer a special page with a description of DDoS rejection instead of the website pages. Therefore Spam FireWall can help to reduce CPU usage on your server. How to protect sites from spambots without CAPTCHA? The most popular method is CAPTCHA -- the annoying picture with curved and sloping symbols, which are offered to the visitor to fill in. It is supposed that spambots won't discern these CAPTCHA, but a visitor will. CAPTCHA provokes great irritation, but if one wants to speak out, he has to fill in these symbols time after time, making mistakes and starting once again. Sometimes CAPTCHA reminds doodle 2x year old child. For users with vision problems, captcha is just an insurmountable obstacle. Users hate captcha. Captcha for users means "hate". Unreadable CAPTCHA stops about 80% of site visitors. After 2 failed attempts to bring it up to 95% reject further attempts. At the sight of CAPTCHA and after input errors, many visitors leave the resource. Thus, CAPTCHA helps to protect the resource both from bots and visitors. CAPTCHA is not a panacea from spam. Doubts Concerning the Need for CAPTCHA? Can I add exclusions for some pages of my sites Yes, you can. Open the file "custom_config.php" from directory /plugins/system/antispambycleantalk There are lines: Exclusion for URL: // Exclude urls from spam_check. List them separated by commas private $cleantalk_url_exclusions = ''; Exclusion for fields: //Excludes fields from filtering. List them separated by commas private $cleantalk_fields_exclusions = ''; For example: If you need to except these URLs: - example.com/some/thing - example.com/some/one - example.com/some/body You should add this: private $cleantalk_url_exclusions = 'some'; Make note, that you can add multiple URLs separated by commas: private $cleantalk_url_exclusions = 'Url1','Url2','Url3'; Additional features - Online, daily and weekly anti-spam reports traffic VS spam. - Apps for iPhone, Android to control anti-spam service, comments, signups, contacts. With traffic and spam statistics for last 7 days. - Anti-spam apps for most popular CMS on cleantalk.org.
p
Brute Force Stop

Brute Force Stop

Free | Site Security | Bernhard Froehler
3
Score:
100
40 reviews
This plugin provides means to avert Brute-Force-Attacks on your Joomla-Installation. For this purpose, the plugin stores information on failed login attempts, so that when reaching a configurable number of such failed login attempts the attacker's IP address can be blocked. Furthermore, you can configure notifications about failed logins and blocked IP addresses, as well as a configurable (optionally even adaptive) delay for a failed login attempt. The component included in the package will allow you to view the blocked IP addresses and manage them, manage whitelists of IP addresses which will never be blocked, viewing failed log attempts and testing the notification. New in version 1.4.1: - minor release fixing JED checker errors New in version 1.4.0: - Blocking via .htaccess - New method for determining client IP to support load balancers / proxies - IPv6 fixes (IPv6 subnet masks not yet supported) - mysql compatibility - php 7 compatibility For a detailed list of changes in each version see the commit history at https://github.com/codeling/bfstop/commits/master. Contributors: - pt-PT/pt-BR translations and various fixes by solrac (comproperty247(at)gmail.com) - ca-ES translations by nouespai - fr-FR translations by Flying_Lolo - nl-NL translations and various fixes by Rob van Baal (info(at)fischertechnikclub.nl/http://www.fischertechnikclub.nl) - es-ES translations by Aimagen (info(at)aimagen.com) - ru-RU translations by Raven (ravencrow(at)mail.ru) - it-IT translations and various fixes by Stefano Buscaglia (info(at)binarioetico.org/http://www.binarioetico.org) - old nl-NL translations by Agrusoft
c p
SecurImages Captcha Plugin

SecurImages Captcha Plugin

Paid download | Site Security | Ideal Extensions
3
Score:
100
37 reviews
This Captcha plugin works with any Joomla extension capable of using the Joomla core captcha plugin system. It uses the Securimage PHP CAPTCHA script for generating complex images and CAPTCHA codes (including math challenge) to protect forms from spam and abuse. It can be easily added into existing forms on your Joomla 2.5, 3.x or newer website to provide protection from Spam bots. It can run on almost all web-servers as long as you have PHP installed, and GD support within PHP. SecurImage does everything from generating the CAPTCHA images to validating the typed code. Audible codes can be streamed to the browser with Flash for the vision impaired. Features: Works with Joomla Registration and any other extensions that is compatible with Joomla captcha plugin system; Works with Contact Enhanced, iRecommend, Ajax Recommend and Ajax Contact; Customizable code length, character sets, and Unicode support; TTF font support. You can choose the font you want to use; Very easy to customize colors; Easily add background images; Easily add signature to images; Several security features such as image distortion, random lines, and noise; Flash button to stream audible codes in WAV format; Ability to use a word list; Add a word list in your language to /plugins/captcha/securimage/lib/words/ Display alphanumeric captchas, or simple math problems; Highly customizable! Screenshots Alphanumeric captchaSecurImage Math Challenge Online demo: Support Form Installation Install the plugin by accessing the administration menu of the back-end under Extensions. Then access Extensions → Plugin Manager, look for Captcha - SecurImage and customize it to your needs. Don't forget to enable it! The default installation file do not come with the audio files in order to keep the installation file under 2Mb (on some servers files over 2Mb are not uploadable). Download audio files: Noise files. Unzip and upload the files to /plugins/captcha/securimage/lib/audio/noise/ Audio: Unzip and upload the files to /plugins/captcha/securimage/lib/audio/ English (en-GB); Dutch (nl-NL); Italian (it-IT); Portuguese (pt-BR); Usage: We've tried to make it very simple to use Captcha. Select Extensions → Plug-in Manager from the drop-down menu of the Joomla! Administrator Panel. Go to Global Configuration, and select the "Site" tab. Choose "SecurImage" in your "Default Captcha" field. Click Save & Close. Go to your Plugin Manager. You can find this under Extension Manager along the top menu or in the buttons on the main page of your Administrator panel. Edit the Plug-In "Captcha - SecurImage" Set Status to "Published" Change the settings accordingly to your needs. Below is a screenshot of all the available settings;
p
Instant Facebook Login

Instant Facebook Login

Paid download | Site Access | J!Extensions Store
3 4 Alpha
Score:
100
33 reviews
NEW SOLUTION! Adding a Facebook, Google Plus, Twitter and LinkedIn social login and registration to your Joomla site has never been so easy thanks to Instant FBLogin It's the easiest and cheapest extension to add the ability to perform a social login and register using social accounts! Moreover Instant FBLogin includes a bunch of amazing social features to share contents, embed social comments, social posts feed, metatags and more! Using Instant FBLogin you won't lose anymore users that left your site annoyed by creating a new account to register by scratch. Integrating this extension will be possible login into your Joomla! system using FB, GPlus, Twitter orLinkedIn credentials just in one click. Now create a Facebook, Google Plus, Twitter or LinkedIn app and manage ID and secret code for authentication doesn't scare anymore, now easy step-by-step video tutorial is available even for non-experts to accomplish this in few minutes. The main features of this extension are: •Facebook Login(Requires https) •Google Login •Twitter Login •Linkedin Login •Easy and instant setup for Facebook login, Google Plus login ,Twitter and LinkedIn login •Social Login and auto-register in few seconds •Social share for contents •Open Graph Metatags management •Twitter Card Metatags management •Social share auto posting to Facebook, Google Plus, Twitter and LinkedIn when saving new articles •Social comments module for Facebook to add comments to every page of your website •Social posts module to show latest feeds and post from FB, G+, Twitter and LinkedIn •Advanced configuration and customization for the social login module •Social templates •Module templates •Modal lightbox window for the social login module •Integration with social extensions such as Jomsocial, Easysocial, etc •Avatar support to fetch Facebook, Google, Twitter and LinkedIn avatar for users •Users list for all newly added users using social login •Detailed info for social users •Export social users list in CSV format •Geolocation for users •Stats for social added and Joomla added users •Rendering in custom position using Joomla module •Extremely lightweight and high performance asyncronous script •Best support and video tutorial to configure easily your Joomla! site -Easiest setup: the easiest setup among all Joomla! extensions to add a social login to your site and a video tutorial to setup your FB/GPlus/Twitter/LinkedIn app -Highly customizable: thanks to templates and advanced settings the social login module and social buttons can be customized to fit your needs -Templates: multiple templates to customize the look and feel of your login module and social button, both for FB, Google, Twitter and LinkedIn login button -Users list: a detailed users list for all social added users, to export records and keep track of social users info -Share contents of your site to all main social networks such as Facebook, Google Plus, Twitter, etc. This increase also visibility of your site, ensuring that visitors of your website will be able to share your contents. -Metatags, Open Graph and Twitter Card: most content is shared to social networks as a URL, so it's important that you mark up your website with Open Graph tags to take control over how your content appears on socials. -Social share auto posting to post and share immediately any new article to socials as soon as it's created in the Joomla backend. -Facebook Comments Module to manage users comments on each page of your website. -Social Posts Module to include social posts displayed as a feed of recent posts and activites from your social network account. -Best support: our Joomla! expertise team is available for every needs to help you on site during configuration -Social integration: already integrated with your social platform such as JomSocial, EasySocial, Community Builder and Kunena Stop getting lost in the midst of a lot of complex features! This is the challenge of Instant FBLogin, being an immediate and easy tool for everyone also if not expert to manage a social app easily and to add social login and share capability. NOTICE: as stated by Facebook policy updates for privacy and security reasons the https protocol on your website is required in order to perform Facebook login since August 1, 2018. If your website is still not upgraded to the HTTPS protocol, it's strongly recommended that you update your pages to work over HTTPS as soon as possible in order to maintain the compatibility with the Facebook Login feature. Available for JOOMLA VERSIONS: 2.5 and 3.x series. Simply contact us to request a language translation.
c m p
R Antispam

R Antispam

Free | Site Security | Ratmil
3
Score:
100
32 reviews
"R Antispam" is the only Joomla antispam extension for Kunena forums that uses a Bayesian algorithm. This means that spam recognition is improved over time. It can be adapted to prevent spam in other extensions. It works better if integrated with Akismet. You can get an akismet key at akismet.com. And if you think that you have to pay for a key, better look again and you will find that you can get it for free. The extension adds a reference to the developer's site, but you can remove this in configuration.
c p