- Site Security

Kratos Anti Spam

Kratos Anti Spam

Paid download | Site Security | Claudiu Maftei
3
Score:
98
10 reviews
Kratos Anti Spam is a Joomla plugin, built to stop bots from sending spam through all website forms (i.e.: contact forms, VirtueMart ask a question, comments, etc.) CAPTCHA ALTERNATIVE -STOP SPAM -STOP HACKING -Don't require users to input captcha codes, or to answer questions -Invisible to the user -Block post resending/duplication -One click install -No conflicts with other extensions -No javascript conflicts -Protect front-end and/or backend -Protect when users logged in or logged out -Set custom error message -Set custom error redirect URL -Option to exclude protection on pages (i.e.: paypal payment notification request url) -Option to log hack attempts -Log modified files, usefull to monitor hacked files -Option to send log in email at specific time -Option to send log email on demand
p
Login One!

Login One!

Free | Site Security | Innato BV
3
Score:
98
7 reviews
A very popular and nifty plugin that prevents duplicate or multiple log-ins by the same user credentials, for both front-end and back-end. A wonderful and effective tool for websites that share or exchange potentially sensitive information amongst registered users. User must either sign off the first session, or wait until the first session has expired. Super administrators can always have multiple log-ins. There are two plugins that must be installed via the Joomla! back-end. See instructions in the download package. This freeware Trial version is very basic and for evaluation only. The Premium and Business editions are the 'real thing', with full frontend language support and additional options to allow multiple log-ins for specified groups and users. The Premium Edition is competitively priced and already miles more complete than the freeware version, but if you are running a professional website, you will never regret your purchase of the Business Edition. Compatible with Joomla! 3.8.7 and PHP 5.3 or later and PHP 7. The download link also provides access to the J2.5 version.
p
jSecure Lite

jSecure Lite

Free | Site Security | JSP Team
3
Score:
98
5 reviews
jSecure Lite for Joomla! Drawback: Joomla has one drawback, any web user can easily know if the site is created in Joomla! by typing the URL to access the administration area (i.e. www.sitename.com/administrator). This allows hackers to hack the site easily once they crack the id and password for Joomla!. The jSecure Lite component prevents access to the administration (back end) login page if the user does not use the appropriate access key. Easy to install, jSecure Lite adds a layer of security to your Joomla! website.
c p
Custom reCaptcha

Custom reCaptcha

Free | Site Security | Olivier Buisard
3
Score:
98
4 reviews
Custom reCaptcha is a plugin that gives you control over the look of Google's reCaptcha. It can replace the standard reCaptcha plugin packaged with Joomla! and adds solutions to make any version of the reCaptcha widget responsive. reCaptcha from Google is a 'one-size-fits-all-designs' widget that does not offer many possible styles. The purpose of this simple plugin is to give you access to the raw widget (version 1) and allow you to perform your own skinning. Version 2 of the Google widget is not skin-nable but the plugin attempts to render it responsive. Fully supports all versions of reCaptcha (version 1 without themes, no Captcha reCaptcha and invisible reCaptcha), Support for SSL and RTL pages, Adds noscript tags for users that have disabled scripts in their browser or have a browser that doesn't support javascript. More information at https://simplifyyourweb.com/free-products/custom-recaptcha
p
OSpam-a-not

OSpam-a-not

Free | Site Security | Joomlashack
3
Score:
98
4 reviews
OSpam-a-not is the easiest way to protect your site from spam. OSpam-a-not uses two unobtrusive techniques to protect your forms from a flood of spam. First, OSpam-a-not uses a Time Gate. This is a hidden timestamp that records how long it took to fill in a form. If the form was submitted more quickly than humanly possible, we can block the submission. Second, OSpam-a-not uses a Honey Pot. A text field is added to the form and hidden by adding a style tag at the end of the document head tag. It isn't visible to a human user, but a spambot doesn't see that and fills in the field anyway. If we find anything at all in that field when the form is submitted, we've caught a spambot in the honey pot! And the form is blocked.
p
Securitycheck

Securitycheck

Free | Site Security | Texpaok
3
Score:
97
34 reviews
Securitycheck is a medium protection suite. This version includes: A modular interface to manage the entire extension quickly and easily. Web Firewall The web firewall has been tested against more than 90 SQL, LFI and XSS attacks patterns, and includes the following features: IPv6 supported. Blacklist. Whitelist. Events recording, which can be viewed by admins from backend. Redirection to a default page if an attack is detected. Second level protection to find suspect words. Session protection File Manager You can check file/folder permissions and easily view misconfigured configurations. .Htaccess protection Want to hide your backend url? Add a secret key to your admin page to prevent dictionary and brute force attacks. Vulnerabilities checking Securitycheck performs a check of the versions of all the components of your Joomla installation, comparing them with its database to show if there are vulnerable extensions. Forget individually test of every component to avoid vulnerabilities: Securitycheck does it for you. Remote Management Manage the extension remotelly from a centralized console. ++ Please, read the user guide before install the extension.
c p
Mail IP Address

Mail IP Address

Free | Site Security | Fiona Coulter
3
Score:
97
11 reviews
A simple plugin that mails the IP address of new user registrations to all users who are set to receive system emails. It also mails the name, username and email address. Usage: Install as normal using the Joomla installer. Remember to enable the plugin in the plugin manager. It will send emails to any user who is set to receive system emails, so if you don't get an email check you are set to receive them in the Joomla user manager. That's it. News Version 2.1.0 supports the Joomla updater Version 2 is now compatible with Joomla 3 as well as 2.5. It also includes a language file to make it easier to override the message text.
p
jGraphic Captcha Protection

jGraphic Captcha Protection

Free | Site Security | SafetyBis Ltd.
3
Score:
97
3 reviews
This plugin is good solution against spam on your website. jGraphic Captcha Protection is easy to setup and use. No extra hardware or complicated software to install. It protects your website against bots and spam software. Adds extra security for user registration page, lost password page. Possible to integrate into any Joomla template. jGraphic Captcha Protection is simple, but very powerful tool, what adds a higher level of security to your website. Main features: Easy to install, easy to use. Easy for human, complicated for robots. Prevents password brute force attack on login page. Prevents automatic new user registration on your website. Block spam software. Different levels of the security. Free support.
p
OSOLCaptcha

OSOLCaptcha

Free | Site Security | Sreekanth Dayanand
3
Score:
96
111 reviews
Captcha for joomla core and custom forms.Inserts captcha in registration,contact,reset password, remind username forms on enabling this plugin.To add captcha in custom forms without changing any existing codes or admin settings, follow the steps mentioned below. Just have to follow 3 steps for core forms. 1.install the plugin 2.publish the plugin . 3.Check the 5 forms(mentioned above). OSOLCaptcha Version 2 and above developed for joomla 2.5 and 3 uses regexp and AJAX verification .if the captcha doesnt appear in any of the core forms, you need to edit osolCaptcha/coreForms.php and update the regexp for the particular form based on the template you are using. ---Important step for Custom forms/Non core Joomla forms--- If you are familiar with regexp ,you could add OSOLCaptcha for any forms.For this you need to add a file in 'osolCaptcha/nonCoreForms' folder.you can check 'virtuemart.php' to see how to set regexp for any non core form. PS: Inorder to have this plugin insert captcha ,the form should have an id or name and a submit button inside 'form' tag.Though by default it usually will have,I am explicitly mentioning it because I have seen users developing custom forms and template overrides without name or id attribute and compalining that the captcha oesnt work there. It is recommended that this be done by coders or with their help though installing and publishing the plugin could be done by anyone(which in turn will add the captcha to the core forms mentioned above) Further there is a layer of backend spam protection with the help of botscout api which could prevent even human spams to an extend.We reccomend you to enable this as well. Currently there are 2 limitations for this plugin 1.If the html part is customized for comuser,modlogin or com_contact,it may not work.Since this is aimed for non techy joomla users it wont affect them as they dont edit any files.However if there is a template override with form id/name change and submit button tag change you should edit plugins/system/osolcaptcha/osolCaptcha/coreForms.php and change the 2 variables for that form properly 'formId' => 'tagToPlaceCaptchaBefore' => Enabling auto add for modlogin(not available from version 2.0 onwards) is subject to conditions and is disabled by default.if you enable it, make sure that it is in a unique position ,position must be any of these('left','right','top','user2','user3') .The position occupied by modlogin should not contain any other modules I have included a link to the download page of this plugin with the captcha image.You are free to remove it,though I will be happy to have that link with the captcha image :) This is my first extension to JED.Any suggestions and help on improving this plugin will be much appreciated PS:Please check the technical requirements section and FAQs section in the download page of the plugin,first if you are having any issues with the plugin AJAX verification
p
RSFirewall!

RSFirewall!

Paid download | Site Security | RSJoomla!
3
Score:
96
108 reviews
Keep your website safe RSFirewall! is the most advanced Joomla! security extension, developed by us at RSJoomla!, that you can use to protect your Joomla! website from intrusions and hacker attacks. It's backed up by a team of experts that are trained to be always up to date with the latest known vulnerabilities and security updates, making RSFirewall! the best choice in keeping your website safe. Specs » Compatible with Joomla! 3.x Highlights » Backend Password - Add an extra layer of security by typing in a password before logging in the administration! » Blacklist - Block unwanted (single or multiple using wildcards ..., CIDR notation and ranges) IP addresses. » IPv6 support » Whitelist - Bypass protections for selected IPs. » Stop brute-force login attempts - Capture login attempts (as well as incorrect passwords). » Malware database - Detects obfuscated, encoded as well as potentially dangerous files (eg. base64encode, eval, gzinflate, pregreplace /e) » Automatically drop dangerous files when they're uploaded - such as .php, .js, .exe, .com, .bat, .cmd » Disable the creation of new Administrators » Protects selected Administrators from any changes - including password change! » Log all security events and send messages to specified email address(es) » Powerful exception system - Disable protections based on User Agent, URL or component (regular expressions allowed). » Database Check - Optimize & repair your database tables. » Display CAPTCHA in the administration section after a predefined number of failed login attempts. Active Protections » Country blocking - Allows you to select which countries have access to your Joomla! website (also blocks anonymous proxies). Based on GeoIP Lite Country database. » Local file inclusion (LFI) » Remote file inclusion (RFI) » SQL injection (SQLi) » HTML, Javascript and CSS filtering (XSS) » Denial of Service (DoS) - Block unwanted User Agents » Automatic blacklist » Actively scans POST and GET variables. » Keeps an eye on sensitive Joomla! files and alerts you if they are changed. System Check » Check for the latest Joomla! & RSFirewall! versions. » Provides suggestions on how to tighten your PHP & Joomla! configuration. » Scan Joomla! core files for integrity. » Scan files and folders for common permission errors. » Scan files for common malware.
c m p
jSecure

jSecure

Paid download | Site Security | JSP Team
3
Score:
96
41 reviews
jSecure Authentication is a security component which enables multi layered security protection to your Joomla website. Drawback: Joomla has one drawback, any web user can easily know the site is created in Joomla! by typing the URL to access the administration area (i.e. www.site name.com/administration). This makes hackers hack the site easily once they crack id and password for Joomla!. Information: jSecure Authentication module prevents access to administration (back end) login page without appropriate access key. Easy to install, jSecure adds a higher level of security to your Joomla website. Features : 1) Google Re-Captcha Security - jSecure Google recaptcha feature provides secure authentication to Joomla administrator system. jSecure Google reCAPTCHA feature protects your joomla administrator access from spam attacks. It does this while letting your valid users pass through with ease. 2) Secure Image Authentication - Secure Image Authentication function adds a second layer security of user authentication to your joomla administrator system. Secure image authentication matches the MD5 hash value of uploaded image with the stored image . 3) Spam IP Protection - This is a very useful online security feature. Spam IP Protection feature blocks the access of spammers to your joomla administrator system. Spam IP protection uses spam protection api to identify the spam IP and block them thereby protecting your website. 4) Country Block - Using Country Block feature website owners can block countries from where their website's joomla administrator section is attacked most. 5) Change Database Prefix - Changing the database table prefix is an easy way for an attacker to destroy your website. Our change db prefix functionality prevents hackers from damaging the database by changing its prefix. 6) WHOIS Lookup Tool - Using WHOIS Lookup tool website administrator can find out the domain’s name servers (DNS) information used for service 7) Email Scan - This feature allows website owners to blacklist spam email address in joomla administrator. During user registration on frontend these email ids are matched with the one saved in database. If it matches user is blocked from registering on frontend. 8) Multiple User keys - Using this feature a user can set multiple secret keys to different groups. Multiple secret keys can be set to different groups whom you wish to grant access to your joomla! backend without sharing your master passkey. Multiple User Keys feature is an important user authentication feature. 9) Form Based Authentication - Form based authentication is a first layer of user authentication security which allows a user to enter a secret key in a form instead of a url. 10) Auto Ban I.P Address - Auto Ban IP feature is used to block a specific IP address. This is an important website security protection feature which helps your website from spammers attack. 11) Component Security - Restrict access to other components installed on your site by setting passwords for them. 12) Access Graph feature - Detailed graph to show successful & unsuccessful login attempts on your site administration. 13) Master Password Protection - You can block access of jSecure component to other users. Setting to "Yes", allows you to create a password that will be required when any administrator tries to access the jSecure configuration settings in the Joomla administration area. 14) Master Login Control - Login control feature restrict multiple users from logging into the site using same username and password. 15) Admin Password Protection - Added password protection to add extra security layer over the administrator folder using htaccess and htpassword. 16) Assigning Black Listed IP’s and White Listed IP's - Bans an IP automatically after some specific attempts for a particular time period from accessing the admin area. jSecure Authentication 3.0 has a range of improvements including: 3.5(19-Dec-2016): Note : Only for joomla! version 3.x Change Database Prefix Country Block for website's frontend Whois Lookup New Dashboard 3.4(1-Feb-2016): Note : Only for joomla! version 3.x Country Block feature Minor bug fixes 3.3(14-Oct-2015): Note : Only for joomla! version 3.x Email Scan during user registration Minor bug fixes 3.2(02-Feb-2015): Note : Only for joomla! version 2.5.x and 3.x A. Google Re-Captcha B. Secure Image Authentication C. Spam IP Protection 3.1(18-Sep-2014): Note : Only for joomla! version 2.5.x and 3.x A.Multiple Userkeys Assign multiple userkeys to different users whom you wish to grant access to your joomla! backend without sharing your master passkey. B.Form Based Authentication Changed the look & feel of form based authentication page. 3.0.3(29-May-2014): Fixed the Resource not found (404) console error for the file jsecure.css in jSecure login form. 3.0.2(23-Jul-2013): A. Auto Ban I.P Address Auto Ban IP Feature. Blacklist vulnerable IP addresses automatically. B. Manage IP's With this feature you can simply add/remove Blacklisted IP's from "View Log". 3.0.1(12-Mar-2013): A. Secure Components Now with jSecure you can password protect installed components in admin area. B. Access Graph Graphical representation of correct v/s wrong access for different segments of time. 3.0 (19-Dec-2012): Added Security Features: A. Master Password: You can block access to the jSecure component from other administrator. Setting to "Yes", allows you to create a password that will be required when any administrator tries to access the jSecure configuration settings in the Joomla administration area. If you do not enter a master password, the default password will be "jSecure". Provides options to include particular sections of the component in master password. B. Master Login Control: Login control to restrict multiple users from logging into the site using same username and password. C. Admin Password Protection: Added password protection to add extra security layer over the administrator folder using htaccess and htpassword. D. Directory Listing: Directory listing to show list of all files and folders with their permissions on the site. Added Tools: A. Black Listed/ White Listed IP's: Now range of IPs can be black listed or white listed by using format '192...'. Warning !!! Use of '...*' is not permitted. !!! B. Meta Tag Controller: Meta tag controller to override metadata of Joomla. C. Purge Sessions: Using this option will cleanup session of all logged-in users and they let logged-out. * Improved backend presentation * Improved support on our forum Change Logs: Change Log for (J2.5, J3.0) 2.1.10(8-Nov-2012): Included option to manage the permission settings for the user groups. Change Log for (J3.0): 2.1.10(3-Oct-2012): Imp
c p
Pre Registration Email Validation

Pre Registration Email Validation

Free | Site Security | Function90
3
Score:
96
3 reviews
Pre-Registration Email Validation plugin allows your users to validate their email id before registration. It will reduce the SPAM at your site and also reduce the possibility in typo in email address. You don't have to perform more than two step, just install and enable the plugin. How it works :- An extra button and text field will be shown for sending and entering validation code. User need to click on "Send Code" after filling email id. User will receive an email containing Validation Code. User need to enter that validation code in the text field, and than click on Submit button. It supports core Joomla! registration and JomSocial registration as well. Advantage :- It will reduce the AUTO SPAM for registration to zero. User has to enter valid email id. If that was spammer then it will not make entry in user table unless he validate that entry by entering code. It works on client side as well as on server side. You are not required to enable Email Activation functionality. User will not make any type mistake in email id while registration. No need to worry about newsletter bounce. If spam entries are not in the user table then no need to apply filter on sending emails and newsletter. It will keeps your user table clean.
p
CUpdater

CUpdater

Free | Site Security | compojoom
3
Score:
96
3 reviews
CUpdater is a system plugin that will notify you with a mail if there is a joomla or 3rd party extension (only for extensions that have provided an update server) update available. Features: - intelligent update check - not slowing down your server - choose the user-group to receive email - custom email address field - choose at what interval to make the updates - receive emails even if no updates are found developed by compojoom
p
CWD Easy Captcha

CWD Easy Captcha

Free | Site Security | Cations Web Dev
3
Score:
96
2 reviews
CWD simple captcha CWD simple captcha works with Joomla and any other extensions that are compatible with Joomla captcha plugin system. It provides you to: Change captcha image background color Change captcha text color Change difficulty lines color
p
Fail2Ban

Fail2Ban

Free | Site Security | mediahof
3
Score:
96
2 reviews
This System-Plugin is listing on the Joomla Event onUserLoginFailure and create a log entry with the php function error_log. "error_log" also forward errors to apache error log, so fail2ban was triggered.
p
User Login Tracking

User Login Tracking

Free | Site Security | A. S. M. Sadiqul Islam
3
Score:
96
2 reviews
This is a sample plugin, tracks user(s) login and Store IP address, time-stamp, username & user ID in database and also send email to admin. Gets IP address in better a way. You can enable or disable sending email(enabled by default). You can enable Or disable tracking supper user's login (disabled by default). *This plugin has been created for Joomla version 2.5 but also has been enabled for version 3.0 or higher (tested on 2.5.11 & 3.2.2).
p
Encrypt configuration

Encrypt configuration

Free | Site Security | Ratmil
3
Score:
95
38 reviews
Unless you use SSL, a user logs into Joomla sending his password in plain text across the network. A malicious user could take advantage of this vulnerability and can have access to the back-end. This plugin is an alternative to SSL. It uses RSA to encrypt passwords or any other data you want in your component. It is necessary to have the bcmath extension Works with Signal Login, JTP Horizontal Login, PWC Login, Inline Login and vtj login modules. For other Joomla extensions, like Alpha Registration, Community Builder, Core Design Login Module, Yoo Login, YJ Pop Login Module you can find plugins at http://www.ratmilwebsolutions.com/downloads/encryption-plugins.html. No need to set up. Just install it and install the required plugins.
c p
Two Factor Authentication

Two Factor Authentication

Free | Site Security | Ready Bytes
3
Score:
95
13 reviews
Two Factor Authentication (TFA) is a 100% Open Source, free to use security system for your Joomla site’s backend. Two Factor Authentication works in collaboration with the Google’s famous Authenticator App. Installing this app adds an extra layer of security in addition to the Joomla’s login system (front-end as well as back-end). If anybody gains your admin or site member's login credentials and try to attempt login then another module of Two factor Authentication will pop up instantly and it will ask for a unique Time-based One-Time Password (TOTP) which will be generated only on your Cellphone via Google's Authenticator App. So, this new layer will add up to the strength of the security at your end. Two Factor Authenticator secures the signing in process using 2 constants- + Something you know i.e. your site’s backend password. + Something you have i.e. your mobile phone (to generate the one time code). Know more >> http://www.readybytes.net/blog/item/two-factor-authentication-for-joomla.html Main Key Features are:- 1. Two Step Authentication Setup with Google Authenticator. 2. Verify with a Barcode. 3. Verify with a Account Name and Secret-Key. 4. Backup Codes Available 5. Logging in with Two Step Authentication. New Features (in version 2.0):- Available for backend as well as frontend login. End User Configurable: The admin can enable the plugin for all his users and now the users will be able to choose whether to use the security feature or not.
p