- Site Security

Login One!

Login One!

Free | Site Security | Innato BV
3
Score:
98
7 reviews
A nifty plugin that prevents duplicate or multiple log-ins by the same user credentials, for both front-end and back-end. A wonderful and effective tool for websites that share or exchange potentially sensitive information amongst registered users. User must either sign off the first session, or wait until the first session has expired. Super administrators can always have multiple log-ins. There are two plugins that must be installed via the Joomla! back-end. See instructions in the download package. Supported languages: Frontend: Dutch, English, German. Backend: English. This freeware version is very basic and for evaluation only. The Premium and Business editions are the 'real thing', with full frontend language support and additional options to allow multiple log-ins for specified groups and users. Compatible with Joomla! 3.6.5 and PHP 7. The download link also provides access to the J2.5 version.
p
Custom reCaptcha

Custom reCaptcha

Free | Site Security | Olivier Buisard
3
Score:
98
4 reviews
Custom reCaptcha is a plugin that gives you control over the look of the Google's reCaptcha widget. It can replace the standard reCaptcha plugin packaged with Joomla! reCaptcha from Google is a 'one-size-fits-all-designs' widget that does not offer many possible styles. Until now it fit my projects but once I started working on responsive templates, the size of the default reCaptcha themes started being in the way, especially for mobile designs. Nothing is lost, as Google offers a way to get the widget in a 'raw' state and is (almost) fully skinnable (see https://developers.google.com/recaptcha/old/docs/customization). The purpose of this simple plugin is to give you access to the raw widget and allow you to perform your own skinning, right from your template. Hard core stylers and developers alike, go crazy and make it beautiful. Do not hesitate to show off your designs in the forum. The plugin uses version 1.0 of the reCaptcha Google API. That API is no longer supported, although will continue to work. For more information, check Google's FAQ about reCaptchas v1 and v2 at https://developers.google.com/recaptcha/docs/faq. News keys registered at Google will only work for v2 of the reCaptcha API.
p
jSecure Lite

jSecure Lite

Free | Site Security | JSP Team
3
Score:
98
4 reviews
jSecure Lite for Joomla! Drawback: Joomla has one drawback, any web user can easily know if the site is created in Joomla! by typing the URL to access the administration area (i.e. www.sitename.com/administrator). This allows hackers to hack the site easily once they crack the id and password for Joomla!. The jSecure Lite component prevents access to the administration (back end) login page if the user does not use the appropriate access key. Easy to install, jSecure Lite adds a layer of security to your Joomla! website.
c p
EJB - Easy Joomla Backup

EJB - Easy Joomla Backup

Free | Site Security | Viktor Vogel
3
Score:
97
19 reviews
Easy Joomla Backup creates 'old-school' backups without any frills. All files and a full database dump are stored in one backup zip archive. With this archive you have all important data with which you can restore the website completely combined in one package. The component is intentionally kept simple, so as not to distract from the essentials: backing up the Joomla! website! Use the cronjob plugin to schedule your backups! Features Create quickly and easily backups in Joomla! Extension creates Backups of all files and the database 3 different backup types: Full, Database and File Backup All files and a database dump are packed into one ZIP archive Extended ACL settings: Configure, Access Administration Interface, Delete, Download, Full Backup, Database Backup, File Backup, Discover Easy recovery - files via FTP, database dump via a database tool, e.g. phpMyAdmin Exclude files from the backup archive Exclude folders from the backup archive Add 'DROP TABLE' order to the dump file Add additional tables from the database System Plugin: EJB Cronjob Download Joomla! 3.x - https://joomla-extensions.kubik-rubik.de/downloads/ejb-easy-joomla-backup/joomla-3 Support The extension is completely free, but you need a subscription for support: https://joomla-extensions.kubik-rubik.de/subscription
c p
Mail IP Address

Mail IP Address

Free | Site Security | Fiona Coulter
3
Score:
97
12 reviews
A simple plugin that mails the IP address of new user registrations to all users who are set to receive system emails. It also mails the name, username and email address. Usage: Install as normal using the Joomla installer. Remember to enable the plugin in the plugin manager. It will send emails to any user who is set to receive system emails, so if you don't get an email check you are set to receive them in the Joomla user manager. That's it. News Version 2.1.0 supports the Joomla updater Version 2 is now compatible with Joomla 3 as well as 2.5. It also includes a language file to make it easier to override the message text.
p
jGraphic Captcha Protection

jGraphic Captcha Protection

Free | Site Security | SafetyBis Ltd.
3
Score:
97
3 reviews
This plugin is good solution against spam on your website. jGraphic Captcha Protection is easy to setup and use. No extra hardware or complicated software to install. It protects your website against bots and spam software. Adds extra security for user registration page, lost password page. Possible to integrate into any Joomla template. jGraphic Captcha Protection is simple, but very powerful tool, what adds a higher level of security to your website. Main features: Easy to install, easy to use. Easy for human, complicated for robots. Prevents password brute force attack on login page. Prevents automatic new user registration on your website. Block spam software. Different levels of the security. Free support.
p
Marco's SQL Injection

Marco's SQL Injection

Free | Site Security | marco maria leoni
3
Score:
96
53 reviews
This plugin adds a simple but, in most cases, fondamental protection against SQL injection and LFI (local files inclusion) attacks. It checks data sent to Joomla and intercepts a lot of common exploits, saving your site from hackers. Filters requests in POST, GET, REQUEST and blocks SQL injection / LFI attempts. Notifies you by e-mail when a alert is generated. Protect also from unKnown 3rd Party extensions vulnerability. White list for safe components (at your risk ;) ) automatic ip blocking on attack Enable mail report and prepare yourself to be scared! Anyway remember that security it is a 'forma mentis', not a plugin! HISTORY Version 1.4 Apr 28th, 2014: * minor code fixes (not security related) * default table type set by DB engine * table creation by sql install file Version 1.2 Mar 26th, 2013: * Joomla! 3.0 compatility & coding style * try - catch table checking * InnoDB table support * it works fine, nothing else to do on J2.5 ;) Version 1.1 (Mar 10th, 2011) * ip auto banning on attack (ip blocking) * RegEx improvements to intercept more SQL attacks Version 1.0 (Jan 7st, 2011) * Joomla! v1.6 compatibility * send mail also when error is raised * minor code optimization Version .98a (Jun 1st, 2010) Thanks to Jeff * fixed backtics matching * fixed union all matching * fixed ....// exploit * added more info to report mail Version .98 (May 29th, 2010) first release. Please, keep in mind, I repeat: this plugin intercepts a lot of common exploits, not ALL!! this should be intended as an help, this is not "THE SOLUTION".
p
jSecure

jSecure

Paid download | Site Security | JSP Team
3
Score:
96
40 reviews
jSecure Authentication is a security component which enables multi layered security protection to your Joomla website. Drawback: Joomla has one drawback, any web user can easily know the site is created in Joomla! by typing the URL to access the administration area (i.e. www.site name.com/administration). This makes hackers hack the site easily once they crack id and password for Joomla!. Information: jSecure Authentication module prevents access to administration (back end) login page without appropriate access key. Easy to install, jSecure adds a higher level of security to your Joomla website. Features : 1) Google Re-Captcha Security - jSecure Google recaptcha feature provides secure authentication to Joomla administrator system. jSecure Google reCAPTCHA feature protects your joomla administrator access from spam attacks. It does this while letting your valid users pass through with ease. 2) Secure Image Authentication - Secure Image Authentication function adds a second layer security of user authentication to your joomla administrator system. Secure image authentication matches the MD5 hash value of uploaded image with the stored image . 3) Spam IP Protection - This is a very useful online security feature. Spam IP Protection feature blocks the access of spammers to your joomla administrator system. Spam IP protection uses spam protection api to identify the spam IP and block them thereby protecting your website. 4) Country Block - Using Country Block feature website owners can block countries from where their website's joomla administrator section is attacked most. 5) Change Database Prefix - Changing the database table prefix is an easy way for an attacker to destroy your website. Our change db prefix functionality prevents hackers from damaging the database by changing its prefix. 6) WHOIS Lookup Tool - Using WHOIS Lookup tool website administrator can find out the domain’s name servers (DNS) information used for service 7) Email Scan - This feature allows website owners to blacklist spam email address in joomla administrator. During user registration on frontend these email ids are matched with the one saved in database. If it matches user is blocked from registering on frontend. 8) Multiple User keys - Using this feature a user can set multiple secret keys to different groups. Multiple secret keys can be set to different groups whom you wish to grant access to your joomla! backend without sharing your master passkey. Multiple User Keys feature is an important user authentication feature. 9) Form Based Authentication - Form based authentication is a first layer of user authentication security which allows a user to enter a secret key in a form instead of a url. 10) Auto Ban I.P Address - Auto Ban IP feature is used to block a specific IP address. This is an important website security protection feature which helps your website from spammers attack. 11) Component Security - Restrict access to other components installed on your site by setting passwords for them. 12) Access Graph feature - Detailed graph to show successful & unsuccessful login attempts on your site administration. 13) Master Password Protection - You can block access of jSecure component to other users. Setting to "Yes", allows you to create a password that will be required when any administrator tries to access the jSecure configuration settings in the Joomla administration area. 14) Master Login Control - Login control feature restrict multiple users from logging into the site using same username and password. 15) Admin Password Protection - Added password protection to add extra security layer over the administrator folder using htaccess and htpassword. 16) Assigning Black Listed IP’s and White Listed IP's - Bans an IP automatically after some specific attempts for a particular time period from accessing the admin area. jSecure Authentication 3.0 has a range of improvements including: 3.5(19-Dec-2016): Note : Only for joomla! version 3.x Change Database Prefix Country Block for website's frontend Whois Lookup New Dashboard 3.4(1-Feb-2016): Note : Only for joomla! version 3.x Country Block feature Minor bug fixes 3.3(14-Oct-2015): Note : Only for joomla! version 3.x Email Scan during user registration Minor bug fixes 3.2(02-Feb-2015): Note : Only for joomla! version 2.5.x and 3.x A. Google Re-Captcha B. Secure Image Authentication C. Spam IP Protection 3.1(18-Sep-2014): Note : Only for joomla! version 2.5.x and 3.x A.Multiple Userkeys Assign multiple userkeys to different users whom you wish to grant access to your joomla! backend without sharing your master passkey. B.Form Based Authentication Changed the look & feel of form based authentication page. 3.0.3(29-May-2014): Fixed the Resource not found (404) console error for the file jsecure.css in jSecure login form. 3.0.2(23-Jul-2013): A. Auto Ban I.P Address Auto Ban IP Feature. Blacklist vulnerable IP addresses automatically. B. Manage IP's With this feature you can simply add/remove Blacklisted IP's from "View Log". 3.0.1(12-Mar-2013): A. Secure Components Now with jSecure you can password protect installed components in admin area. B. Access Graph Graphical representation of correct v/s wrong access for different segments of time. 3.0 (19-Dec-2012): Added Security Features: A. Master Password: You can block access to the jSecure component from other administrator. Setting to "Yes", allows you to create a password that will be required when any administrator tries to access the jSecure configuration settings in the Joomla administration area. If you do not enter a master password, the default password will be "jSecure". Provides options to include particular sections of the component in master password. B. Master Login Control: Login control to restrict multiple users from logging into the site using same username and password. C. Admin Password Protection: Added password protection to add extra security layer over the administrator folder using htaccess and htpassword. D. Directory Listing: Directory listing to show list of all files and folders with their permissions on the site. Added Tools: A. Black Listed/ White Listed IP's: Now range of IPs can be black listed or white listed by using format '192...'. Warning !!! Use of '...*' is not permitted. !!! B. Meta Tag Controller: Meta tag controller to override metadata of Joomla. C. Purge Sessions: Using this option will cleanup session of all logged-in users and they let logged-out. * Improved backend presentation * Improved support on our forum Change Logs: Change Log for (J2.5, J3.0) 2.1.10(8-Nov-2012): Included option to manage the permission settings for the user groups. Change Log for (J3.0): 2.1.10(3-Oct-2012): Imp
c p
Kratos Anti Spam

Kratos Anti Spam

Paid download | Site Security | Claudiu Maftei
3
Score:
96
10 reviews
Kratos Anti Spam is a Joomla plugin, built to stop bots from sending spam through all website forms (i.e.: contact forms, VirtueMart ask a question, comments, etc.) CAPTCHA ALTERNATIVE -STOP SPAM -STOP HACKING -Don't require users to input captcha codes, or to answer questions -Invisible to the user -Block post resending/duplication -One click install -No conflicts with other extensions -No javascript conflicts -Protect front-end and/or backend -Protect when users logged in or logged out -Set custom error message -Set custom error redirect URL -Option to exclude protection on pages (i.e.: paypal payment notification request url) -Option to log hack attempts -Log modified files, usefull to monitor hacked files -Option to send log in email at specific time -Option to send log email on demand
p
Clef 2-factor for Joomla

Clef 2-factor for Joomla

Free | Site Security | Anything Digital & inetis
3
Score:
96
4 reviews
Clef for Joomla is our Joomla integration for Clef, the mobile app that replaces usernames and passwords with your smartphone. Unlike Google Authenticator, Clef does not require you to type codes at every login. Simply hold your phone up to your computer to login with Clef. After a single login, you will then be automagically logged in to every Clef-enabled site. This multi-site, 2-factor authentication system even lets you remotely log out of all your sites at once, right from your phone, even if you've left the office in a hurry and forgot to logout. You can see how it works in this short video: http://vimeo.com/97555331
c m p
User Login Tracking

User Login Tracking

Free | Site Security | A. S. M. Sadiqul Islam
3
Score:
96
3 reviews
This is a sample plugin, tracks user(s) login and Store IP address, time-stamp, username & user ID in database and also send email to admin. Gets IP address in better a way. You can enable or disable sending email(enabled by default). You can enable Or disable tracking supper user's login (disabled by default). *This plugin has been created for Joomla version 2.5 but also has been enabled for version 3.0 or higher (tested on 2.5.11 & 3.2.2).
p
CUpdater

CUpdater

Free | Site Security | compojoom
3
Score:
96
3 reviews
CUpdater is a system plugin that will notify you with a mail if there is a joomla or 3rd party extension (only for extensions that have provided an update server) update available. Features: - intelligent update check - not slowing down your server - choose the user-group to receive email - custom email address field - choose at what interval to make the updates - receive emails even if no updates are found developed by compojoom
p
Pre Registration Email Validation

Pre Registration Email Validation

Free | Site Security | Function90
3
Score:
96
2 reviews
Pre-Registration Email Validation plugin allows your users to validate their email id before registration. It will reduce the SPAM at your site and also reduce the possibility in typo in email address. You don't have to perform more than two step, just install and enable the plugin. How it works :- An extra button and text field will be shown for sending and entering validation code. User need to click on "Send Code" after filling email id. User will receive an email containing Validation Code. User need to enter that validation code in the text field, and than click on Submit button. It supports core Joomla! registration and JomSocial registration as well. Advantage :- It will reduce the AUTO SPAM for registration to zero. User has to enter valid email id. If that was spammer then it will not make entry in user table unless he validate that entry by entering code. It works on client side as well as on server side. You are not required to enable Email Activation functionality. User will not make any type mistake in email id while registration. No need to worry about newsletter bounce. If spam entries are not in the user table then no need to apply filter on sending emails and newsletter. It will keeps your user table clean.
p
Fail2Ban

Fail2Ban

Free | Site Security | mediahof
3
Score:
96
2 reviews
This System-Plugin is listing on the Joomla Event onUserLoginFailure and create a log entry with the php function error_log. "error_log" also forward errors to apache error log, so fail2ban was triggered.
p
RSFirewall!

RSFirewall!

Paid download | Site Security | RSJoomla!
3
Score:
95
108 reviews
Keep your website safe RSFirewall! is the most advanced Joomla! security extension, developed by us at RSJoomla!, that you can use to protect your Joomla! website from intrusions and hacker attacks. It's backed up by a team of experts that are trained to be always up to date with the latest known vulnerabilities and security updates, making RSFirewall! the best choice in keeping your website safe. Specs » Compatible with Joomla! 3.x Highlights » Backend Password - Add an extra layer of security by typing in a password before logging in the administration! » Blacklist - Block unwanted (single or multiple using wildcards ..., CIDR notation and ranges) IP addresses. » IPv6 support » Whitelist - Bypass protections for selected IPs. » Stop brute-force login attempts - Capture login attempts (as well as incorrect passwords). » Malware database - Detects obfuscated, encoded as well as potentially dangerous files (eg. base64encode, eval, gzinflate, pregreplace /e) » Automatically drop dangerous files when they're uploaded - such as .php, .js, .exe, .com, .bat, .cmd » Disable the creation of new Administrators » Protects selected Administrators from any changes - including password change! » Log all security events and send messages to specified email address(es) » Powerful exception system - Disable protections based on User Agent, URL or component (regular expressions allowed). » Database Check - Optimize & repair your database tables. » Display CAPTCHA in the administration section after a predefined number of failed login attempts. Active Protections » Country blocking - Allows you to select which countries have access to your Joomla! website (also blocks anonymous proxies). Based on GeoIP Lite Country database. » Local file inclusion (LFI) » Remote file inclusion (RFI) » SQL injection (SQLi) » HTML, Javascript and CSS filtering (XSS) » Denial of Service (DoS) - Block unwanted User Agents » Automatic blacklist » Actively scans POST and GET variables. » Keeps an eye on sensitive Joomla! files and alerts you if they are changed. System Check » Check for the latest Joomla! & RSFirewall! versions. » Provides suggestions on how to tighten your PHP & Joomla! configuration. » Scan Joomla! core files for integrity. » Scan files and folders for common permission errors. » Scan files for common malware.
c m p
Encrypt configuration

Encrypt configuration

Free | Site Security | Ratmil
3
Score:
95
39 reviews
Unless you use SSL, a user logs into Joomla sending his password in plain text across the network. A malicious user could take advantage of this vulnerability and can have access to the back-end. This plugin is an alternative to SSL. It uses RSA to encrypt passwords or any other data you want in your component. It is necessary to have the bcmath extension Works with Signal Login, JTP Horizontal Login, PWC Login, Inline Login and vtj login modules. For other Joomla extensions, like Alpha Registration, Community Builder, Core Design Login Module, Yoo Login, YJ Pop Login Module you can find plugins at http://www.ratmilwebsolutions.com/downloads/encryption-plugins.html. No need to set up. Just install it and install the required plugins.
c p
Eyesite

Eyesite

Free | Site Security | Les Arbres Design
3
Score:
95
7 reviews
Eyesite keeps an eye on your website, alerting you by email if any files, anywhere in the directory structure are added, changed, or deleted. Eyesite scans your directory structures, storing the details of every file in a database table. The details stored include the file date/time, size, and md5 checksum of the file. Every time Eyesite re-scans the directory structure, it re-calculates the md5 checksum of each file, and compares it to the one stored in the database. Eyesite is then able to detect any files in the directory tree that are new, changed, or deleted. If any changes are detected, Eyesite sends you an email. With Eyesite, you can scan your site manually from the admin interface, or get the plugin to scan your site automatically at regular intervals. We sleep better at night knowing that Eyesite will tell us if anyone gets into any of our websites - and we'll know exactly which files were tampered with, so we can fix the problem fast. The main status screen of Eyesite tels you which files have been added, changed, or deleted. The History screen shows the history of all past scans and administrative actions. In Auto-Accept mode, Eyesite maintains a full and detailed history of all changes to the files on your website with no manual intervention required. Eyesite now works on https sites.
c
Securitycheck

Securitycheck

Free | Site Security | Texpaok
3
Score:
94
32 reviews
Securitycheck is a medium protection suite. This version includes: A modular interface to manage the entire extension quickly and easily. Web Firewall The web firewall has been tested against more than 90 SQL, LFI and XSS attacks patterns, and includes the following features: IPv6 supported. Blacklist. Whitelist. Events recording, which can be viewed by admins from backend. Redirection to a default page if an attack is detected. Second level protection to find suspect words. Session protection File Manager You can check file/folder permissions and easily view misconfigured configurations. .Htaccess protection Want to hide your backend url? Add a secret key to your admin page to prevent dictionary and brute force attacks. Vulnerabilities checking Securitycheck performs a check of the versions of all the components of your Joomla installation, comparing them with its database to show if there are vulnerable extensions. Forget individually test of every component to avoid vulnerabilities: Securitycheck does it for you. Remote Management Manage the extension remotelly from a centralized console. Akeeba Live Update integration We have included this feature to easily manage and update new releases. ++ Please, read the user guide before install the extension.
c p