- Site Security

ECC+ - EasyCalcCheck Plus

ECC+ - EasyCalcCheck Plus

Free | Site Security | Viktor Vogel
3
Score:
98
167 reviews
Protects Joomla! core forms and 3rd party extensions through the integration of anti-spam services and adds an arithmetic problem, a question, a hidden field and a time lock. With the powerful custom call feature every form can be protected in Joomla! with a special syntax. Integrated external antispam services: Google reCaptcha v2, Akismet, Honeypot Project, StopForumSpam, Mollom, Bot-Trap, Botscout Protects the backend via a token. Only with the right token, the administrator login site can be opened! Also included: SQL Injection and Local file Inclusion protection. Have fun and NO spam! :-) Download Joomla! 3 - https://joomla-extensions.kubik-rubik.de/downloads/ecc-easycalccheck-plus/joomla-3 Support The extension is completely free, but you need a subscription for support: https://joomla-extensions.kubik-rubik.de/subscription
p
Mail IP Address

Mail IP Address

Free | Site Security | Fiona Coulter
3
Score:
98
11 reviews
A simple plugin that mails the IP address of new user registrations to all users who are set to receive system emails. It also mails the name, username and email address. Usage: Install as normal using the Joomla installer. Remember to enable the plugin in the plugin manager. It will send emails to any user who is set to receive system emails, so if you don't get an email check you are set to receive them in the Joomla user manager. That's it. News Version 2.1.0 supports the Joomla updater Version 2 is now compatible with Joomla 3 as well as 2.5. It also includes a language file to make it easier to override the message text.
p
Kratos Anti Spam

Kratos Anti Spam

Paid download | Site Security | Claudiu Maftei
3
Score:
98
10 reviews
Kratos Anti Spam is a Joomla plugin, built to stop bots from sending spam through all website forms (i.e.: contact forms, VirtueMart ask a question, comments, etc.) CAPTCHA ALTERNATIVE -STOP SPAM -STOP HACKING -Don't require users to input captcha codes, or to answer questions -Invisible to the user -Block post resending/duplication -One click install -No conflicts with other extensions -No javascript conflicts -Protect front-end and/or backend -Protect when users logged in or logged out -Set custom error message -Set custom error redirect URL -Option to exclude protection on pages (i.e.: paypal payment notification request url) -Option to log hack attempts -Log modified files, usefull to monitor hacked files -Option to send log in email at specific time -Option to send log email on demand
p
Login One!

Login One!

Free | Site Security | Innato BV
3
Score:
98
7 reviews
A very popular and nifty plugin that prevents duplicate or multiple log-ins by the same user credentials, for both front-end and back-end. A wonderful and effective tool for websites that share or exchange potentially sensitive information amongst registered users. User must either sign off the first session, or wait until the first session has expired. Super administrators can always have multiple log-ins. There are two plugins that must be installed via the Joomla! back-end. See instructions in the download package. This freeware Trial version is very basic and for evaluation only. The Premium and Business editions are the 'real thing', with full frontend language support and additional options to allow multiple log-ins for specified groups and users. The Premium Edition is competitively priced and already miles more complete than the freeware version, but if you are running a professional website, you will never regret your purchase of the Business Edition. Compatible with Joomla! 3.8.12 and PHP 5.3 or later and PHP 7. The download link also provides access to the J2.5 version. A working live demo is on http://joomla3.innato.nl An instructional video is at the demo link
p
jSecure Lite

jSecure Lite

Free | Site Security | JSP Team
3
Score:
98
5 reviews
jSecure Lite for Joomla! Drawback: Joomla has one drawback, any web user can easily know if the site is created in Joomla! by typing the URL to access the administration area (i.e. www.sitename.com/administrator). This allows hackers to hack the site easily once they crack the id and password for Joomla!. The jSecure Lite component prevents access to the administration (back end) login page if the user does not use the appropriate access key. Easy to install, jSecure Lite adds a layer of security to your Joomla! website.
c p
Custom reCaptcha

Custom reCaptcha

Free | Site Security | Olivier Buisard
3
Score:
98
4 reviews
Custom reCaptcha is a plugin that gives you control over the look of Google's reCaptcha. It can replace the standard reCaptcha plugin packaged with Joomla! and adds solutions to make any version of the reCaptcha widget responsive. reCaptcha from Google is a 'one-size-fits-all-designs' widget that does not offer many possible styles. The purpose of this simple plugin is to give you access to the raw widget (version 1) and allow you to perform your own skinning. Version 2 of the Google widget is not skin-nable but the plugin attempts to render it responsive. Fully supports all versions of reCaptcha (version 1 without themes, no Captcha reCaptcha and invisible reCaptcha), Support for SSL and RTL pages, Adds noscript tags for users that have disabled scripts in their browser or have a browser that doesn't support javascript. More information at https://simplifyyourweb.com/free-products/custom-recaptcha
p
OSpam-a-not

OSpam-a-not

Free | Site Security | Joomlashack
3
Score:
98
4 reviews
OSpam-a-not is the easiest way to protect your Joomla site from spam bots filling out your forms. OSpam-a-not uses a clever and unobtrusive technique to protect your forms from a flood of spam. We created OSpam-a-not because we needed better Joomla spam prevention. We use OSPam-a-not ourselves, so we maintain it and update it regularly. Like all the other Joomlashack products, its is easy to use and set up. OSpam-a-not works immediateyl after install OSpam-a-not works without the need of any extra setup after install. However, you can enable the recording of spam attempts and set a minimum form time in case form submissions are blocked too quickly. Joomla spam prevention that simply works You don't need a captcha system. OSpam-a-not protects your forms against spam. How does OSpam-a-not's Joomla spam prevention work? OSpam-a-not uses a Time Gate. This is a hidden timestamp that records how long it took to fill in a form. If the form was submitted more quickly than humanly possible, we can block the submission. OSpam-a-not also uses a Honey Pot. A text field is added to the form and hidden by adding a style tag at the end of the document head tag. It isn't visible to a human user, but a spambot doesn't see that and fills in the field anyway. If we find anything at all in that field when the form is submitted, we've caught a spambot in the honey pot! And the form is blocked.
p
User Login Tracking

User Login Tracking

Free | Site Security | A. S. M. Sadiqul Islam
3
Score:
98
3 reviews
This is a sample plugin, tracks user(s) login and Store IP address, time-stamp, username & user ID in database and also send email to admin. Gets IP address in better a way. You can enable or disable sending email(enabled by default). You can enable Or disable tracking supper user's login (disabled by default). *This plugin has been created for Joomla version 2.5 but also has been enabled for version 3.0 or higher (tested on 2.5.11 & 3.2.2).
p
jGraphic Captcha Protection

jGraphic Captcha Protection

Free | Site Security | SafetyBis Ltd.
3
Score:
98
3 reviews
This plugin is good solution against spam on your website. jGraphic Captcha Protection is easy to setup and use. No extra hardware or complicated software to install. It protects your website against bots and spam software. Adds extra security for user registration page, lost password page. Possible to integrate into any Joomla template. jGraphic Captcha Protection is simple, but very powerful tool, what adds a higher level of security to your website. Main features: Easy to install, easy to use. Easy for human, complicated for robots. Prevents password brute force attack on login page. Prevents automatic new user registration on your website. Block spam software. Different levels of the security. Free support.
p
Two Factor Authentication

Two Factor Authentication

Free | Site Security | Ready Bytes
3
Score:
97
13 reviews
Two Factor Authentication (TFA) is a 100% Open Source, free to use security system for your Joomla site’s backend. Two Factor Authentication works in collaboration with the Google’s famous Authenticator App. Installing this app adds an extra layer of security in addition to the Joomla’s login system (front-end as well as back-end). If anybody gains your admin or site member's login credentials and try to attempt login then another module of Two factor Authentication will pop up instantly and it will ask for a unique Time-based One-Time Password (TOTP) which will be generated only on your Cellphone via Google's Authenticator App. So, this new layer will add up to the strength of the security at your end. Two Factor Authenticator secures the signing in process using 2 constants- + Something you know i.e. your site’s backend password. + Something you have i.e. your mobile phone (to generate the one time code). Know more >> http://www.readybytes.net/blog/item/two-factor-authentication-for-joomla.html Main Key Features are:- 1. Two Step Authentication Setup with Google Authenticator. 2. Verify with a Barcode. 3. Verify with a Account Name and Secret-Key. 4. Backup Codes Available 5. Logging in with Two Step Authentication. New Features (in version 2.0):- Available for backend as well as frontend login. End User Configurable: The admin can enable the plugin for all his users and now the users will be able to choose whether to use the security feature or not.
p
Pre Registration Email Validation

Pre Registration Email Validation

Free | Site Security | Function90
3
Score:
97
3 reviews
Pre-Registration Email Validation plugin allows your users to validate their email id before registration. It will reduce the SPAM at your site and also reduce the possibility in typo in email address. You don't have to perform more than two step, just install and enable the plugin. How it works :- An extra button and text field will be shown for sending and entering validation code. User need to click on "Send Code" after filling email id. User will receive an email containing Validation Code. User need to enter that validation code in the text field, and than click on Submit button. It supports core Joomla! registration and JomSocial registration as well. Advantage :- It will reduce the AUTO SPAM for registration to zero. User has to enter valid email id. If that was spammer then it will not make entry in user table unless he validate that entry by entering code. It works on client side as well as on server side. You are not required to enable Email Activation functionality. User will not make any type mistake in email id while registration. No need to worry about newsletter bounce. If spam entries are not in the user table then no need to apply filter on sending emails and newsletter. It will keeps your user table clean.
p
CUpdater

CUpdater

Free | Site Security | compojoom
3
Score:
97
3 reviews
CUpdater is a system plugin that will notify you with a mail if there is a joomla or 3rd party extension (only for extensions that have provided an update server) update available. Features: - intelligent update check - not slowing down your server - choose the user-group to receive email - custom email address field - choose at what interval to make the updates - receive emails even if no updates are found developed by compojoom
p
jSecure

jSecure

Paid download | Site Security | JSP Team
3
Score:
96
41 reviews
jSecure Authentication is a security component which enables multi layered security protection to your Joomla website. Drawback: Joomla has one drawback, any web user can easily know the site is created in Joomla! by typing the URL to access the administration area (i.e. www.site name.com/administration). This makes hackers hack the site easily once they crack id and password for Joomla!. Information: jSecure Authentication module prevents access to administration (back end) login page without appropriate access key. Easy to install, jSecure adds a higher level of security to your Joomla website. Features : 1) Google Re-Captcha Security - jSecure Google recaptcha feature provides secure authentication to Joomla administrator system. jSecure Google reCAPTCHA feature protects your joomla administrator access from spam attacks. It does this while letting your valid users pass through with ease. 2) Secure Image Authentication - Secure Image Authentication function adds a second layer security of user authentication to your joomla administrator system. Secure image authentication matches the MD5 hash value of uploaded image with the stored image . 3) Spam IP Protection - This is a very useful online security feature. Spam IP Protection feature blocks the access of spammers to your joomla administrator system. Spam IP protection uses spam protection api to identify the spam IP and block them thereby protecting your website. 4) Country Block - Using Country Block feature website owners can block countries from where their website's joomla administrator section is attacked most. 5) Change Database Prefix - Changing the database table prefix is an easy way for an attacker to destroy your website. Our change db prefix functionality prevents hackers from damaging the database by changing its prefix. 6) WHOIS Lookup Tool - Using WHOIS Lookup tool website administrator can find out the domain’s name servers (DNS) information used for service 7) Email Scan - This feature allows website owners to blacklist spam email address in joomla administrator. During user registration on frontend these email ids are matched with the one saved in database. If it matches user is blocked from registering on frontend. 8) Multiple User keys - Using this feature a user can set multiple secret keys to different groups. Multiple secret keys can be set to different groups whom you wish to grant access to your joomla! backend without sharing your master passkey. Multiple User Keys feature is an important user authentication feature. 9) Form Based Authentication - Form based authentication is a first layer of user authentication security which allows a user to enter a secret key in a form instead of a url. 10) Auto Ban I.P Address - Auto Ban IP feature is used to block a specific IP address. This is an important website security protection feature which helps your website from spammers attack. 11) Component Security - Restrict access to other components installed on your site by setting passwords for them. 12) Access Graph feature - Detailed graph to show successful & unsuccessful login attempts on your site administration. 13) Master Password Protection - You can block access of jSecure component to other users. Setting to "Yes", allows you to create a password that will be required when any administrator tries to access the jSecure configuration settings in the Joomla administration area. 14) Master Login Control - Login control feature restrict multiple users from logging into the site using same username and password. 15) Admin Password Protection - Added password protection to add extra security layer over the administrator folder using htaccess and htpassword. 16) Assigning Black Listed IP’s and White Listed IP's - Bans an IP automatically after some specific attempts for a particular time period from accessing the admin area. jSecure Authentication 3.0 has a range of improvements including: 3.5(19-Dec-2016): Note : Only for joomla! version 3.x Change Database Prefix Country Block for website's frontend Whois Lookup New Dashboard 3.4(1-Feb-2016): Note : Only for joomla! version 3.x Country Block feature Minor bug fixes 3.3(14-Oct-2015): Note : Only for joomla! version 3.x Email Scan during user registration Minor bug fixes 3.2(02-Feb-2015): Note : Only for joomla! version 2.5.x and 3.x A. Google Re-Captcha B. Secure Image Authentication C. Spam IP Protection 3.1(18-Sep-2014): Note : Only for joomla! version 2.5.x and 3.x A.Multiple Userkeys Assign multiple userkeys to different users whom you wish to grant access to your joomla! backend without sharing your master passkey. B.Form Based Authentication Changed the look & feel of form based authentication page. 3.0.3(29-May-2014): Fixed the Resource not found (404) console error for the file jsecure.css in jSecure login form. 3.0.2(23-Jul-2013): A. Auto Ban I.P Address Auto Ban IP Feature. Blacklist vulnerable IP addresses automatically. B. Manage IP's With this feature you can simply add/remove Blacklisted IP's from "View Log". 3.0.1(12-Mar-2013): A. Secure Components Now with jSecure you can password protect installed components in admin area. B. Access Graph Graphical representation of correct v/s wrong access for different segments of time. 3.0 (19-Dec-2012): Added Security Features: A. Master Password: You can block access to the jSecure component from other administrator. Setting to "Yes", allows you to create a password that will be required when any administrator tries to access the jSecure configuration settings in the Joomla administration area. If you do not enter a master password, the default password will be "jSecure". Provides options to include particular sections of the component in master password. B. Master Login Control: Login control to restrict multiple users from logging into the site using same username and password. C. Admin Password Protection: Added password protection to add extra security layer over the administrator folder using htaccess and htpassword. D. Directory Listing: Directory listing to show list of all files and folders with their permissions on the site. Added Tools: A. Black Listed/ White Listed IP's: Now range of IPs can be black listed or white listed by using format '192...'. Warning !!! Use of '...*' is not permitted. !!! B. Meta Tag Controller: Meta tag controller to override metadata of Joomla. C. Purge Sessions: Using this option will cleanup session of all logged-in users and they let logged-out. * Improved backend presentation * Improved support on our forum Change Logs: Change Log for (J2.5, J3.0) 2.1.10(8-Nov-2012): Included option to manage the permission settings for the user groups. Change Log for (J3.0): 2.1.10(3-Oct-2012): Imp
c p
Encrypt configuration

Encrypt configuration

Free | Site Security | Ratmil
3
Score:
95
38 reviews
Unless you use SSL, a user logs into Joomla sending his password in plain text across the network. A malicious user could take advantage of this vulnerability and can have access to the back-end. This plugin is an alternative to SSL. It uses RSA to encrypt passwords or any other data you want in your component. It is necessary to have the bcmath extension Works with Signal Login, JTP Horizontal Login, PWC Login, Inline Login and vtj login modules. For other Joomla extensions, like Alpha Registration, Community Builder, Core Design Login Module, Yoo Login, YJ Pop Login Module you can find plugins at http://www.ratmilwebsolutions.com/downloads/encryption-plugins.html. No need to set up. Just install it and install the required plugins.
c p
Captcha by Ideal

Captcha by Ideal

Paid download | Site Security | Ideal Extensions
3
Score:
94
7 reviews
Important: This plugin ONLY works with Contact Enhanced [1], Ajax Recommend [2] Ajax Contact [3] and iRecommend [4]. Multiple CAPTCHA Engine is a system plugin to produce and verify captcha images. With this new version, you will get 4 different captcha systems (libraries): SecurImage PHP library (requires GD image Library), ReCAPTCHA (requires an API key from recaptcha.net); MathGuard, simple but effective. VouchSafe, a New Spam prevention approach. (only compatible with Contact Enhanced and iRecommend) [1] - http://ideal.fok.com.br/joomla-extensions/component-contact-enhanced.html [2] - http://ideal.fok.com.br/joomla-extensions/module-ajax-recommend.html [3] - http://ideal.fok.com.br/joomla-extensions/module-ajax-contact.html [4] - http://ideal.fok.com.br/joomla-extensions/component-irecommend.html
p e
HashCash

HashCash

Free | Site Security | Michael Richey
3
Score:
94
1 review
Finally, a captcha you can't read...wait...that's not what I meant... This is the captcha you don't even need to see. Everyone knows the annoyance caused by captchas that are unreadable. HashCash is a different kind of validation. Unlike other captcha solutions, HashCash doesn't rely on 3rd party services or resources - and it doesn't require anything from your users other than a JavaScript enabled browser. No mangled words to decipher, no math problems to solve, no photos to match - nothing but arrival on a form page. Originally proposed by Adam Beck in 1997, HashCash requires a form to include the solution to a complex calculation. The calculation is so complex (it takes hundreds or even thousands of attempts to solve it) that any human or bot attempting to abuse your forms will spend so much processor time solving the calculation that it wouldn't be profitable to continue attacking your forms! The server receives the result and can easily and quickly test it in 1 calculation - either it's right and your user continues or it's wrong and the form submission fails. The best part is, HashCash is invisible (you can't read it - or even see it) and it happens in the background without user interaction! Your users arrive at the form and the HashCash calculation is automatically executed. Any bot attempting to submit your form without completing the calculation is rejected, and the calculation changes every time the form is submitted. Configuration is simple. Open the plugin and choose the difficulty level. The predefined minimum (1) and maximum (4) levels prevent calculations that are too simple or too difficult to complete in an acceptable amount of time.
p
CMS Security

CMS Security

Free | Site Security | cms-security
3
Score:
94
1 review
CMS-Scurity Component is a stunning Security & Firewall extensions which does not only looks good but also provide security options for your website! Every modern website needs a Firewall which will protect the sensitive data and users with advanced firewall mechanisms. Advanced and stunning looking dashboard with informative security and firewall options. Simple check lists will help you find security and firewall issues on your website and quickly sort them out with a single click! Our extension provide you informative website security firewall informations including: - Informative Dashboard - Social media information - Security and firewall checks - Administrator tasks - Website checks options - File and Folder permissions - Black and White IP's with search options. - Emergency shutdown ..and much more.
c p
yKhoon Advanced Lock Account

yKhoon Advanced Lock Account

Paid download | Site Security | YK Lim
3
Score:
94
1 review
yKhoon Lock Account Advanced Edition (previously known as yKhoon Advanced Lock Account) is an extension that lock your visitor user account when there is multiple log in using the same account. When your visitor user account is locked, the extension will send the visitor a notification email based on the email address provided during registration. The notification email which contain all essential information will enable the visitor to reactivate his/her user account successfully. In case of something unpredictable happen, the administrator can manually reactivate the locked user account. yKhoon Lock Account Advanced Edition provides a method that will easily unlock the user account with a few clicks of button. A log file will be created when a user account is locked and when the administrator manually reactivate a locked user account. Information such as date, time, and the user account involved will be stored at the log file. This will enable the administrator to take further action if needed Changes: Compatible with PHP 7. Main Features: Lock an user account when multiple login is detected. The extension will not allow locked user account to log in until the locked user account is unlocked. Notify the user about his/her locked account and activation link via email. Added a method which allow the user to unlock his/her account. The reactivation link send to the user will have one time access only. The extension will automatically log out all user which use the same user account to login to the web site when the account is reactivated. Joomla! Administration (back-end) is immune to the functionality of this extension. Super Administration or Super Users is immune to the functionality of this extension. Tested compatible with Community Builder. Using AJAX to validate the input data. (Advanced Edition only) Added a feature for manually reactivate locked user account from back-end. (Advanced Edition only) Less setting is needed to setup the extension. (Advanced Edition only) Able to change the notification email content, sender email address, sender name, and email subject. (Advanced Edition only) Able to change the error messages that will shown when a user account is locked and when the locked user account want to access the web site. (Advanced Edition only) Able to prevent user from using old password as new password when reactivate the user account. (Advanced Edition only) Added Carbon Copy and Blind Carbon Copy on notification email. (Advanced Edition only)
c p