- Site Security

jSecure

jSecure

Paid download | Site Security | JSP Team
3
Score:
93
40 reviews
jSecure Authentication is a security component which enables multi layered security protection to your Joomla website. Drawback: Joomla has one drawback, any web user can easily know the site is created in Joomla! by typing the URL to access the administration area (i.e. www.site name.com/administration). This makes hackers hack the site easily once they crack id and password for Joomla!. Information: jSecure Authentication module prevents access to administration (back end) login page without appropriate access key. Easy to install, jSecure adds a higher level of security to your Joomla website. Features : 1) Google Re-Captcha Security - jSecure Google recaptcha feature provides secure authentication to Joomla administrator system. jSecure Google reCAPTCHA feature protects your joomla administrator access from spam attacks. It does this while letting your valid users pass through with ease. 2) Secure Image Authentication - Secure Image Authentication function adds a second layer security of user authentication to your joomla administrator system. Secure image authentication matches the MD5 hash value of uploaded image with the stored image . 3) Spam IP Protection - This is a very useful online security feature. Spam IP Protection feature blocks the access of spammers to your joomla administrator system. Spam IP protection uses spam protection api to identify the spam IP and block them thereby protecting your website. 4) Country Block - Using Country Block feature website owners can block countries from where their website's joomla administrator section is attacked most. 5) Change Database Prefix - Changing the database table prefix is an easy way for an attacker to destroy your website. Our change db prefix functionality prevents hackers from damaging the database by changing its prefix. 6) WHOIS Lookup Tool - Using WHOIS Lookup tool website administrator can find out the domain’s name servers (DNS) information used for service 7) Email Scan - This feature allows website owners to blacklist spam email address in joomla administrator. During user registration on frontend these email ids are matched with the one saved in database. If it matches user is blocked from registering on frontend. 8) Multiple User keys - Using this feature a user can set multiple secret keys to different groups. Multiple secret keys can be set to different groups whom you wish to grant access to your joomla! backend without sharing your master passkey. Multiple User Keys feature is an important user authentication feature. 9) Form Based Authentication - Form based authentication is a first layer of user authentication security which allows a user to enter a secret key in a form instead of a url. 10) Auto Ban I.P Address - Auto Ban IP feature is used to block a specific IP address. This is an important website security protection feature which helps your website from spammers attack. 11) Component Security - Restrict access to other components installed on your site by setting passwords for them. 12) Access Graph feature - Detailed graph to show successful & unsuccessful login attempts on your site administration. 13) Master Password Protection - You can block access of jSecure component to other users. Setting to "Yes", allows you to create a password that will be required when any administrator tries to access the jSecure configuration settings in the Joomla administration area. 14) Master Login Control - Login control feature restrict multiple users from logging into the site using same username and password. 15) Admin Password Protection - Added password protection to add extra security layer over the administrator folder using htaccess and htpassword. 16) Assigning Black Listed IP’s and White Listed IP's - Bans an IP automatically after some specific attempts for a particular time period from accessing the admin area. jSecure Authentication 3.0 has a range of improvements including: 3.5(19-Dec-2016): Note : Only for joomla! version 3.x Change Database Prefix Country Block for website's frontend Whois Lookup New Dashboard 3.4(1-Feb-2016): Note : Only for joomla! version 3.x Country Block feature Minor bug fixes 3.3(14-Oct-2015): Note : Only for joomla! version 3.x Email Scan during user registration Minor bug fixes 3.2(02-Feb-2015): Note : Only for joomla! version 2.5.x and 3.x A. Google Re-Captcha B. Secure Image Authentication C. Spam IP Protection 3.1(18-Sep-2014): Note : Only for joomla! version 2.5.x and 3.x A.Multiple Userkeys Assign multiple userkeys to different users whom you wish to grant access to your joomla! backend without sharing your master passkey. B.Form Based Authentication Changed the look & feel of form based authentication page. 3.0.3(29-May-2014): Fixed the Resource not found (404) console error for the file jsecure.css in jSecure login form. 3.0.2(23-Jul-2013): A. Auto Ban I.P Address Auto Ban IP Feature. Blacklist vulnerable IP addresses automatically. B. Manage IP's With this feature you can simply add/remove Blacklisted IP's from "View Log". 3.0.1(12-Mar-2013): A. Secure Components Now with jSecure you can password protect installed components in admin area. B. Access Graph Graphical representation of correct v/s wrong access for different segments of time. 3.0 (19-Dec-2012): Added Security Features: A. Master Password: You can block access to the jSecure component from other administrator. Setting to "Yes", allows you to create a password that will be required when any administrator tries to access the jSecure configuration settings in the Joomla administration area. If you do not enter a master password, the default password will be "jSecure". Provides options to include particular sections of the component in master password. B. Master Login Control: Login control to restrict multiple users from logging into the site using same username and password. C. Admin Password Protection: Added password protection to add extra security layer over the administrator folder using htaccess and htpassword. D. Directory Listing: Directory listing to show list of all files and folders with their permissions on the site. Added Tools: A. Black Listed/ White Listed IP's: Now range of IPs can be black listed or white listed by using format '192...'. Warning !!! Use of '...*' is not permitted. !!! B. Meta Tag Controller: Meta tag controller to override metadata of Joomla. C. Purge Sessions: Using this option will cleanup session of all logged-in users and they let logged-out. * Improved backend presentation * Improved support on our forum Change Logs: Change Log for (J2.5, J3.0) 2.1.10(8-Nov-2012): Included option to manage the permission settings for the user groups. Change Log for (J3.0): 2.1.10(3-Oct-2012): Imp
c p
DataSafe PRO

DataSafe PRO

Free | Site Security | Barnaby Dixon
3
Score:
93
22 reviews
DataSafe Pro is professional database backup. It generates a snapshot of your full Joomla database, which allows you to quickly revert your content, whenever you want. It's ideal for creating a quick backup before you start any changes to your website. And to restore your Joomla database from a backup it's easy. Either select a DataSafe backup stored online, or upload a backup stored on your local computer using the DataSafe Pro interface. A DataSafe Pro backup contains all your database information, so if your system goes down, you make a mistake in configuration, or you want to roll back your system to an earlier time, just select a backup and restore it using the DataSafe Pro interface. If you can't access your Joomla administrator panel, you can also restore your DataSafe backup using PHPMyAdmin (or similar) which is installed on every server. Just use a DataSafe Pro backup stored on your local computer, or if your administrator area is unavailable, use FTP to download a backup stored online. Each DataSafe Pro backup is compressed using gzip; your database is automatically repaired and optimized during backup to maintain perfect performance, and every backup is instantly emailed to you so you have an offline copy. Each backup is also stored securely online, ready for you to restore whenever you like. And if you'd like to automate the process to create a backup every hour, day or week - it's easy, with the purchase of an optional license that allows you to automate backups across all your Joomla systems for one single low price. Try DataSafe Pro backup for yourself today, and get database backups you can depend on.
c p
Two Factor Authentication

Two Factor Authentication

Free | Site Security | Ready Bytes
3
Score:
93
14 reviews
Two Factor Authentication (TFA) is a 100% Open Source, free to use security system for your Joomla site’s backend. Two Factor Authentication works in collaboration with the Google’s famous Authenticator App. Installing this app adds an extra layer of security in addition to the Joomla’s login system (front-end as well as back-end). If anybody gains your admin or site member's login credentials and try to attempt login then another module of Two factor Authentication will pop up instantly and it will ask for a unique Time-based One-Time Password (TOTP) which will be generated only on your Cellphone via Google's Authenticator App. So, this new layer will add up to the strength of the security at your end. Two Factor Authenticator secures the signing in process using 2 constants- + Something you know i.e. your site’s backend password. + Something you have i.e. your mobile phone (to generate the one time code). Know more >> http://www.readybytes.net/blog/item/two-factor-authentication-for-joomla.html Main Key Features are:- 1. Two Step Authentication Setup with Google Authenticator. 2. Verify with a Barcode. 3. Verify with a Account Name and Secret-Key. 4. Backup Codes Available 5. Logging in with Two Step Authentication. New Features (in version 2.0):- Available for backend as well as frontend login. End User Configurable: The admin can enable the plugin for all his users and now the users will be able to choose whether to use the security feature or not.
p
Captcha by Ideal

Captcha by Ideal

Paid download | Site Security | Ideal Extensions
3
Score:
93
7 reviews
Important: This plugin ONLY works with Contact Enhanced [1], Ajax Recommend [2] Ajax Contact [3] and iRecommend [4]. Multiple CAPTCHA Engine is a system plugin to produce and verify captcha images. With this new version, you will get 4 different captcha systems (libraries): SecurImage PHP library (requires GD image Library), ReCAPTCHA (requires an API key from recaptcha.net); MathGuard, simple but effective. VouchSafe, a New Spam prevention approach. (only compatible with Contact Enhanced and iRecommend) [1] - http://ideal.fok.com.br/joomla-extensions/component-contact-enhanced.html [2] - http://ideal.fok.com.br/joomla-extensions/module-ajax-recommend.html [3] - http://ideal.fok.com.br/joomla-extensions/module-ajax-contact.html [4] - http://ideal.fok.com.br/joomla-extensions/component-irecommend.html
p e
AskMyAdmin

AskMyAdmin

Free | Site Security | Denis Mokhin
3
Score:
93
5 reviews
AskMyAdmin prevent login to back-end of site till entering correct key=value pair. This is an extended version of plg_backendtoken plugin. Main idea of this plug-in - to prevent login to administrator's panel by using standard URL. It will hide your admin part of site.
p
yKhoon Advanced Lock Account

yKhoon Advanced Lock Account

Paid download | Site Security | YK Lim
3
Score:
93
1 review
yKhoon Lock Account Advanced Edition (previously known as yKhoon Advanced Lock Account) is an extension that lock your visitor user account when there is multiple log in using the same account. When your visitor user account is locked, the extension will send the visitor a notification email based on the email address provided during registration. The notification email which contain all essential information will enable the visitor to reactivate his/her user account successfully. In case of something unpredictable happen, the administrator can manually reactivate the locked user account. yKhoon Lock Account Advanced Edition provides a method that will easily unlock the user account with a few clicks of button. A log file will be created when a user account is locked and when the administrator manually reactivate a locked user account. Information such as date, time, and the user account involved will be stored at the log file. This will enable the administrator to take further action if needed Changes: Compatible with PHP 7. Main Features: Lock an user account when multiple login is detected. The extension will not allow locked user account to log in until the locked user account is unlocked. Notify the user about his/her locked account and activation link via email. Added a method which allow the user to unlock his/her account. The reactivation link send to the user will have one time access only. The extension will automatically log out all user which use the same user account to login to the web site when the account is reactivated. Joomla! Administration (back-end) is immune to the functionality of this extension. Super Administration or Super Users is immune to the functionality of this extension. Tested compatible with Community Builder. Using AJAX to validate the input data. (Advanced Edition only) Added a feature for manually reactivate locked user account from back-end. (Advanced Edition only) Less setting is needed to setup the extension. (Advanced Edition only) Able to change the notification email content, sender email address, sender name, and email subject. (Advanced Edition only) Able to change the error messages that will shown when a user account is locked and when the locked user account want to access the web site. (Advanced Edition only) Able to prevent user from using old password as new password when reactivate the user account. (Advanced Edition only) Added Carbon Copy and Blind Carbon Copy on notification email. (Advanced Edition only)
c p
JHacker Watch

JHacker Watch

Free | Site Security | Innato BV
3
Score:
93
1 review
A plug-in that continuously monitors your Joomla! install and analyses whether critical user account details have been changed or directories and files have either been modified, added or are not part of a standard Joomla! install. It therefore provides an additional line of defense against website hacking attempts. The plug-in slows down repeated back-end log-in attempts to make brute force attacks frustratingly ineffective. Includes an optional Remote Monitoring service. The plug-in does NOT prevent hacking attempts and cannot guarantee that your website will never be hacked, but it counteracts certain unusual activities and - most importantly - notifies the site administrator(s) of these activities, thus making sure that hack attempts will not go unnoticed and providing more specific information for the website administrator(s) to remediate these. A non-expiring free trial edition is available, but if you want the 'real thing', you should get yourself the Standard or Business edition, which provide better protection and have more options. These editions include, for example, an extended option to autoremove files that are not part of a standard Joomla! install. Compatible with PHP 7. The download link also provides access to the J2.5 version.
p
DMC Firewall Professional

DMC Firewall Professional

Paid download | Site Security | Dean Marshall Consultancy Ltd
3
Score:
93
1 review
DMC Firewall aids in the protection of a Joomla powered website. By default Joomla gives a 403 Forbidden message but allows the 'hacker' to keep trying multiple times - with DMC Firewall we block these attempts and ban the IP address of the 'hacker' within the websites '.htaccess' or 'web.config' file. DMC Firewall Pro increases your websites protection by blocking 'Bat Bot' attempts - preventing your website from being taken down. You can also: * Change your database's table prefix * Change your Super Administrator ID * Password protect your 'administrator' folder * Perform a Health Check on your website and server * Easily take a backup from within the control panel area (requires Akeeba Backup) * Receive 'break-down' emails listing what DMC Firewall has banned over a set period of time Along with the main DMC Firewall component, we also install an 'authentication' plugin that adds additional protection for all login modules (admin area and front end). This module prevents brute force login attempts by 'banning' any attempt before they get the chance to perform multiple login attempts. 'Site Scanner' Before the content of your website is output to the visitors browser, this plugin scans through the HTML looking for any 'bad content' (cialis, viagra, payday loans etc). If any bad content is found, an email is sent to the web-master informing them of the page that the bad content was found on so they can take appropriate action where necessary.
c m p
EXP PassField

EXP PassField

Free | Site Security | Grusha
3
Score:
93
1 review
EXP PassField is a javascript that simplifies creation of sophisticated password fields. *** Version 1.2 *** Add warning tells you all of the rules
p
JR SecurImage

JR SecurImage

Paid download | Site Security | JoomlaRoad
3
Score:
93
1 review
Features HTML5 audio Customizable code length, character sets, and Unicode support TTF font support Easily add background images Several security features such as image distortion, random lines, and noise Flash button to stream audible codes in WAV format Ability to use a word list Case sensitive option for added security Display alphanumeric captchas, mathematical captchas, or a multi word captcha Highly customizable!
p
Centrora Security

Centrora Security

Free | Site Security | Centrora Security
3
Score:
92
24 reviews
**Centrora Security **is a new plugin that modified from OSE Firewall Security. A Joomla Firewall Security to protect your Joomla Sites from attacks and hacking. The built-in Malware and Security Scanner helps you identify any security risks, malicious codes, spam, virus, SQL injection, and security vulnerabilities. - New features in v6.0.0 - * Git Backup: Maximizing the power of Git version control system to backup your website so you keep track of any changes and roll back at any restore point - Freshly refurbished UI brings both new themes and better user experience. - New MD5 Hash Scanner, Core Directories Scanner and Modified Files Scanner are incorporated, resulting in enhanced processing capacity and efficiency. - Anti Malware is replaced by a new Dynamic Scanner, which embraces extended virus signature and is at least 50% faster. - New Vulnerability Scanner and File Permission Scanner are included to help identify system loopholes. - Backup now becomes more user-friendly, with easier procedures for up- and downloads. Previous Reviews: Please note this is a new version of OSE Anti-Hacker, for more reviews, please see this page: http://extensions.joomla.org/extension/ose-anti-hacker-for-joomla Customer Support: If you need help in using Centrora Security™ plugin, save time by starting your support request online and we'll connect you to a security analyst or even the senior security consultant. Click here for help. Security Firewall: AntiSpam: utilizing blacklisting IPs from Stop Forum Spam. AntiVirus: virus scanning that scans through your site for malware and variants that are known security threats, heuristics of backdoors, trojans, suspicious code and other security issues. IP Mangement: manage ip by allow, block and track IP that access to your site Security Check: malicious user agent blocks hundreds of bad bots while ensuring open-access for normal traffic. Security Check: detect directory traversal that consists in exploiting insufficient security validation/sanitization of user-supplied input file names. Security Check: javascript injection for any traffic including automated bots that constitutes security threats of injecting malicious javascript into your files. Security Check: direct file inclusion for any traffic including automated bots that constitutes security threats of including files on a server through the web browser. Security Check: remote file inclusion for any traffic including automated bots that constitutes security threats of exploiting "dynamic file include" mechanisms in web applications. Security Check: database SQL injection for any traffic traffic including automated bots that constitutes security threats of attacking data driven applications, in which malicious SQL statements are inserted into an entry field for execution. Security Check: DoS Attacks where automated bots constituting flooding attacks to your website. Report security threats to defined owner or security analysts System Requirements PHP 5.1.0 or above MySQL 5.0 or above PHP Data Objects enabled (it is activated by default as of PHP 5.1.0, please contact your hosting to enable it if it is disabled. Reference: http://www.php.net/manual/en/pdo.installation.php
c p
n3t Seznam Captcha

n3t Seznam Captcha

Free | Site Security | Pavel Poles
3
Score:
92
8 reviews
Simple text CAPTCHA with optional audio form, spelled in Czech language. Additional protection by checking online spam databases. This plugin wraps the seznam.cz Captcha API. Additional protection by checking online spam databases and blacklists could be activated in the configuration. Currently StopForumSpam, BotScout, SpamHaus, Sorbs, SpamCop and project HoneyPot are supported. There is also possibility to manually enter IP blacklist and/or whitelist.
p
Spam Protect Factory

Spam Protect Factory

Free | Site Security | thePHPfactory
3
Score:
91
2 reviews
It reads the login form before it is submitted to Joomla! and takes appropriate action based on its configuration, so it can reject a registration altogether, allowing the user to register but blocking his account immediately, or it can allow the user to register normally. Key Features StopForumSpam integration (biggest internet spammer database currently available) Manual filters for registration form (IP, domain, keyword, country) Multiple actions against spammers (block, allow, reject) Redirects rejected users to a custom URL User groups permissions Standards Multi-language support, UTF-8 support, comes default with English INI language files SEO/SEF friendly Easy transition to RTL Simple installation, configuration and updating process Main Settings Enable and set up StopForumSpam filtering (number of occurrences needed on the StopForumSpam (blacklist in order to flag a user) Set the action taken against a flagged user (block, allow, reject) Set the location to redirect the user upon being rejected Enable and add manual filters accordingly (IPs, domains, keywords, countries) Manage permission settings for user groups (configure access and administrator interface access) Backend Management Dashboard containing recent spammers and a configuration overview Logs containing various information regarding blocked and/or rejected users (IP, email, action, etc.) Requirements Joomla! 3.x MySQL (min. 5.1 + ) cURL, GD2 libraries enabled FURTHER DETAILED INFORMATION IS AVAILABLE ON THE PRODUCT HOMEPAGE!
c p
Saxum IPLogger

Saxum IPLogger

Free | Site Security | Laszlo Szabo
3
Score:
89
12 reviews
This is a simple extension which helps to log the IP-addresses of the registered user when they log in into the site. The purpose of the component is to help to detect unauthorized access. The log can be seen on a report. The component makes statistics about the location of users (country and city) estimated from their IP-addresses. To this the extension uses GeoLite data created by MaxMind, available from www.maxmind.com. You should inform your visitors in the terms of service of your site about the collection of data. Changelog: v4.0 -overwritten for Joomla! 3 v3.1 - block IP addresses - list of IP addresses not to log - sending email about unauthorized use of usernames - data export to csv - opportunity to upload datafile manually - refresh or reidentify false geolocation - fixed ACL related bug - fixed pagination and sorting bug on Statistics screen v3.0 -compatibility with 1.6+ -more filter options on Report screen v2.0 - new plugin to log every unique pageviews - compatibility with PHP safe mode (thanks to Chris Coleman - espacenetworks.com) - statistics with different grouping: by user and IP-address - modified date format (can be set at parameters) - 'check for new version' option
c p
DMC Firewall

DMC Firewall

Free | Site Security | Dean Marshall Consultancy Ltd
3
Score:
87
7 reviews
DMC Firewall aids in the protection of a Joomla powered website. By default Joomla gives a 403 Forbidden message but allows the 'hacker' to keep trying multiple times - with DMC Firewall we block these attempts and ban the IP address of the 'hacker' within the websites '.htaccess' or 'web.config' file. DMC Firewall Core also includes a number of 'Bad Bots' that get banned from accessing your website, preventing your website from being taken down. You can also: * Perform a Health Check on your website and server * Easily take a backup from within the control panel area (requires Akeeba Backup) * Receive 'break-down' emails listing what DMC Firewall has banned over a set period of time 'Site Scanner' Before the content of your website is output to the visitors browser, this plugin scans through the HTML looking for any 'bad content' (cialis, viagra, payday loans etc). If any bad content is found, an email is sent to the web-master informing them of the page that the bad content was found on so they can take appropriate action where necessary.
c m p
OSE Secure™

OSE Secure™

Free | Site Security | Open Source Excellence
3
Score:
86
6 reviews
OSE Secure™ plugin a plugin that performs basic anti-hacking functions for your Joomla! CMS. It supports * 1. Basic SQL Injection Scanning * 2. Basic PHP Injection Scanning * 3. Basic Remote File Inclusion (RFI) Scannning * 4. Basic Local File Inclusion (LFI) Scannning * 5. Basic Malicious User Agent Scannning * 6. Basic DoS Scannning * 7. Basic Javascript Injection Scanning * 8. Requires a Secure Key to access Joomla Backend * 9. Advanced Feature: Activate OSE Anti-Hacker if you have OSE Anti-Hacker installed System Requirement: * PHP 5.0 or above * Joomla! 1.5 or Joomla! 1.6
p
Password Control

Password Control

Free | Site Security | G S Chapman
3
Score:
86
3 reviews
The Password Control system plugin enforces password changes upon registered site users. The change can be enforced for the initial (first) connection only, and/or for periodic changing. Optionally the users can be redirected back to the home page when a password change is enforced. There is the ability to define 'exempt' users, i.e. users for whom the administrator does not want to enforce password changing. The password entered by the user is checked against the previous user passwords (number is site defined) to ensure that it is changed and that the user is not reusing a password again, or just pressing the submit button without providing a new password. One can also specify the password criteria, and incorporates an optional password generator to create passwords meeting the specified criteria. New options also allow the forcing of a user to change their initial email address on initial login. This is suitable for use on e-commerce (Virtuemart) sites where a preassigned email address has been allocated to a user and it is desirable that they change it.
p
Login Notifier

Login Notifier

Free | Site Security | Yusuf Uygun
3
Score:
85
4 reviews
Login Notifier will send a mail whenever someone logs in to the Joomla Backend and/or Frontend. There is actually nothing more to say.
p