- Site Security

OSOLCaptcha

OSOLCaptcha

Free | Site Security | Sreekanth Dayanand
3
Score:
93
113 reviews
Captcha for joomla core and custom forms.Inserts captcha in registration,contact,reset password, remind username forms on enabling this plugin.To add captcha in custom forms without changing any existing codes or admin settings, follow the steps mentioned below. Just have to follow 3 steps for core forms. 1.install the plugin 2.publish the plugin . 3.Check the 5 forms(mentioned above). OSOLCaptcha Version 2 and above developed for joomla 2.5 and 3 uses regexp and AJAX verification .if the captcha doesnt appear in any of the core forms, you need to edit osolCaptcha/coreForms.php and update the regexp for the particular form based on the template you are using. ---Important step for Custom forms/Non core Joomla forms--- If you are familiar with regexp ,you could add OSOLCaptcha for any forms.For this you need to add a file in 'osolCaptcha/nonCoreForms' folder.you can check 'virtuemart.php' to see how to set regexp for any non core form. PS: Inorder to have this plugin insert captcha ,the form should have an id or name and a submit button inside 'form' tag.Though by default it usually will have,I am explicitly mentioning it because I have seen users developing custom forms and template overrides without name or id attribute and compalining that the captcha oesnt work there. It is recommended that this be done by coders or with their help though installing and publishing the plugin could be done by anyone(which in turn will add the captcha to the core forms mentioned above) Further there is a layer of backend spam protection with the help of botscout api which could prevent even human spams to an extend.We reccomend you to enable this as well. Currently there are 2 limitations for this plugin 1.If the html part is customized for comuser,modlogin or com_contact,it may not work.Since this is aimed for non techy joomla users it wont affect them as they dont edit any files.However if there is a template override with form id/name change and submit button tag change you should edit plugins/system/osolcaptcha/osolCaptcha/coreForms.php and change the 2 variables for that form properly 'formId' => 'tagToPlaceCaptchaBefore' => Enabling auto add for modlogin(not available from version 2.0 onwards) is subject to conditions and is disabled by default.if you enable it, make sure that it is in a unique position ,position must be any of these('left','right','top','user2','user3') .The position occupied by modlogin should not contain any other modules I have included a link to the download page of this plugin with the captcha image.You are free to remove it,though I will be happy to have that link with the captcha image :) This is my first extension to JED.Any suggestions and help on improving this plugin will be much appreciated PS:Please check the technical requirements section and FAQs section in the download page of the plugin,first if you are having any issues with the plugin AJAX verification
p
Captcha by Ideal

Captcha by Ideal

Paid download | Site Security | Ideal Extensions
3
Score:
93
7 reviews
Important: This plugin ONLY works with Contact Enhanced [1], Ajax Recommend [2] Ajax Contact [3] and iRecommend [4]. Multiple CAPTCHA Engine is a system plugin to produce and verify captcha images. With this new version, you will get 4 different captcha systems (libraries): SecurImage PHP library (requires GD image Library), ReCAPTCHA (requires an API key from recaptcha.net); MathGuard, simple but effective. VouchSafe, a New Spam prevention approach. (only compatible with Contact Enhanced and iRecommend) [1] - http://ideal.fok.com.br/joomla-extensions/component-contact-enhanced.html [2] - http://ideal.fok.com.br/joomla-extensions/module-ajax-recommend.html [3] - http://ideal.fok.com.br/joomla-extensions/module-ajax-contact.html [4] - http://ideal.fok.com.br/joomla-extensions/component-irecommend.html
p e
HashCash

HashCash

Free | Site Security | Michael Richey
3
Score:
93
1 review
Finally, a captcha you can't read...wait...that's not what I meant... This is the captcha you don't even need to see. Everyone knows the annoyance caused by captchas that are unreadable. HashCash is a different kind of validation. Unlike other captcha solutions, HashCash doesn't rely on 3rd party services or resources - and it doesn't require anything from your users other than a JavaScript enabled browser. No mangled words to decipher, no math problems to solve, no photos to match - nothing but arrival on a form page. Originally proposed by Adam Beck in 1997, HashCash requires a form to include the solution to a complex calculation. The calculation is so complex (it takes hundreds or even thousands of attempts to solve it) that any human or bot attempting to abuse your forms will spend so much processor time solving the calculation that it wouldn't be profitable to continue attacking your forms! The server receives the result and can easily and quickly test it in 1 calculation - either it's right and your user continues or it's wrong and the form submission fails. The best part is, HashCash is invisible (you can't read it - or even see it) and it happens in the background without user interaction! Your users arrive at the form and the HashCash calculation is automatically executed. Any bot attempting to submit your form without completing the calculation is rejected, and the calculation changes every time the form is submitted. Configuration is simple. Open the plugin and choose the difficulty level. The predefined minimum (1) and maximum (4) levels prevent calculations that are too simple or too difficult to complete in an acceptable amount of time.
p
Authentication Logger

Authentication Logger

Free | Site Security | Marco Beierer
3
Score:
93
1 review
An authentication logger for Joomla 2.5 and 3. Logged Events - User login - User login failure - User logout - User logout failure - Password change (not yet implemented) - Forget password (not yet implemented) - Forgot username (not yet implemented) Which data is logged? - Time - Severity - Action - Username - Details - User IP Features - Log rotation: The plugin creates a new logfile every day.
p
CMS Security

CMS Security

Free | Site Security | cms-security
3
Score:
93
1 review
CMS-Scurity Component is a stunning Security & Firewall extensions which does not only looks good but also provide security options for your website! Every modern website needs a Firewall which will protect the sensitive data and users with advanced firewall mechanisms. Advanced and stunning looking dashboard with informative security and firewall options. Simple check lists will help you find security and firewall issues on your website and quickly sort them out with a single click! Our extension provide you informative website security firewall informations including: - Informative Dashboard - Social media information - Security and firewall checks - Administrator tasks - Website checks options - File and Folder permissions - Black and White IP's with search options. - Emergency shutdown ..and much more.
c p
yKhoon Advanced Lock Account

yKhoon Advanced Lock Account

Paid download | Site Security | YK Lim
3
Score:
93
1 review
yKhoon Lock Account Advanced Edition (previously known as yKhoon Advanced Lock Account) is an extension that lock your visitor user account when there is multiple log in using the same account. When your visitor user account is locked, the extension will send the visitor a notification email based on the email address provided during registration. The notification email which contain all essential information will enable the visitor to reactivate his/her user account successfully. In case of something unpredictable happen, the administrator can manually reactivate the locked user account. yKhoon Lock Account Advanced Edition provides a method that will easily unlock the user account with a few clicks of button. A log file will be created when a user account is locked and when the administrator manually reactivate a locked user account. Information such as date, time, and the user account involved will be stored at the log file. This will enable the administrator to take further action if needed Changes: Compatible with PHP 7. Main Features: Lock an user account when multiple login is detected. The extension will not allow locked user account to log in until the locked user account is unlocked. Notify the user about his/her locked account and activation link via email. Added a method which allow the user to unlock his/her account. The reactivation link send to the user will have one time access only. The extension will automatically log out all user which use the same user account to login to the web site when the account is reactivated. Joomla! Administration (back-end) is immune to the functionality of this extension. Super Administration or Super Users is immune to the functionality of this extension. Tested compatible with Community Builder. Using AJAX to validate the input data. (Advanced Edition only) Added a feature for manually reactivate locked user account from back-end. (Advanced Edition only) Less setting is needed to setup the extension. (Advanced Edition only) Able to change the notification email content, sender email address, sender name, and email subject. (Advanced Edition only) Able to change the error messages that will shown when a user account is locked and when the locked user account want to access the web site. (Advanced Edition only) Able to prevent user from using old password as new password when reactivate the user account. (Advanced Edition only) Added Carbon Copy and Blind Carbon Copy on notification email. (Advanced Edition only)
c p
JHacker Watch

JHacker Watch

Free | Site Security | Innato BV
3
Score:
93
1 review
A plug-in that continuously monitors your Joomla! install and analyses whether critical user account details have been changed or directories and files have either been modified, added or are not part of a standard Joomla! install. It therefore provides an additional line of defense against website hacking attempts. The plug-in slows down repeated back-end log-in attempts to make brute force attacks frustratingly ineffective. Includes an optional Remote Monitoring service. The plug-in does NOT prevent hacking attempts and cannot guarantee that your website will never be hacked, but it counteracts certain unusual activities and - most importantly - notifies the site administrator(s) of these activities, thus making sure that hack attempts will not go unnoticed and providing more specific information for the website administrator(s) to remediate these. A non-expiring free trial edition is available, but if you want the 'real thing', you should get yourself the Standard or Business edition, which provide better protection and have more options. These editions include, for example, an extended option to autoremove files that are not part of a standard Joomla! install. Compatible with PHP 7. The download link also provides access to the J2.5 version.
p
DMC Firewall Professional

DMC Firewall Professional

Paid download | Site Security | Dean Marshall Consultancy Ltd
3
Score:
93
1 review
DMC Firewall aids in the protection of a Joomla powered website. By default Joomla gives a 403 Forbidden message but allows the 'hacker' to keep trying multiple times - with DMC Firewall we block these attempts and ban the IP address of the 'hacker' within the websites '.htaccess' or 'web.config' file. DMC Firewall Pro increases your websites protection by blocking 'Bat Bot' attempts - preventing your website from being taken down. You can also: * Change your database's table prefix * Change your Super Administrator ID * Password protect your 'administrator' folder * Perform a Health Check on your website and server * Easily take a backup from within the control panel area (requires Akeeba Backup) * Receive 'break-down' emails listing what DMC Firewall has banned over a set period of time Along with the main DMC Firewall component, we also install an 'authentication' plugin that adds additional protection for all login modules (admin area and front end). This module prevents brute force login attempts by 'banning' any attempt before they get the chance to perform multiple login attempts. 'Site Scanner' Before the content of your website is output to the visitors browser, this plugin scans through the HTML looking for any 'bad content' (cialis, viagra, payday loans etc). If any bad content is found, an email is sent to the web-master informing them of the page that the bad content was found on so they can take appropriate action where necessary.
c m p
PWD-GEN J! - Password Generator J!

PWD-GEN J! - Password Generator J!

Free | Site Security | Viktor Vogel
3
Score:
93
1 review
Password Generator J! is a small, fast generator for passwords (with Easy and Safe Mode). Features Length of passwords (max. 20) Capital letters Lower-case letters Numbers Special characters Multiple passwords per generation process (max. 30) Easy mode - noticeable passwords Safe Mode - secure passwords Languages - English / German Download Joomla! 3.x - http://joomla-extensions.kubik-rubik.de/downloads/pwd-gen-j-password-generator/joomla-3 Support The extension is completely free, but you need a subscription for support: http://joomla-extensions.kubik-rubik.de/subscription
m
EXP PassField

EXP PassField

Free | Site Security | Grusha
3
Score:
93
1 review
EXP PassField is a javascript that simplifies creation of sophisticated password fields. *** Version 1.2 *** Add warning tells you all of the rules
p
qlcaptcha

qlcaptcha

Free | Site Security | Mareike Riegel
3
Score:
93
1 review
This captcha plugin generates a customizable captcha. Font size, font colour, number of chards are customizable. It is a standalone plugin, so no further code/Id is needed.
p
Macrotone JAudit

Macrotone JAudit

Free | Site Security | G S Chapman
3
Score:
93
1 review
Macrotone Joomla Audit is a support system component, that provides details of changes made upon the underlying database tables. This tool creates 'change history' / 'audit' records upon selected table field changes, chosen by the Joomla administrator. It does not make any changes to the Joomla core code since all changes are 'captured' by underlying database triggers upon the tables. The component both creates and removes the triggers upon the component settings. The current version runs only upon MySQL databases and required that the Joomla connection user has the 'TRIGGER' privilege granted within the MySQL database. NOTE: Not all hosting providers grant their clients this particular privilege, in which situation the component will give a message upon installation and the installation will fail. Uninstalling the component will remove all trace of the component as well as removing the database triggers created by the component. Features: No core Joomla core modifications required. Independent of any other installed component. Captured change data is language independent. Back end access only. No front end connectivity. Leverage's the strength of the underlying MySQL database features. Monitors INSERT, UPDATE and DELETE data changes. Ability to download change records for local post processing. Simple but powerful.
c
User - StaticPassword

User - StaticPassword

Free | Site Security | Michael Richey
3
Score:
93
1 review
Prevent one or more user groups from changing their passwords! Enforce static passwords for selected groups. A similar extension exists for J1.5, but since it hadn't been updated - I created a 2.5 compatible version. Usage is simple - enable the plugin after selecting which user groups will be prevented from password changes. When saved, the users in those groups will not be presented with the password fields when editing their account details. Additionally, it prevents submission of passwords (just in case someone decides to submit the password field values anyway by hacking the form). 4/26/2012 - Joomla 1.6/1.7 availability and support withdrawn. All of my extensions are free and none of my extensions display advertisements or links to my sites or services. If you feel that I have blessed you, then you can bless me by making a contribution to fund future development. Visit the "Website" link to make a contribution.
p
Aimy Captcha-Less Form Guard

Aimy Captcha-Less Form Guard

Free | Site Security | Aimy Extensions
3
Score:
93
1 review
Keep your forms spam free with user friendly Captcha alternatives. The system plugin uses well known anti-spam tests that do not require user action. This way you can protect your website from spam bots with methods that are better for website usability and accessability than Captchas. Aimy Captcha-Less Form Guard is easy to use and configure: Enable the plugin, configure your preferred methods and select Aimy Captcha-Less Form Guard in Joomla's global configuration dialog as default Captcha.
p
JR SecurImage

JR SecurImage

Paid download | Site Security | JoomlaRoad
3
Score:
93
1 review
Features HTML5 audio Customizable code length, character sets, and Unicode support TTF font support Easily add background images Several security features such as image distortion, random lines, and noise Flash button to stream audible codes in WAV format Ability to use a word list Case sensitive option for added security Display alphanumeric captchas, mathematical captchas, or a multi word captcha Highly customizable!
p
Login Notifier

Login Notifier

Free | Site Security | Yusuf Uygun
3
Score:
92
4 reviews
Login Notifier will send a mail whenever someone logs in to the Joomla Backend and/or Frontend. There is actually nothing more to say.
p
Spam Protect Factory

Spam Protect Factory

Free | Site Security | thePHPfactory
3
Score:
91
2 reviews
It reads the login form before it is submitted to Joomla! and takes appropriate action based on its configuration, so it can reject a registration altogether, allowing the user to register but blocking his account immediately, or it can allow the user to register normally. Key Features StopForumSpam integration (biggest internet spammer database currently available) Manual filters for registration form (IP, domain, keyword, country) Multiple actions against spammers (block, allow, reject) Redirects rejected users to a custom URL User groups permissions Standards Multi-language support, UTF-8 support, comes default with English INI language files SEO/SEF friendly Easy transition to RTL Simple installation, configuration and updating process Main Settings Enable and set up StopForumSpam filtering (number of occurrences needed on the StopForumSpam (blacklist in order to flag a user) Set the action taken against a flagged user (block, allow, reject) Set the location to redirect the user upon being rejected Enable and add manual filters accordingly (IPs, domains, keywords, countries) Manage permission settings for user groups (configure access and administrator interface access) Backend Management Dashboard containing recent spammers and a configuration overview Logs containing various information regarding blocked and/or rejected users (IP, email, action, etc.) Requirements Joomla! 3.x MySQL (min. 5.1 + ) cURL, GD2 libraries enabled FURTHER DETAILED INFORMATION IS AVAILABLE ON THE PRODUCT HOMEPAGE!
c p
n3t Seznam Captcha

n3t Seznam Captcha

Free | Site Security | Pavel Poles
3
Score:
90
8 reviews
Simple text CAPTCHA with optional audio form, spelled in Czech language. Additional protection by checking online spam databases. This plugin wraps the seznam.cz Captcha API. Additional protection by checking online spam databases and blacklists could be activated in the configuration. Currently StopForumSpam, BotScout, SpamHaus, Sorbs, SpamCop and project HoneyPot are supported. There is also possibility to manually enter IP blacklist and/or whitelist.
p