- Site Security

Alarm System

Alarm System

Free | Site Security | Conflate
3
Score:
86
2 reviews
The new version is now also available for Joomla 2.5! And has user specific PIN codes! With the Alarm System extension for Joomla, an extra layer of security is added right after a user logs into the administrator. After a successful login, the user is presented with a PIN screen to disable the alarm system. When a user enters the correct PIN, the alarm will be disabled. When a user enters too many incorrect PINs, or doesn't provide the correct PIN within the given time frame, the alarm system will be triggered. When the alarm goes off, be default the user will be logged out. If configured, a new log entry will be added to track which users have triggered the alarm system. For now this extension offers pretty basic functions only. We are open for your suggestions and tips to improve and expand. Please share your ideas at our forum or leave a review and tell us what you like about it and what is still missing! Suggestion forum page: https://www.joomla-specialist.net/forum/general/feedback/suggestion-about-joomla-alarm-system.html Alarm System configurable options: General options Under general options you can enable the alarm and configure the settings. You can choose how many seconds a user is granted to disable the alarm system and how many incorrect PIN numbers are accepted before the alarm is triggered. By default the system allows users 30 seconds and 3 incorrect PIN entries. PIN settings You can select the source of correct PIN codes. You can select to use a System wide PIN, which means all users will have to enter the same PIN. You can also select to use user specific PIN codes. This allows every user to have it's own PIN code. The user PIN codes are managed by an admin with enabled access to edit PIN codes. These rights are configured in the component options. Alarm trigger settings Here you can specify if you want a user to be logged out upon triggering the alarm. Logging There is also a logging system for tracking what happens with the alarm. The system can log if an incorrect PIN is entered, if a correct PIN is entered (alarm disabled) or if the alarm is triggered. It also tries to gather additional information, such as which user has caused an event, and which incorrect PIN was entered User specific PIN codes From the control panel there is an option for User PIN codes. Here you can specify for each user if they should have the system wide PIN, or a specific user PIN. So you could have a couple of users with a specific PIN code, while the rest is using the system wide PIN code. If the system cannot find a specific PIN code for a user, it will fall back to the system wide PIN. For that reason it's recommended to always set a system wide PIN code. What else? The Alarm System also supports subsystems to configure your own actions in case of alarm system events. You can create and install your own Joomla plugin handling responses when the alarm is triggered and or successfully disabled. We ha
c m p
Login Notifier

Login Notifier

Free | Site Security | Yusuf Uygun
3
Score:
85
4 reviews
Login Notifier will send a mail whenever someone logs in to the Joomla Backend and/or Frontend. There is actually nothing more to say.
p
FPC - Force Password Complexity

FPC - Force Password Complexity

Free | Site Security | Viktor Vogel
3
Score:
84
4 reviews
With Force Password Complexity strong passwords are enforced based on individual rules! The system plugin checks the user passwords using defined security patterns and rejects weak passwords. In this way FPC ensures stronger security of the whole system. The execution of the plugin and the checks of the passwords can be set completely customized to ensure an own standard of security. Features Force secure, good passwords with individual rules Set precise execution rules: Execution in front- and / or backend Restrict to specific user groups Restriction with warning notice for unselected groups possible Check the type of users - only new, existing or all users Individual checks for secure passwords: Minimum length of passwords Minimum size of the entropy of passwords Forbid parts of the name and the e-mail address Maximum number same and same consecutive characters Force character types: uppercase / lowercase letters, numbers and special characters Plugin is small and fast, doesn't need a big framework Fast, clean code Languages: English and German Download Joomla! 3.x - http://joomla-extensions.kubik-rubik.de/downloads/fpc-force-password-complexity/joomla-3 Support The extension is completely free, but you need a subscription for support: http://joomla-extensions.kubik-rubik.de/subscription
p
Bot-Trap

Bot-Trap

Free | Site Security | LUCiDdev
3
Score:
76
4 reviews
A Plugin for Joomla 3.x which includes the Bot-Trap-Script against Spam from bot-trap.de into your Joomla installation. For the correct function of the plugin you'll need the script from bot-trap.de, which you can get there after a registration and introduction on the forum (Forum in German). The plugin can also include a black- and/or a whitelist. With these lists you are able to write own blocking or annihilation rules to extend or overwrite the rules of the script. Please extract the archive first. In there is a readme.txt with installation instructions, a JPG image with the parameters of the plugin and two templates for the black- and the whitelist. V1.3 - Update server added
p
EasyCAPTCHA_efence

EasyCAPTCHA_efence

Free | Site Security | Brij Mohan
3
Score:
76
2 reviews
efence can do the following for you: 1. Protection against spam and malicious bots that can harm your web resources: efence is an alternative to CAPTCHA which protects your website against spam and makes it fun for the user to solve challenges. It presents an interactive picture based challenge for the users giving them a break from typing those boring twisted characters. It brings in the fun factor while avoiding the serious spam. Moreover it's an ideal spam protection tool for handheld devices. Just ask your users about what they like doing on their mobile or tablet, typing those twisted characters or just touch, tap and slide. The answer would be exactly what efence offers. 2. Guaranteed user engagement with your valued digital advertising and marketing materials: In case of a traditional CAPTCHA, when the user fights with those ugly looking twisted monsters, all that precious time and attention gets wasted with no benefit at all. efence empowers you to capitalize on this precious time and effort. What do you get ? dedicated eyeballs, guaranteed user engagement. This is done by providing great control and flexibility in creating your own branding images for guaranteed engagement. To place your branding images for free, please contact us at support@engageclick.com This is an official efence plugin which lets you embed efence at the most critical places on your website without editing any files. It takes only a few minutes to install and configure the plugin, in order to unleash the immense power of efence. Significant features   - Receive guaranteed attention to your in-house or external digital marketing contents   - Spam protection by an innovative "Captcha" alternative   - Places a customizable spam protection mechanism on your site - customize colors, shape, size and other attributes.   - Audio aid for visually impaired   - Category based customizable challenge options.   - Customer engagement using your own branding images.   - Powerful analytics to understand customer behavior.   - Works in all the browsers (including IE6!).   - Secure channel option for information security.   - Non-blocking, high-performance code. Sign up for efence - http://efence.engageclick.com Take an online demo to get an idea of how efence works as a powerful Captcha alternative ensuring customer engagement. Go Premium If you have custom requirements and need support package, we have an dedicated awesome team that delivers quality customization and support Visit official plugin homepage at http://efence.engageclick.com/selfservice-2/plugin/joomla.
m p
CWD Easy Captcha

CWD Easy Captcha

Free | Site Security | Cations Web Dev
3
Score:
76
2 reviews
CWD simple captcha CWD simple captcha works with Joomla and any other extensions that are compatible with Joomla captcha plugin system. It provides you to: Change captcha image background color Change captcha text color Change difficulty lines color
p
OSpam-a-not

OSpam-a-not

Free | Site Security | Joomlashack
3
Score:
76
2 reviews
OSpam-a-not is the easiest way to protect your site from spam. OSpam-a-not uses two unobtrusive techniques to protect your forms from a flood of spam. First, OSpam-a-not uses a Time Gate. This is a hidden timestamp that records how long it took to fill in a form. If the form was submitted more quickly than humanly possible, we can block the submission. Second, OSpam-a-not uses a Honey Pot. A text field is added to the form and hidden by adding a style tag at the end of the document head tag. It isn't visible to a human user, but a spambot doesn't see that and fills in the field anyway. If we find anything at all in that field when the form is submitted, we've caught a spambot in the honey pot! And the form is blocked.
p
JR Captcha

JR Captcha

Free | Site Security | JoomlaRoad
3
Score:
76
2 reviews
Captcha for Joomla core and custom forms.Inserts captcha in registration,contact,reset password, remind username forms on enabling this plugin.To add captcha in custom forms without changing any existing codes or admin settings, follow the steps mentioned below. Just have to follow 3 steps for core forms. 1.install the plugin 2.publish the plugin 3.choose JRCaptcha on global configuration Integration with All Joomla Forms.
p
Perfect Dashboard

Perfect Dashboard

Free | Site Security | Perfect Dashboard
3
Score:
73
2 reviews
Perfect Dashboard - the one tool you will ever need to manage all websites efficiently. Protect your brand reputation Save 50% of time spent on updates Manage more websites & increase your income Automatic backups Genuine test engine for backups, updates and upgrades Security - keep your website safe from hackers and malware Make the internet a safer place Genuine Test Engine Let’s face it. Updates or ugprades often cause display errors. Testing website manually can be very time consuming. With our Genuine Test Engine you can be more efficient. Perfect Dashboard will perform website test for you and point out where are possible display errors. Genuine Test Engine analyses all changes in website layout, but also checks if all Social & SEO Tags are still in place. And it works with every website in the Internet. To be perfectly secure we are performing backup of your site (we also test integrity of this backup to see if everything is really fine) Automated Backup Verification in Cloud You don’t have a backup unless you know you can use it for website restoration. Restoring every website copy and checking it’s integrity is boring and takes ages. But we want you to be able to concentrate on more important tasks. That’s why we give one-click backup that start a chain of actions which includes coping website, remote restoration, integrity testing and storing backup at chosen storage location. And that’s it. Custom Changes Detector (coming soon) Editing CMS core files is a bad practice & editing extensions code is not recommended. At times, the website's security may be compromised because of that. You are also likely to include additional backups of your files because of that. But there are cases in which it’s difficult to customize website to client’s needs without it. That’s why Perfect Dashboard comes with a Custom Changes Detector. It scans entire code for any modifications. Thanks to that you don’t need to remember yourself to copy these parts of the code to the updated website code. What is more, we provide resources on how to implement these modifications along with good practices, to save you time the next time you will do update or upgrade. Not Limited to Joomla Perfect Dashboard is not limited to any particular CMS. In fact, it has been crafted to work best with Joomla & WordPress (with backups, upgrades and updates included), but you can use Genuine Test Engine with every website in the Internet. Thanks to that you are not limited to any particular technology. Whatever your choice will be, Perfect Dashboard will be there to make your work more efficient. Automated TO DO list Managing multiple websites in a time efficient manner requires excellent organization. Perfect Dashboard helps you boost your efficiency and security. Everyday we check your websites and create a personalized TO DO list for you with all the tasks you need to perform to keep websites you manage secure and safe from hackers and malware. You are one click away from performing backups, updates, upgrades and tests for all your websites. Remote Development Environments (coming soon) Don’t want to update or ugprade live websites? No problem. With Perfect Dashboard you can create a development environment in our cloud and perform an update or ugprade with just one click. We will make a backup of your site and send it to a remote server. Then you can review test results, optionally correct some display errors and publish a new version with just another one click. Git Integration (coming soon) Perfect Dashboard can fit into any workflow. With git integration you can easily include it into any staging process you have. This way, you can enjoy the benefits of Perfect Dashboard without having to change the way your work is organized. Why people use Perfect Dashboard? 80% of websites are susceptible to hacking as their software is not updated or upgraded regularly plus they do not perform regular backups. Perfect Dashboard is a solution to this problem. It’s the one place you will ever need to manage all websites efficiently. It’s designed to work with WordPress and Joomla, but you can use it with every website. It effectively scratches website's security off your list. To protect brand reputation Hackers are getting clever. Getting access to a vulnerable website is just a first step for them. Then, they use this website to infect unprotected computers of people who visit it. Imagine the consequences when it’s revealed that it was your website that had spread malware to others. Regular website updates, upgrades and backups are the easiest way to shield yourself from that risk. Make your website's security your top priority! Every website should be updated Both WordPress and Joomla are great tools to build beautiful, feature-rich websites in an efficient way. But that’s not their main advantage. The best part is that because they are so popular, their security is tested on a daily basis. And every month there is a security fix release. That is why Joomla and WordPress are considered much safer than any custom CMS solution. However, this is true only if the website software is regularly updated / upgraded and the backups are regularly performed. Otherwise, the website becomes vulnerable to hacking and malware. Updating is boring Everybody knows it. First, you need to backup and restore it to check if it’s ok. Then you need to install updates one by one. After that, you need to check if nothing got broken during the update / upgrade and the website is working normally. And finally you have to fix possible display errors. And it gets more complicated if you do not want to perform an update or an upgrade on a live website. Top security can be really tedious. To save 50% time spent on updates But updating doesn’t have to be this way. Imagine a tool that does the backup and automatically restores it remotely. Then it installs all the updates and upgrades and tests the website for you, pointing out potential errors you should fix. All with just one click. And this tool has a name. It’s Perfect Dashboard. To manage more websites & increase income With Perfect Dashboard, every web developer can become a professional website maintenance provider and offer management services and top security at compelling prices. This turns one-time clients into a recurring source of income. Branded reports, that can be generated from Perfect Dashboard, help to show what actions has been undertaken and make a great attachment to a monthly invoice. To make the Internet a safer place But it’s not only about the money. It’s about making the Internet a safer place. It’s about how decision makers see Joomla and WordPress. Right now, their reputation is tarnished as, according to recent research, every minute some outdated WordPress/Joomla website is being hacked and malware is being installed on them. Typically they do not have any backup or if they do have one it is outdated. We want to change this and prove that a regularly updated Joomla or WordPress is far more secure than most custom CMS. But we need your help. Together we can accomplish this goal and prove that a CMS security we are working with is rock solid. How to update Joomla 1.5 and 2.5 with Perfect Dashboard Officially, Perfect Dashboard supports Joomla 3.x only. However, here’s a trick how to use Perfect Dashboard test engine with older Joomla versions. 1. Do the backup using third party plugin/tool (Akeeba Backup recommended) 2. Add your website as “other” on Perfect Dashboard 3. Generate test 4. Update / upgrade your website manually from admin panel 5. Go back again to Perfect Dashboard and run test 6. Review the test results and fix the bugs, if needed And it's all done! For now, using Perfect Dashboard with older Joomla versions, lets you to save time while testing. However, we plan to support Joomla 1.5 and 2.5 (including backups, updates and upgrades) in the nearest future.
c
Spam Protect Factory

Spam Protect Factory

Free | Site Security | thePHPfactory
3
Score:
73
2 reviews
It reads the login form before it is submitted to Joomla! and takes appropriate action based on its configuration, so it can reject a registration altogether, allowing the user to register but blocking his account immediately, or it can allow the user to register normally. Key Features StopForumSpam integration (biggest internet spammer database currently available) Manual filters for registration form (IP, domain, keyword, country) Multiple actions against spammers (block, allow, reject) Redirects rejected users to a custom URL User groups permissions Standards Multi-language support, UTF-8 support, comes default with English INI language files SEO/SEF friendly Easy transition to RTL Simple installation, configuration and updating process Main Settings Enable and set up StopForumSpam filtering (number of occurrences needed on the StopForumSpam (blacklist in order to flag a user) Set the action taken against a flagged user (block, allow, reject) Set the location to redirect the user upon being rejected Enable and add manual filters accordingly (IPs, domains, keywords, countries) Manage permission settings for user groups (configure access and administrator interface access) Backend Management Dashboard containing recent spammers and a configuration overview Logs containing various information regarding blocked and/or rejected users (IP, email, action, etc.) Requirements Joomla! 3.x MySQL (min. 5.1 + ) cURL, GD2 libraries enabled FURTHER DETAILED INFORMATION IS AVAILABLE ON THE PRODUCT HOMEPAGE!
c p
yKhoon Block Failed Login

yKhoon Block Failed Login

Paid download | Site Security | YK Lim
3
Score:
73
1 review
yKhoon Block Failed Login is an extension that will automatically blocked your visitor IP Address or user account when your visitor exceeded certain number of failure login. When your visitor are blocked, they cannot browse or access your web site for a certain period of time. After that, the extension will automatically unblock your visitor IP Address or user account. The extension will not only protect your front-end (visitor area), it will also protect your back-end (admin area). This will improve your web site security since it will prevent brute-force login attempt on you web site. The extension will create a log that contain some information such as date, time, visitor IP Address, login attempt on front-end or back-end, and etc, so that you take further action based on the log file. Changes: Compatible with PHP 7. Main Features: Automatically block an IP Address or user name after a specific number of failure login within a period of time. Automatically unblock an IP Address or user name after a specific period of time. If a failure login attempt is after a specific period of time, it will consider that failure login as first attempt and will block the IP Address or username after a specific number of failure login within a new period of time. Set the number of failure login attempt before block an IP Address or username. Set the time limit, and when certain number of failure login reached within this period of time, the IP Address or username will be block. Set specific period of block time for front-end failure login. This apply for IP Address or user name that has been blocked by the front-end login module. Set specific period of block time for back-end failure login. This apply for IP Address or user name that has been blocked by the back-end login module. Prevent the blocked IP Address or username from browsing the website(front-end or back-end) until the system unblocked the IP address. Create a log file with useful information every time when a failure login detected or when a blocked IP Address or username try to browse your website. Choose whether to block IP Address or user name. Failed Login Manager to manages to blocked IP Address or user name. Unblock an IP Address or user name before the blocked time end. Successfully checked as XHTML 1.0 Transitional and validates as CSS Level 3 using W3C Markup Validation Service and W3C CSS Validation Service. Support Integrated Product Update System for checking and download latest version of the product. Display the blocked user name error message within or outside the web site. Set the block time for front-end login and back-end login in minutes, hours, days, and months.
c p
CMS Security

CMS Security

Free | Site Security | cms-security
3
Score:
73
1 review
CMS-Scurity Component is a stunning Security & Firewall extensions which does not only looks good but also provide security options for your website! Every modern website needs a Firewall which will protect the sensitive data and users with advanced firewall mechanisms. Advanced and stunning looking dashboard with informative security and firewall options. Simple check lists will help you find security and firewall issues on your website and quickly sort them out with a single click! Our extension provide you informative website security firewall informations including: - Informative Dashboard - Social media information - Security and firewall checks - Administrator tasks - Website checks options - File and Folder permissions - Black and White IP's with search options. - Emergency shutdown ..and much more.
c p
PWD-GEN J! - Password Generator J!

PWD-GEN J! - Password Generator J!

Free | Site Security | Viktor Vogel
3
Score:
73
1 review
Password Generator J! is a small, fast generator for passwords (with Easy and Safe Mode). Features Length of passwords (max. 20) Capital letters Lower-case letters Numbers Special characters Multiple passwords per generation process (max. 30) Easy mode - noticeable passwords Safe Mode - secure passwords Languages - English / German Download Joomla! 3.x - http://joomla-extensions.kubik-rubik.de/downloads/pwd-gen-j-password-generator/joomla-3 Support The extension is completely free, but you need a subscription for support: http://joomla-extensions.kubik-rubik.de/subscription
m
qlcaptcha

qlcaptcha

Free | Site Security | Mareike Riegel
3
Score:
73
1 review
This captcha plugin generates a customizable captcha. Font size, font colour, number of chards are customizable. It is a standalone plugin, so no further code/Id is needed.
p
TZ Guard

TZ Guard

Free | Site Security | TemPlaza
3
Score:
73
1 review
This is a simple plugin which will help you to security your site. The administrator will be protected by a security code. Furthermore you can define a blacklist IP to refuse connection from spam ip and block the BOT system to access your site.
p
Aimy Captcha-Less Form Guard

Aimy Captcha-Less Form Guard

Free | Site Security | Aimy Extensions
3
Score:
73
1 review
Keep your forms spam free with user friendly Captcha alternatives. The system plugin uses well known anti-spam tests that do not require user action. This way you can protect your website from spam bots with methods that are better for website usability and accessability than Captchas. Aimy Captcha-Less Form Guard is easy to use and configure: Enable the plugin, configure your preferred methods and select Aimy Captcha-Less Form Guard in Joomla's global configuration dialog as default Captcha.
p
JProiCaptcha

JProiCaptcha

Paid download | Site Security | JPro Extensions
3
Score:
70
5 reviews
JProiCaptcha is a user friendly secure Captcha plugin for Joomla! 3. It's Joomla! R3ADY! JProiCaptcha, allows you to protect your Joomla! 3+ forms from spammers and bots. When enabled, it renders automatically on all Joomla! system forms - user registration, password reminder, password reset, and contact forms. With just a few lines of code, it can be set to work on any form and avoid spamming and bots to submit your website forms undesirably. JProiCaptcha is a unique and proprietary JPro Extensions system plugin, initially developed to work with the JProEasyContact module, and now available to be used site wide and the new 3.0.5 version allows non bootstrapped templates to also use JProiCaptcha on Joomla! 3. JProiCaptcha is packed with several options that can be set on your Joomla! 3 back-end and with extra security layers for validation, to allow safe contacts to be sent. Now also compatible with Joomla! 3 templates that don't load the bootstrap framework and customizable buttons and with almost all configurations possible.
p
OSE Secure™

OSE Secure™

Free | Site Security | Open Source Excellence
3
Score:
68
4 reviews
OSE Secure™ plugin a plugin that performs basic anti-hacking functions for your Joomla! CMS. It supports * 1. Basic SQL Injection Scanning * 2. Basic PHP Injection Scanning * 3. Basic Remote File Inclusion (RFI) Scannning * 4. Basic Local File Inclusion (LFI) Scannning * 5. Basic Malicious User Agent Scannning * 6. Basic DoS Scannning * 7. Basic Javascript Injection Scanning * 8. Requires a Secure Key to access Joomla Backend * 9. Advanced Feature: Activate OSE Anti-Hacker if you have OSE Anti-Hacker installed System Requirement: * PHP 5.0 or above * Joomla! 1.5 or Joomla! 1.6
p