- Site Security

n3t Seznam Captcha

n3t Seznam Captcha

Free | Site Security | Pavel Poles
3
Score:
90
8 reviews
Simple text CAPTCHA with optional audio form, spelled in Czech language. Additional protection by checking online spam databases. This plugin wraps the seznam.cz Captcha API. Additional protection by checking online spam databases and blacklists could be activated in the configuration. Currently StopForumSpam, BotScout, SpamHaus, Sorbs, SpamCop and project HoneyPot are supported. There is also possibility to manually enter IP blacklist and/or whitelist.
p
DMC Firewall

DMC Firewall

Free | Site Security | Dean Marshall Consultancy Ltd
3
Score:
90
8 reviews
DMC Firewall aids in the protection of a Joomla powered website. By default Joomla gives a 403 Forbidden message but allows the 'hacker' to keep trying multiple times - with DMC Firewall we block these attempts and ban the IP address of the 'hacker' within the websites '.htaccess' or 'web.config' file. DMC Firewall Core also includes a number of 'Bad Bots' that get banned from accessing your website, preventing your website from being taken down. You can also: * Perform a Health Check on your website and server * Easily take a backup from within the control panel area (requires Akeeba Backup) * Receive 'break-down' emails listing what DMC Firewall has banned over a set period of time 'Site Scanner' Before the content of your website is output to the visitors browser, this plugin scans through the HTML looking for any 'bad content' (cialis, viagra, payday loans etc). If any bad content is found, an email is sent to the web-master informing them of the page that the bad content was found on so they can take appropriate action where necessary.
c m p
AskMyAdmin

AskMyAdmin

Free | Site Security | Denis Mokhin
3 4 Alpha
Score:
90
5 reviews
AskMyAdmin prevent login to back-end of site till entering correct key=value pair. This is an extended version of plg_backendtoken plug-in. Main idea of this plug-in - to prevent login to administrator's panel by using standard URL. It will hide your admin part of site. Supported platforms Plug-in works on Joomla 3.x This plug-in is ready for Joomla 4 Alpha Supported languages English (en-GB) by Denis Mokhin Russian (ru-RU) by Denis Mokhin Italian (it-IT) by Marco Surian You can improve current translation or add new languages. Please visit transifex.com. Usage Download latest version of plug-in. Install plug-in, using Extensions - Extension Manager. Make base settings of plug-in, using Extensions - Plug-in Manager. Define your keyname Define your keyvalue Define URL for redirect Activate plug-in Example You have http://mysite.com site. Standard login to admin panel is http://mysite.com/administrator. When you install and activate AskMyAdmin plug-in for correct login you should use this link: http://mysite.com/administrator/?keyname=keyvalue Vote If you found this plugin useful, please post a reply. Thank you!
p
Login Notifier

Login Notifier

Free | Site Security | Yusuf Uygun
3
Score:
89
4 reviews
Login Notifier will send a mail whenever someone logs in to the Joomla Backend and/or Frontend. There is actually nothing more to say.
p
Centrora Security

Centrora Security

Free | Site Security | Centrora Security
3
Score:
88
25 reviews
**Centrora Security **is a new plugin that modified from OSE Firewall Security. A Joomla Firewall Security to protect your Joomla Sites from attacks and hacking. The built-in Malware and Security Scanner helps you identify any security risks, malicious codes, spam, virus, SQL injection, and security vulnerabilities. Improvements and New Features in Version 7 There have been some massive improvements in new version 7.0.0. The software now will be utilising high speed dedicated servers for the virus scanning and Backup. The classic backup will be discontinued from this version and is completely replaced by a more efficient and faster method - Git Backup. This tool performs about 2 times faster than the previous version and also provides an added benefit of 10 GB of cloud space to store your backups. The efficiency of scanners like MD5 Hash scanner, Core Directory scanner , Vulnerability scanner and Dynamic Virus scanner have been improved as well and they come with a revamped Used interface(UI). Additional details about the changes in the version are as follows: 1. Firewall Scanner Version 7 A new and advance firewall is released in this version. The goal of this firewall is to provide the faster scanning for requests and at the same time reducing down the database usage. The firewall version 7 includes features such as: better firewall performance; firewall logs statistics (shown in the form of graphs); Improved email alerts about attacks as well as daily/weekly firewall status report; easy to use start-up wizard; automatic background update of the firewall signature/rules [for premium users only]. 2. Improved GitBackup The gitBackup Function now uses mysql command line services to utilise the high speed database backup and rollback. The stability and speed of the backup and the rollback have been increased enormously (as compared to the previous version). It also supports large databases backups. Incorporated GitLab to allow users to enjoy more Cloud Backup space (from 2GB provided by BitBucket in the old version to 10 GB provided by GitLab). 3. Improved Firewall patterns and Virus Signature Update APIs to update patterns and signature have been improved to make it more efficient and more fault-tolerant, so that users can always have an updated version of firewall patterns and virus signatures. 4. MD5 Hash Scanner , Core Directory Scanner , Vulnerability Scanner and File Permission Scanner The scanners have been improved to be more efficient. Bugs and UI issues reported by clients have been fixed and included in this version. In addition, the UI has been re-built to have the better presentation of results. 5. Dynamic Virus Scanner Bug fixes for both the manual virus scanning and scheduled virus scanning are included. 6. Firewall Scanner Version 6 The old Firewall Version 6 is still retained to offer a smooth transition for existing users. Bugs have been fixed. 7. Removal of classic Backup The classic backup method will be discontinued from this versions and will be replaced by GitBackup. - New features in v6.0.0 - * Git Backup: Maximizing the power of Git version control system to backup your website so you keep track of any changes and roll back at any restore point - Freshly refurbished UI brings both new themes and better user experience. - New MD5 Hash Scanner, Core Directories Scanner and Modified Files Scanner are incorporated, resulting in enhanced processing capacity and efficiency. - Anti Malware is replaced by a new Dynamic Scanner, which embraces extended virus signature and is at least 50% faster. - New Vulnerability Scanner and File Permission Scanner are included to help identify system loopholes. - Backup now becomes more user-friendly, with easier procedures for up- and downloads. Previous Reviews: Please note this is a new version of OSE Anti-Hacker, for more reviews, please see this page: http://extensions.joomla.org/extension/ose-anti-hacker-for-joomla Customer Support: If you need help in using Centrora Security™ plugin, save time by starting your support request online and we'll connect you to a security analyst or even the senior security consultant. Click here for help. Security Firewall: AntiSpam: utilizing blacklisting IPs from Stop Forum Spam. AntiVirus: virus scanning that scans through your site for malware and variants that are known security threats, heuristics of backdoors, trojans, suspicious code and other security issues. IP Mangement: manage ip by allow, block and track IP that access to your site Security Check: malicious user agent blocks hundreds of bad bots while ensuring open-access for normal traffic. Security Check: detect directory traversal that consists in exploiting insufficient security validation/sanitization of user-supplied input file names. Security Check: javascript injection for any traffic including automated bots that constitutes security threats of injecting malicious javascript into your files. Security Check: direct file inclusion for any traffic including automated bots that constitutes security threats of including files on a server through the web browser. Security Check: remote file inclusion for any traffic including automated bots that constitutes security threats of exploiting "dynamic file include" mechanisms in web applications. Security Check: database SQL injection for any traffic traffic including automated bots that constitutes security threats of attacking data driven applications, in which malicious SQL statements are inserted into an entry field for execution. Security Check: DoS Attacks where automated bots constituting flooding attacks to your website. Report security threats to defined owner or security analysts System Requirements PHP 5.1.0 or above MySQL 5.0 or above PHP Data Objects enabled (it is activated by default as of PHP 5.1.0, please contact your hosting to enable it if it is disabled. Reference: http://www.php.net/manual/en/pdo.installation.php
c p
DataSafe PRO

DataSafe PRO

Free | Site Security | Barnaby Dixon
3
Score:
87
22 reviews
DataSafe Pro is professional database backup. It generates a snapshot of your full Joomla database, which allows you to quickly revert your content, whenever you want. It's ideal for creating a quick backup before you start any changes to your website. And to restore your Joomla database from a backup it's easy. Either select a DataSafe backup stored online, or upload a backup stored on your local computer using the DataSafe Pro interface. A DataSafe Pro backup contains all your database information, so if your system goes down, you make a mistake in configuration, or you want to roll back your system to an earlier time, just select a backup and restore it using the DataSafe Pro interface. If you can't access your Joomla administrator panel, you can also restore your DataSafe backup using PHPMyAdmin (or similar) which is installed on every server. Just use a DataSafe Pro backup stored on your local computer, or if your administrator area is unavailable, use FTP to download a backup stored online. Each DataSafe Pro backup is compressed using gzip; your database is automatically repaired and optimized during backup to maintain perfect performance, and every backup is instantly emailed to you so you have an offline copy. Each backup is also stored securely online, ready for you to restore whenever you like. And if you'd like to automate the process to create a backup every hour, day or week - it's easy, with the purchase of an optional license that allows you to automate backups across all your Joomla systems for one single low price. Try DataSafe Pro backup for yourself today, and get database backups you can depend on.
c p
Password Control

Password Control

Free | Site Security | G S Chapman
3
Score:
86
3 reviews
The Password Control system plugin enforces password changes upon registered site users. The change can be enforced for the initial (first) connection only, and/or for periodic changing. Optionally the users can be redirected back to the home page when a password change is enforced. There is the ability to define 'exempt' users, i.e. users for whom the administrator does not want to enforce password changing. The password entered by the user is checked against the previous user passwords (number is site defined) to ensure that it is changed and that the user is not reusing a password again, or just pressing the submit button without providing a new password. One can also specify the password criteria, and incorporates an optional password generator to create passwords meeting the specified criteria. New options also allow the forcing of a user to change their initial email address on initial login. This is suitable for use on e-commerce (Virtuemart) sites where a preassigned email address has been allocated to a user and it is desirable that they change it.
p
FPC - Force Password Complexity

FPC - Force Password Complexity

Free | Site Security | Viktor Vogel
3
Score:
83
4 reviews
With Force Password Complexity strong passwords are enforced based on individual rules! The system plugin checks the user passwords using defined security patterns and rejects weak passwords. In this way FPC ensures stronger security of the whole system. The execution of the plugin and the checks of the passwords can be set completely customized to ensure an own standard of security. Features Force secure, good passwords with individual rules Set precise execution rules: Execution in front- and / or backend Restrict to specific user groups Restriction with warning notice for unselected groups possible Check the type of users - only new, existing or all users Individual checks for secure passwords: Minimum length of passwords Minimum size of the entropy of passwords Forbid parts of the name and the e-mail address Maximum number same and same consecutive characters Force character types: uppercase / lowercase letters, numbers and special characters Plugin is small and fast, doesn't need a big framework Fast, clean code Languages: English and German Download Joomla! 3.x - http://joomla-extensions.kubik-rubik.de/downloads/fpc-force-password-complexity/joomla-3 Support The extension is completely free, but you need a subscription for support: http://joomla-extensions.kubik-rubik.de/subscription
p
Failed Login Attempts

Failed Login Attempts

Free | Site Security | Web357
3
Score:
79
1 review
This Joomla! Plugin records the failed and successful login attempts into the backend and frontend of your Joomla! website. It is useful for security purposes and serves as an information pool to track malicious user access (IP, country, browser, OS, etc.). USEFUL PARAMETERS Enable logs for backend (Store the logs for failed login attempts in Joomla's back-end). Enable logs for frontend (Store the logs for failed login attempts in Joomla's front-end). Successful Login Attempts (Store the logs for successful login attempts in Joomla front-end). Direct notification via email (Inform Admins for the failed and successfully login attempts). Save Logs to Database (Store the failed and successfully login attempts into the Database). Log Data: IP Address Log Data: Username Log Data: Password Log Data: Date Time Log Data: Country Log Data: Browser Log Data: Operating System CHANGELOG https://www.web357.eu/products/joomla-plugins/failed-login-attempts#changelog SUPPORT Normally we will answer your questions within 24 hours. If you still have questions or concerns about the product after reading the documentation: ★ You can use our Support Forum https://www.web357.eu/forum to ask your issues and report bugs. ★ Contact us using the contact form https://www.web357.eu/contact. ★ You can send us an email to this address: support [@] web357 [.] eu ★ Chat with us using the right-bottom box. If you did not find the information you were looking for in the documentation or if you have any other questions regarding the product feel free to contact us. We will be happy to provide you with a detailed answer as quickly as we can. 30 DAYS MONEY BACK GUARANTEE It’s all about trust. With Web357, you cannot lose. Either you will love it and enjoy using it, or you will get your money back. Simple as that. ★ Still got questions? Ask anything at contact@web357.eu. ★ More information at https://www.web357.eu/products/joomla-plugins/failed-login-attempts
p
Antivirus Website Protection

Antivirus Website Protection

Free | Site Security | SafetyBis Ltd.
3
Score:
77
18 reviews
Antivirus Website Protection is the security plugin to prevent/detect and remove malicious viruses and suspicious codes. It detects: backdoors, rootkits, trojan horses, worms, fraudtools, adware, spyware and etc. Antivirus Website Protection scans not only template files, it scans and analyzes all the files of your website (even if it's not a part of Joomla core files) Antivirus Website Protection will be especially useful for everybody who downloads templates and extensions from torrents and websites with free stuff instead of purchase the original copies from the developers. You will be shocked, how many free gifts they have inside :) *** Main features: *** - Deep scan of every file on your website. - Daily update of the virus database. - Heuristic Logic feature. - Alerts and Notifications in admin area and by email. - Daily cron feature. - Scanner can detect a wide list of malware types. - View Security reports online. *** The list of malware types what our scanner can detect: *** - MySQL and JavaScript injections (There is a lot of different attacks on your website but the most popular type and the easiest is probably MySQL injection. Our scanner will help you detect all possible issues with JavaScript and MySQL) - Website Defacements (When hackers break in to your website they can change the appearance of your website or a webpage. We have set up a feature that can help you prevent any changes on your website) - Hidden iFrames (If hacker gets an access to your website Ftp they usually set up a hidden iFrame. That way they can use your website to get the viruses on your visitors computers) - PHP Mailers (Sometimes hackers use your website to send a SPAM emails from your web server. Our smart scanning module was made to detect all possible PHP mailing scripts on your website and prevent your website from sending SPAM) - Social Engineering Attacks (There are a lot of social engineering methods to get an access to your website. Our scanning software will help you to protect your website) - Phishing Page Detection (Hackers can install a phishing page on your website without you knowing it. Sometimes they can use your website) - Redirects - Website Backdoors (Allow to get full control on website and server) - Website Anomalies - Drive-by-Downloads - Cross Site Scripting (XSS) - .htaccess (Hack Detection) - Rootkits and variants of this type of malware - Trojan horses - Internet worms - Fraudtools - Adware and spyware scrips and much more... Protect your website before the problems come. Monitor your website and minimize incident time with our automated scans. Please note: Plugin sends and receives the data to SiteGuarding.com API.
c
EasyCAPTCHA_efence

EasyCAPTCHA_efence

Free | Site Security | Brij Mohan
3
Score:
76
2 reviews
efence can do the following for you: 1. Protection against spam and malicious bots that can harm your web resources: efence is an alternative to CAPTCHA which protects your website against spam and makes it fun for the user to solve challenges. It presents an interactive picture based challenge for the users giving them a break from typing those boring twisted characters. It brings in the fun factor while avoiding the serious spam. Moreover it's an ideal spam protection tool for handheld devices. Just ask your users about what they like doing on their mobile or tablet, typing those twisted characters or just touch, tap and slide. The answer would be exactly what efence offers. 2. Guaranteed user engagement with your valued digital advertising and marketing materials: In case of a traditional CAPTCHA, when the user fights with those ugly looking twisted monsters, all that precious time and attention gets wasted with no benefit at all. efence empowers you to capitalize on this precious time and effort. What do you get ? dedicated eyeballs, guaranteed user engagement. This is done by providing great control and flexibility in creating your own branding images for guaranteed engagement. To place your branding images for free, please contact us at support@engageclick.com This is an official efence plugin which lets you embed efence at the most critical places on your website without editing any files. It takes only a few minutes to install and configure the plugin, in order to unleash the immense power of efence. Significant features   - Receive guaranteed attention to your in-house or external digital marketing contents   - Spam protection by an innovative "Captcha" alternative   - Places a customizable spam protection mechanism on your site - customize colors, shape, size and other attributes.   - Audio aid for visually impaired   - Category based customizable challenge options.   - Customer engagement using your own branding images.   - Powerful analytics to understand customer behavior.   - Works in all the browsers (including IE6!).   - Secure channel option for information security.   - Non-blocking, high-performance code. Sign up for efence - http://efence.engageclick.com Take an online demo to get an idea of how efence works as a powerful Captcha alternative ensuring customer engagement. Go Premium If you have custom requirements and need support package, we have an dedicated awesome team that delivers quality customization and support Visit official plugin homepage at http://efence.engageclick.com/selfservice-2/plugin/joomla.
m p
LazyDbBackup

LazyDbBackup

Free | Site Security | Robert Gastaud
3 4 Alpha
Score:
73
21 reviews
LazyDbBackup is based on LazyBackup by Stefan Granholm. (GNU/GPL 2 or over license). This plugin was internationalised (for Joomla! 1.5 and 1.6) and modified to run with Joomla! 1.6 and now Joomla! 2.5 (Joomla! 3.4.6 too). Two versions: PDO (doesn't work on some servers) and Mysqli. All versions come now with English, French, German translation files (thanks to Nathalie Laurent (n-at-work.net) for this German translation) and now Spanish translation by Jorge Ferreira (jorguito.com). 2012-12-20 : added italian translation by Giovanni Roli. Its purpose is to backup your Joomla! (only MySQL) database and send the backup file by e-mail. One parameter allows you to deactivate the e-mail feature; the backup files are then kept in a special folder which you can download by FTP when needed. Version 1.5.5 for Joomla! 1.5 Version 1.6.5a for Joomla! 1.6 and 1.7.0 Version 2.5.0a for Joomla! 1.6/1.7/2.5 2011-07-09: corrected bug when sending backup to multiple email addresses (thanks to Gerald Berger) 2011-12-23: 2.5.0 now Joomla! 1.6/1.7/2.5beta compatible 2012-01-19: 2.5.0a Joomla! 1.6/1.7/2.5 compatible 2012-09-26: 3.0.1 Joomla! 2.5/3.0 compatible 2013-11-18: 3.1.2 Joomla! 2.5-3.2 compatible 2015-03-17: 3.4.2 2 versions 2.5-3.4 compatible PDO and MySQLi 2016-03-25: 3.5.1 Joomla! 3.5 compatible; allows you not to delete backup file after mailing it 2016-07-08: added dutch translation, thanks to Eric Swinnen 2017-04-12: 3.7.0 JRequest replaced; added slovenian translation by Ervin Bizjak. Thanks to him! Joomla! 3.7 compatible 2018-01-23: PDO and MySQLi 3.7.1 versions are 4.0dev compatible 2018-03-19: 3.7.3 PDO and MySQLi: we exclude data from "#__session" 2018-03-23: Please replace immediatly your 3.7.3 MySQLi version with 3.7.4 that corrects a big bug. Thanks to Gerald Berger 2018-04-03: version 3.8.0 now, you will be informed by email (except deactivation of the parameter) as soon as a new version of LazyDbBackup is available
p
yKhoon Block Failed Login

yKhoon Block Failed Login

Paid download | Site Security | YK Lim
3
Score:
73
1 review
yKhoon Block Failed Login is an extension that will automatically blocked your visitor IP Address or user account when your visitor exceeded certain number of failure login. When your visitor are blocked, they cannot browse or access your web site for a certain period of time. After that, the extension will automatically unblock your visitor IP Address or user account. The extension will not only protect your front-end (visitor area), it will also protect your back-end (admin area). This will improve your web site security since it will prevent brute-force login attempt on you web site. The extension will create a log that contain some information such as date, time, visitor IP Address, login attempt on front-end or back-end, and etc, so that you take further action based on the log file. Changes: Compatible with PHP 7. Main Features: Automatically block an IP Address or user name after a specific number of failure login within a period of time. Automatically unblock an IP Address or user name after a specific period of time. If a failure login attempt is after a specific period of time, it will consider that failure login as first attempt and will block the IP Address or username after a specific number of failure login within a new period of time. Set the number of failure login attempt before block an IP Address or username. Set the time limit, and when certain number of failure login reached within this period of time, the IP Address or username will be block. Set specific period of block time for front-end failure login. This apply for IP Address or user name that has been blocked by the front-end login module. Set specific period of block time for back-end failure login. This apply for IP Address or user name that has been blocked by the back-end login module. Prevent the blocked IP Address or username from browsing the website(front-end or back-end) until the system unblocked the IP address. Create a log file with useful information every time when a failure login detected or when a blocked IP Address or username try to browse your website. Choose whether to block IP Address or user name. Failed Login Manager to manages to blocked IP Address or user name. Unblock an IP Address or user name before the blocked time end. Successfully checked as XHTML 1.0 Transitional and validates as CSS Level 3 using W3C Markup Validation Service and W3C CSS Validation Service. Support Integrated Product Update System for checking and download latest version of the product. Display the blocked user name error message within or outside the web site. Set the block time for front-end login and back-end login in minutes, hours, days, and months.
c p
TZ Guard

TZ Guard

Free | Site Security | TemPlaza
3
Score:
73
1 review
This is a simple plugin which will help you to security your site. The administrator will be protected by a security code. Furthermore you can define a blacklist IP to refuse connection from spam ip and block the BOT system to access your site.
p
OSE Secure™

OSE Secure™

Free | Site Security | Open Source Excellence
3
Score:
71
6 reviews
OSE Secure™ plugin a plugin that performs basic anti-hacking functions for your Joomla! CMS. It supports * 1. Basic SQL Injection Scanning * 2. Basic PHP Injection Scanning * 3. Basic Remote File Inclusion (RFI) Scannning * 4. Basic Local File Inclusion (LFI) Scannning * 5. Basic Malicious User Agent Scannning * 6. Basic DoS Scannning * 7. Basic Javascript Injection Scanning * 8. Requires a Secure Key to access Joomla Backend * 9. Advanced Feature: Activate OSE Anti-Hacker if you have OSE Anti-Hacker installed System Requirement: * PHP 5.0 or above * Joomla! 1.5 or Joomla! 1.6
p
JProiCaptcha

JProiCaptcha

Paid download | Site Security | JPro Extensions
3
Score:
70
5 reviews
JProiCaptcha is a user friendly secure Captcha plugin for Joomla! 3. It's Joomla! R3ADY! JProiCaptcha, allows you to protect your Joomla! 3+ forms from spammers and bots. When enabled, it renders automatically on all Joomla! system forms - user registration, password reminder, password reset, and contact forms. With just a few lines of code, it can be set to work on any form and avoid spamming and bots to submit your website forms undesirably. JProiCaptcha is a unique and proprietary JPro Extensions system plugin, initially developed to work with the JProEasyContact module, and now available to be used site wide and the new 3.0.5 version allows non bootstrapped templates to also use JProiCaptcha on Joomla! 3. JProiCaptcha is packed with several options that can be set on your Joomla! 3 back-end and with extra security layers for validation, to allow safe contacts to be sent. Now also compatible with Joomla! 3 templates that don't load the bootstrap framework and customizable buttons and with almost all configurations possible.
p
jHackGuard

jHackGuard

Free | Site Security | SiteGround Web Hosting
3
Score:
62
47 reviews
jHackGuard is designed by SiteGround to protect Joomla websites from hacking attacks. Just add it to your Joomla and it will be safe against SQL Injections, Remote URL/File Inclusions, Remote Code Executions and XSS Based Attacks! This plugin has been successfully used by SiteGround customers during the past few years. Now we make its latest version public, so that you can easily protect your Joomla site. All you need to do is to install jHackGuard and enable it – no additional configuration needed!
c p
JR Captcha

JR Captcha

Free | Site Security | JoomlaRoad
3
Score:
54
3 reviews
Captcha for Joomla core and custom forms.Inserts captcha in registration,contact,reset password, remind username forms on enabling this plugin.To add captcha in custom forms without changing any existing codes or admin settings, follow the steps mentioned below. Just have to follow 3 steps for core forms. 1.install the plugin 2.publish the plugin 3.choose JRCaptcha on global configuration Integration with All Joomla Forms.
p