Authentication, Login protection

A real Two Step Verification system for Joomla!

  • Favourite
  • Report

Security experts agree that the first step to securing your site against unauthorized access is using a second step during the login process. Joomla 3.2 and later offer Two Factor Authentication which requires you to enter a security code along with your password to log into your site. However, Two Factor Authentication is susceptible to spoofing attacks. Moreover it does not let you use any second factor which is not a text code known to you before you login.

The solution to that is Two Step Verification. You login with just your username and password. However, at this point, you have a "captive login" and you cannot use the site unless you provide your second authentication factor. This could be a text code generated by Google Authenticator like what Joomla already allows, or something impossible to use with core Joomla such as a text code sent to you by SMS or push notification or even a secure hardware token following the FIDO U2F (Universal Second Factor) standard. After providing and validating the second factor your login becomes full features and you can use the site. This is very much like what Google does when you try to login to GMail; or what happens when you log into GitHub; or how Apple handles login to iCloud.

Akeeba LoginGuard currently supports the following second factors:
* Authenticator App (Google Authenticator, Authy, 1Password etc)
* YubiKey
* U2F (any USB or NFC token following the U2F protocol will do, including the cheap Amazon ones)
* Pushbullet (only with a paid PushBullet account)
* SMS Text Message (you need a paid subscription to the supported SMS service; read the documentation)
* Email
* Fixed Code (ONLY FOR DEMONSTRATION - this is the same as using a password; don't use on production sites)

This extension is brought to you by the same people who wrote Joomla's Two Factor Authentication feature.


With this extension, you can have a Two Step Verification with many systems :
YubiKey, Authenticator App, U2F, Pushbullet, SMS Text Message.

Ease of use



Support for this extension never used, Never used but the Akeeba site have a very good support for my other akeeba extensions.



I used this to: My site.
I prefer to use The Yukey extension because i can choose between "front only", "backend only" or Both for The "site section" parameter.
Akeeba Backup

Akeeba Backup

Free | Site Security | Akeeba Ltd
3 4 Alpha
1045 reviews
Akeeba Backup Core is the most widely used open-source backup component for the Joomla! CMS. Its mission is simple: create a site backup that can be restored on any Joomla!-capable server, making it ideal not only for backups but also for site transfers or even deploying sites to your clients' servers. Akeeba Backup creates a full backup of your site in a single archive. The archive contains all the files, a database snapshot and an installer similar in function to the standard Joomla! installer. The backup and restore process is AJAX powered to avoid server timeouts, even with huge sites. Alternatively, you can make a backup of only your database, or only your files. Akeeba Backup is the reliable, easy to use, open source backup solution for your Joomla! site. Akeeba Backup has won six J.O.S.C.A.R. awards at J and Beyond. Download it for free to find out why! Joomla! 3.4 and later, PHP 5.4 and later (including PHP 7). We have older versions for Joomla! 1.5 to 3.3 and older PHP versions on our site. Features: The Configuration Wizard configures itself for optimal operation with your site, automatically. The fastest and most reliable native PHP backup engine. One click backup. Integrated restoration for same server restoration. Site transfer wizard. Transfer your site between servers fast and easily. Restore with Akeeba Kickstart (free of charge script): restore extracting the backup directly on the server; no need to upload thousands of files by FTP! Choose between standard ZIP or highly efficient JPA archive format. Exclude specific files, folders. Exclude specific database tables or their contents. Unattended backup mode (CRON job scheduling), fully compatible with Archives can be restored on any host. Useful for transferring your site between subdomains/hosts or even to/from your local testing server (e.g. XAMPP, WAMPServer, MAMP, etc). and much, much more! Note: The Akeeba Backup Core component is free of charge, its support is not. We can't tell you what you need to get support because of JED censorship, but you can find out about it on our site. In any case, Akeeba Backup's documentation, video tutorials, troubleshooting wizard and reading the public tickets is free of charge. *** IF YOU CAN'T FIND HOW TO ENABLE A FEATURE LISTED HERE, PLEASE READ THE (FREE) DOCUMENTATION AND WATCH OUR VIDEO TUTORIALS! ***
c m p
Admin Tools

Admin Tools

Free | Site Security | Akeeba Ltd
3 4 Alpha
195 reviews
Admin Tools is a true Swiss Army knife for your site. Our freely available Admin Tools Core will detect, notify you about new Joomla! releases, fix your files' and directories' permissions, protect your administrator directory with a password, change your database prefix, migrate links pointing to your old domain on-the-fly and perform database maintenance, all with a single click. Written and maintained by the same developer as Akeeba Backup and the Joomla! updater component of Joomla! 2.5.4 and later. Note: a commercial edition (Admin Tools Professional) with extra security-oriented features is also available from our site for a fee. This listing is about the free version, Admin Tools Core. Note 2: The software is free of charge, its support is not. You need a subscription to request support. However, its documentation, the troubleshooting wizard and searching the public tickets is free.
c m p
Admin Tools Professional

Admin Tools Professional

Paid download | Site Security | Akeeba Ltd
3 4 Alpha
150 reviews
From the makers of Akeeba Backup Core/Professional and Admin Tools Core, this is the enhanced release of Admin Tools, available on a subscription basis. On top of what Admin Tools Core already offers, Admin Tools Professional has these exclusive features: - Security tightening .htaccess (Apache), nginx.conf (NginX) and web.config (IIS) file generator with a simple yet powerful user interface - Restrict administrator with a secret URL parameter - Web Application Firewall to block common exploits (SQL injection, XSS, DFI, RFI, malicious user agent, CSRF/spam-bot protection, uploads scanner etc) - Bad word filtering - IP Whitelisting for the administrator section - IP Blacklisting - Geographic block (deny access to specific countries/continents) - Modification of Generator meta tag and other sensitive HTTP headers - Email on administrator login - Block front-end Super Administrator log-in - Block Super Administrator user modification - Block extensions installation - Block visual fingerprinting (tmpl, template and tp URL parameters) - Integration of the Bad Behavior anti-spam library - Project Honeypot IP blacklist integration - Automatic IP blocking of repeat offenders - Email notifications of all detected security issues - URL redirections (exclusive support for query parameters!) - Scheduled site maintenance operations The software is GPL; buying a single subscription you can install it on as many sites as you want and keep it running even after your subscription expires, without encrypted code, domain limitations or other such nuisances.
c m p
Akeeba SocialLogin

Akeeba SocialLogin

Free | Site Access | Akeeba Ltd
3 4 Alpha
0 reviews
Allow your users to log in with their social media profile (Facebook, Twitter etc) Creating an account at a Joomla site is a rather strenuous process. You have to fill in a form, wait for an email to come, click on a link which doesn't work on mobile devices, figure out how to copy it to your browser and only then can you log in. Logging in is also problematic: you need to remember the username and password you had used to register the account. If not, you have to go not one but two convoluted processes to be reminded of your username and reset your password. Either of these processes is required every time you want a visitor to interact with your site in a more permanent manner, be it leaving a comment to an article or purchasing something from you. How many engagements and sales have you lost to that outdated process? How many people have given up on your site because they can't handle Yet Another Login? If only there was a better way... Well, now that you said it, there is. Most people use a social network such as Facebook, Twitter, LInkedIn, GitHub etc. All of these networks allow their members to use their profiles to log in on third party sites. This what SocialLogin brings to your site: allow your visitors to log in and (optionally) register a user account on your site by using their social media accounts. SocialLogin supports logging in with the following services: * Facebook * Twitter * Google * GitHub More services will be added in due time. The best thing about this software? It's free, it's tiny, it's fast and it's written by web site security professionals!

Akeeba LoginGuard

Akeeba Ltd
Last updated:
Mar 09 2018
Date added:
Mar 06 2018
GPLv2 or later
Free download

Uses Joomla! Update System

  • Overall

  • Functionality

  • Ease of use

  • Documentation

  • Support