Site Security

OHSecurity provides additional protection to your Joomla! powered website. By default when a 'hacker' attempts to compromise your website, Joomla! produces a '403 Forbidden' message but allows the hacker to keep trying.

  • Get this
  • Favourite
  • Report

With OHSecurity, we block the attempt and all access to your website - preventing the hacker from trying multiple times. OHSecurity works on a '1 strike and your out' rule.

OHSecurity is built up on a number of plugins, modules and a component.

What does OHSecurity do

With OHSecurity Core, you can
- Perform a Health Check on your website and server - listing any issues that may need addressing
- If you have Akeeba Backup installed, easily take a backup from within OHSecurity's control panel area
- Receive 'break-down' emails listing what OHSecurity has banned over a set period of time
- 8 Bad Bots blocked

With OHSecurity Professional, you get the same functionality as Core however the following functionality is available;
Change your database's table prefix
- Password protect your 'administrator' folder
- Protect and prevent your website from a brute-force login attempt
- Change your database table prefix
- 133 Bad Bots blocked

'Site Scanner'

Before the content of your website is output to the visitors browser, our 'content sniffer' plugin scans the HTML looking for any 'bad content' (cialis, viagra, payday loans etc). If any of these bad content terms are found, an email is sent to the web-master informing them of the page that the bad content was found on so they can take appropriate action where necessary.

OHSecurity Explained

Component - OHSecurity

The component provides you with a friendly user interface where you can manage the OHSecurity settings. You also have a number of security 'tasks' that you can perform from within the component such as changing the database table prefix*, password protecting the administrator folder, configuring which 'bad bots' to ban, turning OHSecurity into 'test mode', view the statistics of hack attempts - SQL Injection attempts and the number of 'bad bots' which tried to access your website. You can also see a number of issues that need attention - such as Super Administrators using 'weak passwords', if you are using the default Super Administrator account, if you are using a 'weak' table prefix.

Plugin - System - OHSecurity

This plugin does all the 'heavy lifting'. The system plugin checks all page requests that are sent to Joomla! - making sure they are safe. The plugin checks for 'bad bots, hack attempts and SQL Injection attempts' and only blocks the bad requests meaning that legitimate visitors are allowed to view your website. This plugin also handles the requests to the centralised blacklist where all bad activity is stored (this is stored on our servers).

Plugin - System - OHSecurity Content Sniffer

This 'system' plugin 'sniffs' your websites output just before it is rendered to the end user. It looks for any 'bad content' that shouldn't be there. If any of the content contains these 'bad words', an email is sent to the 'webmaster' informing them that their website may have been compromised. Some websites may contain these 'bad words', just like our website does in some of our blog articles. For this reason we didn't want an email being sent to us every time the 'bad words' were found in the page so we added a Threshold limit. 'Bad words' can be found on your website but as soon as the threshold limit has been reached, the email will be sent. By default the Threshold limit is set to 5.

Plugin - Authentication - OHS Login - Professional version only

This plugin replaces Joomla!'s authentication plugin and allows us to manage logins within your website. We created this plugin and the corresponding extensions parameters so that we can block hackers from trying to login to your website. Hackers try hundreds if not thousands of different usernames and password to try and find one that works, as standard Joomla! lets them keep trying. This plugin blocks their access when they have trued X amount of attempts - the value is configurable via the Global Configuration tab within OHSecurity. This plugin is only available within the Professional release of OHSecurity.

Administrator Module - OHSecurity Statistics

This module displays a number of statistics within the Joomla! administrator area, along with a couple of 'quick links' that will take you to certain aspects of OHSecurity.

* = Professional version only


Orange Hat Studios
Last updated:
Aug 16 2018
Date added:
Jul 21 2018
GPLv2 or later
Free download

Uses Joomla! Update System

Demo Support Documentation
  • Overall
    Not rated
  • Functionality

    Not rated
  • Ease of use

    Not rated
  • Documentation

    Not rated
  • Support

    Not rated