Securing a website is one of the most important task for a site administrator. There is always the ever-growing threat of online criminals looming large over the sea of websites ready to strike anytime upon an unassuming target. Meanwhile, to hide the Joomla administrator login URL is only a part of the vast security measures that needs to be implemented on a Joomla site.
There is no permanent solution to secure a Joomla website or any website for that matter. Likewise, there is no one-size fits all solution either. Any opensource script is out there for all to see, so any vulnerability found in the script can be exploited. In fact, it is very important to go through the Joomla Security checklist for every Site Administrator.
The best method to secure the administrator login area is probably via .htaccess by either blocking access from IP addresses other than that of the administrator or setting passwords. Having said that, hiding the Joomla administrator URL does add a layer of protection.
There are some free extensions that enables you to hide the Joomla administrator login URL. All these extensions work on one principle as far as the hidden URL is concerned – to replace the regular administrator URL with a new URL as determined by the administrator.
Extensions that lets you hide the Joomla administrator login URL
- Download the AdminExile plugin from the Joomla Extensions Directory.
- Login to your Joomla back-end and install the plugin.
- Navigate to Extensions > Plugins and search for AdminExile.
- Configure and enable the plugin.
Back-end Security – This is where you enter the Access Key. Once you set the key, remember it or copy the new URL to your hard drive. You can access the administrator login page at yourdomain.com/administrator?yourkey.
IP Security – This feature allows you to blacklist IP addresses from accessing your administrator area. You can also receive email alerts if somebody tries to login multiple times.
Bruteforce – This function will block bruteforce to your login URL. Bruteforce is an attack from an automated script that tries to login with different combinations of letters, numbers and symbols.
- Download the plugin
- Install and configure the plugin.
- Enter the secret key and enable the plugin.
- You can access your administrator login URL at yourdomain.com/administrator?yourseceretkey
- Download the plugin
- Install and configure.
There are two modes to secure your administrator area. The first one and also the recommended mode is HTTP Authentication, which sets a password to access the admin area. The second one is Compapility mode, which hides the administrator login URL. Either way, try to remember the password. As with AdminExile and Jsecure Lite, you can access the admin login page with the URL yourdomain.com/administrator/yourpassword.
Download the plugin here. As the name suggests, this component from Akeeba has more administration tools besides securing the admin login page.
With Admin Tools you can:
- Fix file permissions.
- Repair and optimise database.
- Clean Temp directory
- Secure the administrator login page with a password.
So these are some free extensions that you can use to either protect the admin area with a password or hide the Joomla administrator login page with a secret key. If there are other such extensions with better functionalities, please let us know in the comments below.