Follow us on Twitter

Need Help?

  • 7angels transformation has been started, under new management and much more services to offer.
    prim3geek
    prim3geek
    Wednesday, 18 August 2010 23:59

Testimonials

Sorry i mistakenly entered wrong input on the title lol just delete my 1st testimonial any...
More...
12.06.10 04:54
By Fx-pro Support

Latest Promo

7angels promo

Need quality banners? for every 5 or more banner order get $5 off

Read more

Joomla 1.5 admin security

abaddon
(0 votes, average 0 out of 5)

Written by dirtydoug | 20 September 2009

Tags: .htaccess , programming

Keep your administrator page away from hackers!

Have you ever been hacked? Well here's a very simple solution that could prevent hackers getting into your Joomla administrator page. 2 things I usually do to protect myself from hackers.

1) Download jSecure Authentication Plugin for 1.5.x

This plugin is for free. a little summary about this plugin.

"jSecure Authentication plugins prevents access to administration (back end) login page without appropriate access key."

Download it <here>

And a little information how to use this Plugin.

Installation steps:

  1. Login to administration area
  2. Go to Installer -> select the plgSystemJSecure.zip file.
  3. Click on Install & upload.

Once the plugin is installed there are few manual steps which needs to be followed to make the plugin work:

  1. Login to Administration area
  2. Go To Plugins->System
  3. Click on System - jSecure Authentication link
  4. Enable the plugin and set the optional parameters specified below
  5. Save the plugin.

Default key to access login page is "jSecure".

Note: The key is case sensitive and can **ONLY** contain alphanumeric values. PLEASE dont use numeric values

How to Use :

http://www.site name/administrator/?keyname

keyname: key name is the key specified in the jSecure Authentication module.


Set the Parameters:


jSecure Authentication module provides following parameters:

Key: This is secure key which will be used to grant access to administration area.

Redirect Options: This parameter specifies what action to take if the key does not match. There are two choices:

  • Redirect to index page: Redirect unauthorized user back to home page
  • Custom Path: Provide relative path to custom page, for example 404 page not found.

now that you are done with the 1st method why not add more security? just incase the hacker found out your KEY.

2) Restrict administrator access by IP Address

Create an empty .htaccess file (use notepad to create this) Put the following in it:

<Limit GET>
Order Deny,Allow
Deny from all
Allow from 127.0.0.0
</Limit>

Change 127.0.0.0 in your static internet ip address. You can also use partial IP Addresses: 127.0.0 then upload it in your administrator directory.
Now when you visit the admin panel from any other IP address, you will see a 403 Forbidden error.

You can add multiple address by separating them by comma's: 127.0.0.0, 127.0.25.209

Now your Joomla Admin panel is finally secured. But always remember that following these methods does not mean that you are 100% secure you still have to be precautios but this could lessen your worries.

Next >

Add comment


Security code
Refresh

Members Area

image





Forgot login?
No account yet?
Register

Categories

Google Friend Connect

Our Clients

Syndication

feed-image Feed Entries