One of the first priority of all web administrator is to protect its backend login to CMS and prevent unauthorized person to enter in administrator area. Some firewall also has difficulty to protect brute force on Joomla administrator login. We have come a cross great plugin for Joomla AdminExile which does it almost all.
It's easy for attackers to determine that your site is running Joomla! All they has to do is add "/administrator" to the URL and look for the login panel. That's all it takes for an attack to begin. With AdminExile, you can mitigate these issues and gain some peace of mind.
What kind of protection this great plugin has?
The cornerstone of AdminExile is the /administrator access key(s). Using URL variables, AdminExile provides an extra level of security by requiring a specific key to be present in the URL. Additionally, a value can be assigned to the key - effectively adding 2 passwords for access to your /administrator area. Key Example (some extensions only allow you to change the key): • /administrator?key Key Value Example (some extensions only allow you to change the key value): • /administrator?token=keyvalue AdminExile Examples (keep them guessing and change both!): • /administrator?key • /administrator?key=keyvalue
Maybe your access key(s) are so fantastically difficult, that you can't remember it. Maybe you intended to use it this way. Or maybe you're managing a team of webmasters and you frequently change the access key(s). You securely can gain access, without knowing the key(s) - by using the Mail Link function of AdminExile. When enabled, and valid Mail Link groups are chosen - anyone who is a member of the authorized groups can request the /administrator URL + keys be emailed to them. Using this function is easy. The URL to request a Mail Link is simply (replacing username with an authorized username): • /administrator?email=username Once requested, AdminExile redirects the request page back to whatever the configured redirect destination is set to. The username submitted is verified to be a member of the authorized Mail Link groups and an email containing the complete (clickable) /administrator URL is sent to the email address associated with their account.
You might have a static IP address and want to bypass the access key(s) requirement. Likewise, you might have a hostile network - and want to keep people out, even if they know the keys. There are more reasons to have white and blacklists than can be counted. AdminExile provides a flexible implementation to provide the maximum usefulness for your site. This configuration can be found in the IP Security area of the plugin configuration.
A brute force attack is simply an attack where the password/key to be cracked is attempted sequentially. Part of the reason AdminExile provides the ability to use a key and keyvalue, is that it becomes infinitely harder to successfully brute force 2 passwords simultaneously. Just in case, AdminExile has brute force detection and protection. This brute force protection is enabled for not only the /administrator login, but the AdminExile key(s) as well.
If an attempt to access /administrator fails - the visitor must be sent somewhere. AdminExile has a flexible configuration for redirection, and protections in place to prevent any indication that the /administrator URL does anything. With 2 preset destinations, 404 customization, and stealth features - AdminExile is designed to keep attackers confused.
Free as beer, but if you are satisfied you should give them credit.
You can find more information about this fantastic plugin at Richey’s web here
Or download from here