Any jackwagon can go to your website and type /administrator - that sucks.
AdminExile puts an end to drive-by (and more serious) attempts to access /administrator. By using URL access keys (query parameters), attempts to access your /administrator login page will be met with either a redirect to your homepage, a 404 error, or a redirect somewhere else (I recommend https://www.nsa.gov or redirecting them to a huge file download like a Linux ISO image, that's always fun).
High volume attacks (hundreds and even thousands of hits) may drown out the lower volume attempts. There is rarely an hour where there are no attacks.
This image updates automatically every 5 minutes.
As you can see, the attacks come in waves. These numbers are coming from server logs generated by the logging feature of the 3 series. I put my server at risk by not blocking these attempts with the brute force protection feature - partly because I want this graph to reflect actual attack patterns, and partly because my AdminExile access keys are ridiculously long non-words.
Attackers eventually give up, because AdminExile doesn't give them any feedback. They must wonder - is this even a valid URL?
Packed with features (even the free version), AdminExile exists to serve one purpose - to protect your /administrator login page.
AdminExile Features:
Version 3.16.3 Features | Free | Pro |
---|---|---|
/administrator key and/or key+value URL Protection | ||
Prevent /administrator session cookie | ||
Block configured users from frontend login* | ||
Lost/Forgotten Link Recovery | ||
Failure Logging | ||
IPv4/6 Whitelist with CIDR capability | ||
IPv4/6 Blacklist with CIDR capability | ||
Bruteforce Detection and Blocking | ||
Bruteforce Notification Email | ||
Live data reporting | ||
Download | 36 |
Documentation: Online Live Demo: https://www.richeyweb.com/administrator |
Total reviews: 146
Overall
Functionality
Ease of Use
Support
Documentation
Value for Money
|
*As of Joomla 3.7 - Frontend Restrictions are not operational. I am working on a solution to restore this functionality.