SSL Labs ScoreSecurityHeaders.io Score

Any jackwagon can go to your website and type /administrator - that sucks.

AdminExile puts an end to drive-by (and more serious) attempts to access /administrator. By using URL access keys (query parameters), attempts to access your /administrator login page will be met with either a redirect to your homepage, a 404 error, or a redirect somewhere else (I recommend https://www.nsa.gov or redirecting them to a huge file download like a Linux ISO image, that's always fun).

AdminExile Blocked Attempts

High volume attacks (hundreds and even thousands of hits) may drown out the lower volume attempts. There is rarely an hour where there are no attacks.

This image updates automatically every 5 minutes.

As you can see, the attacks come in waves. These numbers are coming from server logs generated by the logging feature of the 3 series. I put my server at risk by not blocking these attempts with the brute force protection feature - partly because I want this graph to reflect actual attack patterns, and partly because my AdminExile access keys are ridiculously long non-words.

Attackers eventually give up, because AdminExile doesn't give them any feedback. They must wonder - is this even a valid URL?

Packed with features (even the free version), AdminExile exists to serve one purpose - to protect your /administrator login page.

AdminExile Features:

Version 3.16.3 Features Free Pro
/administrator key and/or key+value URL Protection
Prevent /administrator session cookie
Block configured users from frontend login*
Lost/Forgotten Link Recovery
Failure Logging
IPv4/6 Whitelist with CIDR capability
IPv4/6 Blacklist with CIDR capability
Bruteforce Detection and Blocking
Bruteforce Notification Email
Live data reporting
Download 36

Bug Reports

Documentation: Online

Live Demo: https://www.richeyweb.com/administrator

Total reviews: 140
Overall
Functionality
Ease of Use
Support
Documentation
Value for Money

*As of Joomla 3.7 - Frontend Restrictions are not operational. I am working on a solution to restore this functionality.


Discuss this article in the forums (15 replies).

Paid Extension FAQ

What am I buying?
  • The extension
  • One year of updates
  • Support
Do you still support free versions?
Only bugfixes
Can I install the extension on multiple sites?
Go for it
Can I give a copy to my friend?
While this is ethically wrong, there is no easy way for me to stop it. However, if your friend wants support he should call you - because I won't talk to him unless he purchases the extension.
What happens to the extension at the end of the year?
Nothing. It remains installed and configured, it just stops receiving updates and support is suspended.
What if I give you an idea that you turn into a paid extension?
You'll be given a lifetime subscription for that extension.
What if I contract you to make a custom extension for me?
There are two options, and I may or may not offer both.
  1. You will be given a quote for outright ownership of the extension.
  2. If it's something that I believe will benefit the community, I may offer a reduced quote where I retain ownership along with the promise that it will remain a free extension.