System - AdminExile

Protect your Joomla site’s /administrator area from relentless attacks with "System - AdminExile," a free, battle-tested plugin that once reigned as the #1 security extension in the Joomla Extension Directory. Though eclipsed by tools like AdminTools Pro (which offers similar functionality for a fee), AdminExile remains a robust, no-cost solution to safeguard your backend from drive-by and brute force attacks—keeping honest users honest and everyone else out!

How It Works

Without protection, anyone can target your /administrator login by simply typing “/administrator,” opening the door to easy exploitation. "System - AdminExile" puts a stop to that with URL access keys (query parameters), transforming your login URL into a fortress. Configure it to require a key (e.g.,?boofwang) or a key-value pair (e.g.,?boofwang=sadham), and only that exact URL grants access. Unauthorized attempts? Redirect them to your homepage, a 404 error, or even a playful diversion like nsa.gov or a massive file download (e.g., a Linux ISO)—it’s both secure and fun!

Joomla
Plugins
AdminExile
v5.0.12
Joomla! 3/4/5

P

P

This is the 24 hour profile of richeyweb.com.  Graph updates every 5 minutes (live).

Admin Exile 24 hour attack profile

Unrivaled Protection, Proven Results

Check the 24-hour activity graph of richeyweb.com (updated live every 5 minutes above)—you’ll see waves of attacks, sometimes hundreds or thousands per hour, targeting /administrator. AdminExile stops them all, silently logging failures without giving attackers feedback, causing them to give up in frustration. I’ve kept my server exposed to capture this data, using long, non-guessable keys to stay safe, but you can lock it down tighter with features like IPv4/6 CIDR whitelists and blacklists.

A Modern AdminExile for Joomla 5

With version 5, I’ve completely rewritten "System - AdminExile" using modern Joomla internals, making it faster, more reliable, and bug-free. I uncovered and fixed an unreported issue: without a key value set, the old version allowed authentication with any value—now, it fails as expected. I’ve also streamlined the plugin by removing features I never loved, like brute force detection (better handled by tools like Fail2Ban), frontend blocking, and link recovery, which were cumbersome or redundant. What’s left is a lean, focused tool for /administrator protection, free with no Pro version—ever.

Why Choose System - AdminExile?

This plugin exists for one mission: to shield your /administrator login page. It prevents session cookies, offers a re-entry period after logout, and logs failures, all while staying lightweight and Joomla 5-native. Whether you’re a small site or a high-target platform, AdminExile delivers peace of mind without a price tag.

Features

  • /administrator key and/or key+value URL Protection
  • Prevent /administrator session cookie
  • Re-entry period after logout
  • Failure Logging
  • IPv4/6 Whitelist with CIDR capability
  • IPv4/6 Blacklist with CIDR capability

Video

Watch our demo video to witness AdminExile’s power in action!

Download the Plugin

  System - AdminExile 5.0.12100281

  Report a Bug   Documentation

Frequently Asked Questions:

What is the advantage of a 404 message rather than an error message?

Showing 404 may confuse an attacker, or a bot.  If they expect to see an HTML page but receive a 404 response, it may cause problems for their process.

What is CIDR?

Classless Inter-Domain Routing is a fancy way of saying - a range of IP addresses.  Instead of defining each individual white or black listed address, you can specify a range that encompasses many tens, hundreds, or even thousands of addresses.

What does System - AdminExile do?

System - AdminExile protects your Joomla /administrator login by requiring URL access keys, blocking unauthorized attempts with redirects or errors, keeping your backend secure from brute force and drive-by attacks.

Is System - AdminExile free to use?

Yes, it’s completely free! AdminExile offers robust security features with no paid version, making it accessible to all Joomla users.

How does AdminExile protect my /administrator area?

It uses unique URL keys (e.g., ?boofwang or ?boofwang=sadham) to restrict access, redirecting unauthorized attempts to your homepage, a 404, or another URL, ensuring only authorized users can log in.

What’s new in the Joomla 5 version?

The Joomla 5 rewrite (v5) is faster, more reliable, and bug-free, fixing an issue with key-value checks. It removes outdated features like brute force detection, focusing on core /administrator protection.

Can AdminExile block brute force attacks?

While it once included brute force detection, that feature has been removed in v5, as tools like Fail2Ban handle it better. AdminExile now focuses on URL key protection and access control.

How do I configure AdminExile for my site?

Set a URL key or key-value pair in the plugin settings, choose redirect options, and optionally use IPv4/6 CIDR whitelists/blacklists. It requires manual setup but ensures robust security.

What if I forget my AdminExile URL key?

With v5, link recovery is removed. You’ll need filesystem access (e.g., FTP/SSH) to adjust settings or reset the plugin, as it’s designed for secure, manual management.

Can AdminExile protect my frontend login too?

No, frontend login blocking was removed in v5, as it’s better handled by other plugins. AdminExile focuses exclusively on /administrator security.

How does AdminExile handle IPv4 and IPv6?

It supports both IPv4 and IPv6 CIDR-based whitelists and blacklists, allowing you to permit or block entire networks, enhancing security for modern sites.

Is AdminExile compatible with Joomla 3?

Yes, but the latest version (v5) is Joomla 5-native. For Joomla 3, use an older version, though we recommend upgrading to leverage the latest improvements.

Why should I choose AdminExile over paid options?

It’s free, battle-tested, and focused on /administrator protection.

Does AdminExile log attacks or provide reports?

Yes, it logs login failures, and you can view live data (e.g., richeyweb.com’s attack graph) to understand attack patterns, though reporting features are streamlined in v5.

How secure are AdminExile’s URL keys?

They’re highly secure—long, non-guessable keys (or key-value pairs) frustrate attackers, who get no feedback, often giving up due to the plugin’s silent defense.

Can my key be numeric?

No, and I won't do anything about that limitation. It's a restriction imposed by Joomla itself.

146 Reviews

Retrieved from JED monthly

Complete - Unfiltered

Why is this software free?

I’m ditching the freemium game and giving this software to the Joomla crowd for free. It’s a nod to “Jumla”—Swahili for “all together”—because fragmentation sucks, and I’d rather focus on innovation and paid gigs. Use it, build with it, and if you need custom work, I’m super into that.

What's The Catch?

There isn’t one! I’m all about building tools that empower the Joomla community and spark creativity. This software’s free because I’d rather see it in your hands - fueling awesome projects. If you really feel like paying something, I’d appreciate a review in the Joomla Extension Directory—your feedback means a lot!