Blog

Securing Joomla Administrator

User Rating: 0 / 5

Star InactiveStar InactiveStar InactiveStar InactiveStar Inactive
 

You should always have something in place to try and protect your Joomla setup from brute force attacks. These attacks are where a script or cracked website continually tries to login either through the front or the admin area of your site.

If you install something such as the Brute Force Stop extension or the security options in sh404sef then you can usually deny entry.

The downside to this is server load. Each time a login attempt is made there is a call to the server and your Joomla install. For the admin login it's far better to stop attempts before they get to the Joomla login system. You can't really use this system on the front of the site though as no-one will be able to access it!

To protect the admin area you need to password protect the administrator directory. There are a number of ways to do this:

  • You could use the Password Protect Directories function in your cPanel
  • You could use the Password Protect Administrator button in Akeeba's Admin Tools
  • You could use a desktop application like Website Access Manager from CoffeeCup
  • You could roll your sleeves up and code away in the relevant .htaccess and .htpassword files

Any of these ways will do it but I think Akeeba's Admin Tools is by far the easiest.

However, depending upon how your server is set up you may come across the dreaded 404 Error when you password protect the administrator directory. As soon as you set the protection you're dumped to the front page of your website with a 404 error. Not good. The solution is to make an adjustment to the .htaccess file in the root directory, not the administrator directory!

All you need to do is to drop this code in before the rewrite engine on code:

ErrorDocument 401 ./error.html
ErrorDocument 403 ./error.html

Hopefully if you do come across this issue then this will provide a very simple fix. If not then perhaps reply to this post and share your solution.

Legal

Chris Hall
T/A MSWD
166 Caswell Close
Farnborough
GU14 8TG

Tel +447849955316

© 2016 MSWD, All Rights Reserved.

Search

Contact
We'd love to hear from you. You can also get in touch by:
Email: This email address is being protected from spambots. You need JavaScript enabled to view it.
Phone: +447765675370
1000 characters left