Joomla has one drawback, any web user can easily know the site is created in Joomla! by typing the URL to access the administration area (i.e. www.site name.com/administration). This makes hackers hack the site easily once they crack id and password for Joomla!.
jSecure Authentication module prevents access to administration (back end) login page without appropriate access key.
Once the plugin is installed there are few manual steps which needs to be followed to make the plugin work:
Note: The key is case sensitive and can **ONLY** contain alphanumeric values. PLEASE don't use numeric values
How to Use jSecure Authentication:
By default the component is set to replace the default Joomla URL with one that you will set with this component. For example:
keyname: key name is the key specified in the jSecure Authentication component.
You can also choose to maintain the default Joomla administrator URL and to add an extra login form) If you choose this option, then the Key will become the new password for the form. Once the key has been entered in the new form, the user will be directed to the administrator page.
jSecure Authentication component provides following parameters:
Enable: For jSecure to be activated set this to yes and go to the plugin manager and set the jSecure plugin to "enabled".
Pass Key: Select whether you want jSecure to create a new URL for the admin area (most popular) or if you want to create a second administrator login form (the "form" option).
Key: This is secure key which will be used to grant access to administration area. If you chose the URL option (most popular) then the new URL for your administration area will be http://www.site name/administrator/?keyname. You set the Keyname by inputing your new key in the Key field. The key is case sensitive and can **ONLY** contain alphanumeric values. PLEASE don't use purely numeric values.
This parameter specifies what action to take if the key does not match. There are two choices:
You can set jSecure to email on or more email addresses with an alert if someone tries to unsuccessfully access the Joomla administration area.
You can have jSecure mail the wrong Key that was used, the correct Key, or both.
If you chose the "Send Mail" option, then enter the email addresses here. Separate multiple emails with a comma.
Choose an email subject for the email alert.
User can choose the options to configure with blocked IPs or white listed IPs.
User friendly to add the IPs.
Displayed the added IP addresses.
To prevent the access from change the configuration of jSecure Authentication.
Configure the master password to prevent from accessing.
To send the mail when admin change the any configuration of jSecure Authentication.
Configure the subject of email.
Add the email id where you get the mail when any changes happen in configuration of jSecure Authentication.
For More information http://joomlaserviceprovider.com
Thanks to the team (Ajay Lulia, Bhavin Shah, Mehul Prajapati) for developing the Component and Plugin.
Thanks to Aaron Handford, Ajay Lulia for help with the component conceptualization.
Thanks to Sam Moffatt for converting Joomla! 1.0 module to a Joomla! 1.5 system plugin.
1.0: Initial Version 1.0.1:
Fix for J1.5 Native
Fix for J1.5 params (Thanks to Christer)
Fix for J1.5 call to admin login page using index2.php, please update your copy of jSecure Authentication.
Fix for J1.5 to use proper custom tag and fixed a php error.
Fixed redirection issue.
Fixed security bug. Updated the readme file.
Fixed the code for redirection.
Fixed the case sensitivity check.
Fixed warning message.
Added new features
1. Optimized the code.
2. Fixed the IP issue in mail.
3. Added Licenses information in files.
Fixed security bug.
1. Added Master Password to access the jSecure Authentication.
2. Added E-mail option to send the change log in jSecure Authentication.
3. User can choose from White Listed IPs / Blocked IPs.
4. User Friendly option to add ip address.
5. Enter specific IPs(White Listed IPs) that will allow access to administration area.
Fixed small error.
License: This is free software and you may redistribute it under the GPL. jSecure comes with absolutely no warranty. Use at your own risk. For details, see the license at http://www.gnu.org/licenses/gpl.txt Other licenses can be found in LICENSES folder.