Joomla has one drawback, any web user can easily know the site is created in Joomla! by typing the URL to access the administration area (i.e. www.site name.com/administration). This makes hackers hack the site easily once they crack id and password for Joomla!.


jSecure Authentication module prevents access to administration (back end) login page without appropriate access key.

Installation steps:

  1. Login to administration area
  2. Go to Installer -> select the jSecure2.1.2.zip file.
  3. Click on Install & upload.

Once the plugin is installed there are few manual steps which needs to be followed to make the plugin work:

  1. Login to Administration area
  2. Go to the Plugin Manager
  3. Enable the System - jSecure Authentication plugin
  4. Go to the jSecure Authentication component configuration in components>jSecure Authentication and set the parameters if you like. By default jSecure is set up so that you will need to enter a secret key that will serve as the new administrator URL. The default key to access login page is "jSecure", so if your website is www.website.com then the new URL for the Joomla administration would be www.website.com/administrator/jSecure. Make sure you change the default key!
  5. You can also set jSecure Authentication to display a custom form on the administrator page instead of a new URL. If you choose this option then you will still access your administration area with the default URL of /administrator. However, you will have a new login page where you will need to enter the jSecure key.
  6. Make sure that you set the "enabled" field to "Yes" otherwise jSecure will not be activated.

Note: The key is case sensitive and can **ONLY** contain alphanumeric values. PLEASE don't use numeric values

How to Use jSecure Authentication:

By default the component is set to replace the default Joomla URL with one that you will set with this component. For example:

http://www.site name/administrator/?keyname

keyname: key name is the key specified in the jSecure Authentication component.

You can also choose to maintain the default Joomla administrator URL and to add an extra login form) If you choose this option, then the Key will become the new password for the form. Once the key has been entered in the new form, the user will be directed to the administrator page.


jSecure Authentication component provides following parameters:

Enable: For jSecure to be activated set this to yes and go to the plugin manager and set the jSecure plugin to "enabled".

Pass Key: Select whether you want jSecure to create a new URL for the admin area (most popular) or if you want to create a second administrator login form (the "form" option).

Key: This is secure key which will be used to grant access to administration area. If you chose the URL option (most popular) then the new URL for your administration area will be http://www.site name/administrator/?keyname. You set the Keyname by inputing your new key in the Key field. The key is case sensitive and can **ONLY** contain alphanumeric values. PLEASE don't use purely numeric values.

Redirect Options: This parameter specifies what action to take if the key does not match. There are two choices:

Send Mail: You can set jSecure to email on or more email addresses with an alert if someone tries to unsuccessfully access the Joomla administration area.

Send Mail Details: You can have jSecure mail the wrong Key that was used, the correct Key, or both.

Email Ids :If you chose the "Send Mail" option, then enter the email addresses here. Separate multiple emails with a comma.

Email Subject: Choose an email subject for the email alert.

Blocked IPs/ White Listed IPs: User can choose the options to configure with blocked IPs or white listed IPs.

Add a new IP address to the list: User friendly to add the IPs.

IP addresses: Displayed the added IP addresses.

Enable the Master Password: To prevent the access from change the configuration of jSecure Authentication.

Master Password: Configure the master password to prevent from accessing.

Master Password Send Mail: To send the mail when admin change the any configuration of jSecure Authentication.

Master Password E-Mail Subject: Configure the subject of email.

E-Mail Id: Add the email id where you get the mail when any changes happen in configuration of jSecure Authentication.

For More information http://joomlaserviceprovider.com
Thanks to the team (Ajay Lulia, Bhavin Shah, Mehul Prajapati) for developing the Component and Plugin.
Thanks to Aaron Handford, Ajay Lulia for help with the component conceptualization.
Thanks to Sam Moffatt for converting Joomla! 1.0 module to a Joomla! 1.5 system plugin.

Change Log:

1.0: Initial Version 1.0.1:
Fix for J1.5 Native

Fix for J1.5 params (Thanks to Christer)

Fix for J1.5 call to admin login page using index2.php, please update your copy of jSecure Authentication.

Fix for J1.5 to use proper custom tag and fixed a php error.

Fixed redirection issue.

Fixed security bug. Updated the readme file.

Fixed the code for redirection.

Fixed the case sensitivity check.

Fixed warning message.

Added new features

1. Optimized the code.
2. Fixed the IP issue in mail.
3. Added Licenses information in files.

Fixed security bug.

1. Added Master Password to access the jSecure Authentication.
2. Added E-mail option to send the change log in jSecure Authentication.
3. User can choose from White Listed IPs / Blocked IPs.
4. User Friendly option to add ip address.
5. Enter specific IPs(White Listed IPs) that will allow access to administration area.

Fixed small error.

License: This is free software and you may redistribute it under the GPL. jSecure comes with absolutely no warranty. Use at your own risk. For details, see the license at http://www.gnu.org/licenses/gpl.txt Other licenses can be found in LICENSES folder.