Improved support for Joomla! 5.1's backend colour schemes. Joomla 5.1 changed the way its administrator application's dark mode is applied so that it can now be disconnected from the browser's preference. This has caused a bit of a problem with the color contrast, leading to some text being invisible, or hard to read. We have now created a special CSS file loaded only on Joomla! 5.1 and later versions to address these issues.
You can now choose the action for an invalid administrator secret URL parameter. By default, when someone omits or provides an incorrect Administrator Secret URL Parameter thye will be redirected to the frontend of the page and a blocked request will be logged. Some people found this confusing, even though the whole point was precisely to confuse attackers. For those people, we now have an option which allows this behaviour to change into blockign the request, showing Admin Tools' blocked request message.
Components sidebar menu item to open the appropriate server config maker for your site. So far there was no submenu item for the .htaccess Maker, NginX Conf Maker, or web.config Maker in the Components sidebar since that menu is static (generated when installing or updating the component), and which of the three items is appropriate for your site depends entirely on your server's technology. We now have a generic menu called "Server Config Maker" which will try to automatically take you to the correct feature based on the web server technology PHP reports that you are using. A bit of a creature comfort to make your lives easier.
Remove Itemid from Suspicious Core Parameters, it has its own feature (ItemidShield). Most of the support requests we got regarding the Suspicious Core Parameters feature came from users whose sites had links with an invalid Itemid
URL parameter, usually Itemid=
(yep, no value, just blank). Please keep in mind that these kind of URLs are deprecated since Joomla! 4.0 and will stop working in Joomla! 6.0 as per the deprecation notices in Joomla's core code. However, we also had another feature which can also check for the same, it's called ItemidShield. Since ItemidShield is off by default and Suspicious Core Parameters on by default we decided to remove Itemid
from Suspicious Core Parameters (instead of removing the ItemidShield feature).
Re-arrange order of execution to process IP blocks before request blocking features. Some users were confused as to why they were seeing log entries (and possibly emails) about blocked requests coming from IP addresses which were temporarily or permanently blocked. The reason is that some features leading to blocked request were processed before evaluating blocked IP addresses, a remnant of the Joomla! 1.5 to 2.5 times when request processing was a bit more convoluted. We have now moved blocked IP processing to the top of checks performed by Admin Tools to prevent any such issues in the future.
!-Bug fixes and minor improvements. Please take a look at the CHANGELOG below.
-->