Admin Tools for Joomla 4 and 5

Nicholas K. Dionysopoulos

Akeeba Ltd

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the appendix entitled "The GNU Free Documentation License".

Abstract

This book covers the use of the Admin Tools site security component, module and plugin bundle for sites powered by Joomla!™ 4 and 5. Both the free Admin Tools Core and the subscription-based Admin Tools Professional editions are completely covered.


Table of Contents

1. Getting Started
What is Admin Tools?
Disclaimer
The philosophy
Server environment requirements
Installing Admin Tools
Installing or manually updating the extension
Troubleshooting the installation
Upgrading from Core to Professional
Automatic updates
Troubleshooting the update
Addressing server issues
Check the validity of your Download ID
Check your subscription status
Updates are showing after installing the latest version
Updates not showing despite having an older version
Check the update site
Refresh the update cache
Miscellaneous troubleshooting and information
The update fails to download
Updating with a third party service fails
Manual update
Update installation problems
Entering your Download ID
Requesting support and reporting bugs
Uninstalling Admin Tools
Quick Setup
2. Using Admin Tools
The Control Panel
The component Options
Fixing the permissions of files and directories
Configuring the permissions of files and directories
Emergency Off-Line Mode
Protect your administrator back-end with a password
Why use the Administrator Password Protection?
The .htaccess maker
Basic Security
Server protection
How to determine which exceptions are required
Custom .htaccess rules
Optimisation and utility
System configuration
The NginX configuration maker
Basic Security
Server protection
How to determine which exceptions are required
Advanced NginX Settings
Optimisation and utility
System configuration
The web.config maker
Basic Security
Server protection
How to determine which exceptions are required
Optimisation and utility
System configuration
Web Application Firewall
Configure WAF
Basic Features
Request Filtering
Hardening Options
Cloaking
Project Honeypot
Exceptions
Auto-ban
Logging & reporting
Customisation
Troubleshooting (I got locked out of my site)
WAF Exceptions
WAF Deny List
Administrator Exclusive Allow IP List
Site IP Allow List
Site IP Disallow List
Anti-spam Bad Words
Blocked Requests Log
List of blocking reasons
Auto Blocked IP Addresses
Auto IP Blocking History
Email templates
Database tools
The PHP File Scanner
How does it work and what should I know?
Configuration
Scanning and administering scans
Reading the reports
Automating the scans (CRON jobs)
Automating the scans (front-end scheduling URL)
Automating with Joomla Scheduled Tasks
SEO and Link Tools
Reset Joomla! Update
URL Redirection
Cleaning your temporary files directory
Protecting Admin Tools with a password
Import and Exporting Settings
Access Control
The "System - Admin Tools" plugin
Automating maintenance tasks
Admin Tools – PHP File Change Scanner
Admin Tools – Blocked Requests Log cleanup
Admin Tools – Session table repair & optimise
Admin Tools – Clean up session metadata
Admin Tools – Cache clean-up
Admin Tools – Clean up the temporary directory
Admin Tools – Delete inactive users
Admin Tools – Auto-import configuration
Admin Tools – Reset Joomla! Update
Rescue Mode
Custom public folder
What is a custom public folder?
Admin Tools and the Joomla! custom public folder feature
Troubleshooting guide
— THIS HEADER IS INTENTIONALLY LEFT BLANK —
Administrator password protection issues
New Super Users are blocked and deactivated after login
Can not create or edit Managers, Administrators, Super Administrators using Admin Tools (403 error thrown)
Locked out of my site after applying a .htaccess using Admin Tools' .htaccess Maker
Admin Tools' Web Application Firewall (WAF) locked you out of your site
My components, modules or templates stopped working after using Admin Tools .htaccess Maker and how to determine and apply exceptions
I created a .htaccess file on my main site and I can't access my other domains / subdirectories on the same account
The administrator secret URL parameter is not working
There are too many security exceptions. Should I be worried?
3. Admin Tools Command Line Interface
Common conventions
Command Reference
Blocked Request Management
admintools:autoban:list
admintools:autoban:remove
admintools:autobanhistory:list
admintools:autobanhistory:remove
admintools:log:list
admintools:log:remove
admintools:unblock
IP Allow and Disallow
admintools:ipallow:add
admintools:ipallow:list
admintools:ipallow:modify
admintools:ipallow:remove
admintools:ipdisallow:add
admintools:ipdisallow:list
admintools:ipdisallow:modify
admintools:ipdisallow:remove
Bad Words Management
admintools:badwords:add
admintools:badwords:list
admintools:badwords:remove
Export and Import Settings
admintools:export
admintools:import
Web Application Firewall
admintools:waf:get
admintools:waf:list
admintools:waf:set
admintools:wafdeny:add
admintools:wafdeny:list
admintools:wafdeny:modify
admintools:wafdeny:remove
admintools:wafexceptions:add
admintools:wafexceptions:list
admintools:wafexceptions:modify
admintools:wafexceptions:remove
Automation
admintools:offline
admintools:scan
admintools:joomlaupdate:reset
.htaccess Maker / NginX Conf Maker / web.config Maker
admintools:htmaker:list
admintools:htmaker:get
admintools:htmaker:set
admintools:htmaker:make
A. GNU General Public License version 3
B. GNU Free Documentation License