Admin Tools for Joomla!

Emergency Off-Line switch

Put your site securely off-line in the case of an attack

Master Password

Prevent that client from breaking their site by »doing nothing«

Customize Permissions

ACL: fine-grained permissions, controlling which Admin Tools features each user can access.

Administrator Directory Protection

Protect access to your administrator directory with a username and password.

Change File & Folder Permissions

Easily change the permissions of all files and folders on your server. Permissions are fully customizable.

One click temporary files cleaning

One-click purge of your temporary directory

Repair and optimise tables

Repair and optimise all of your site's tables. Only available on Joomla 3 due to technical limitations of Joomla 4.

Sessions table purge

Purge and optimise the sessions table with a single click

URL redirection

Redirect old URLs or make your own URL shortener with features far beyond Joomla!'s

Scheduled cleanup

Scheduled automatic cleanup of your temporary directory and sessions table

PHP File Change Scanner

Monitor your site for changed or added PHP files and assess their potential for malicious behaviour

Settings import / export

Easily duplicate Admin Tools settings between your Joomla! sites.

.htaccess, NginX Configuration and web.config Maker

Disable directory listings

Protect against common file injection attacks

Disable PHP Easter Eggs

Block access to security-sensitive files

Block access to files such as htaccess.txt, configuration.php-dist and php.ini in your site's root

Protect against clickjacking

Reduce MIME type security risks

Reflected XSS prevention

Remove Apache and PHP version signature

Prevent content transformation

Block specific user agents

Block direct access to PHP files

Protection against direct access to PHP files. It can even block access to uploaded hacking scripts, mitigating the attack.

Force index.php parsing before index.html

Optimise expiration time

(good for SEO)

Compress static resources

Automatically compress static resources such as images, CSS, JS

Redirect index.php to site root

Redirect www / non-www

Redirect www to non-www, or non-www to www site, e.g. http://example.com to http://www.example.com

Redirect old domain name to new domain name

Force HTTPS for specific URLs

Force HTTPS even when Joomla! doesn't let you to

Force HSTS header

Increase HTTPS security by telling browsers to never access the unprotected HTTP version of your site.

Disable HTTP methods TRACE and TRACK

Protect your site against XST attacks

Control the Cross-Origin Resource Sharing (CORS) policy of your site

Control if and what ETags will be sent

Optimize client-side caching of your site's content, especially when it's behind a load balancer.

Web Application Firewall

Customised exceptions

Down to the component, view or query string level

Full logging of blocked requests

E-Mail Notification at security exception

Send out an email when a security exception occurrs

IP deny list

Prevent access to your site by specific IP addresses or blocks of IP addresses

Administrator IP exclusive allow list

Only allow access to your site's administrator section by specific blocks of IP addresses

Administrator secret URL parameter.

You can only see the administrator login page if you append ?secretWord to the URL (the secret word is customisable)

Change administrator login URL

(e.g. use http://www.example.com/mylogin instead of http://www.example.com/administrator)

Login E-Mail Notification

Send email on successful or failed administrator login

Customisable email templates and rate throttling for Admin Tools emails

Forbid front-end Super User login

Forbid front-end Super User login to deter brute-force password cracking

Monitor or forbid front-end Super User creation

Notify about the front-end creation of Super Users, or completely forbid it

Monitor or forbid extension and Joomla! configuration

Notify or prevent changing the Joomla! and/or extension configuration parameters.

SQLiShield protection

Catch and prevent most SQL injection attacks

Cross Site Scripting block

(XSSShield)

Malicious User Agent block

(MUAShield)

Remote File Inclusion block

(RFIShield)

Direct File Inclusion shield

(DFIShield)

Uploads scanner

(UploadShield)

Anti-spam filtering

Based on Bad Words list

Hide/customise generator meta tag

Block access to Joomla! extensions installer

Disable editing backend users' properties

X-Content-Encoded-By HTTP header content for GZip compression customisation

X-Powered-By HTTP header override

Block tmpl=foo system template switch

Block template=foo site template switch

Project Honeypot's HTTP:BL integration

Integration with Project Honeypot's HTTP:BL anti-spam / anti-hacker IP blocking directory

Auto-ban IPs

Auto-ban IPs causing excessive security exceptions (fully customisable)