Admin Tools 2.1.11

12 September 2011 Last updated on 16 January 2012

Admin Tools 2.1.11 just released

We are pleased to announce the immediate availability of Admin Tools 2.1.11, a regular maintenance release. This release addresses known issues with the previous version 2.1.10.

IMPORTANT CHANGE: Previous versions of the .htaccess Maker would always allow direct access to PHP files inside the template directory. However, this could potentially be used as an intrusion point, if an attacker managed to upload a malicious PHP script to any directory under your site's templates directory. This version of Admin Tools Professional fixes this issue by disalloing direct web access to those PHP files, just like it does for all other PHP files in your site. In order to enable that feature you will have to go to Admin Tools, .htaccess Maker and click on Save and Create .htaccess. Do note that if your template requires direct access to some PHP files (most often used for serving GZipped versions of CSS and JavaScript files) you MUST add manual exceptions in the .htaccess Maker. For more information on determining and adding exceptions, please take a look at the relevant Troubleshooting Wizard page.

As always, you can download the free version, Admin Tools Core, from our Downloads page without any charge. If you are a Professional subscriber you can download the Admin Tools Professional release from the same page; just make sure you are logged in before visiting the download page. Alternatively, you can use the integrated Live Update feature of our software to update it automatically on supported server environments.

Since July 7th, 2011, support is provided only to subscribers. We have created a cheap (7.79€) subscription, FORUMACCESS, which gives you access to our Support Forum for eight days, with the same priority as all subscribers to any subscription level. If you are an AKEEBADELUXE or SUPPORT subscriber, you can get top priority, confidential support through our Private Ticket support system.

Do you want the maximum protection for your Joomla! site without spending a fortune? Admin Tools Professional can do that, with a flat cost of 20 Euros – or just 10, if you bought an AKEEBAPRO subscription the last three moths. An ATPRO subscription allows you to use the component on as many sites as you want, for as long as you want (even after your subscription expires) and receive updates and support for a whole year. For the price of a cheap dinner you can get the maximum protection for all your Joomla! 1.5 and 1.7 sites. Go Professional today!

Changelog

New features

  • #148 Failed logins can optionally count as security exceptions, allowing you to use the automatic IP blocking after a number of failed login attempts
  • Adding an Apply (Joomla! 1.5) / Save (Joomla! 1.7) button in the WAF Configuration page
  • Added back the WAF Exceptions feature on popular request
  • IP lookup link in security exception email
  • More options for the inactive user removal feature

Changes

  • Making all back-end links absolute instead of relative

Bug fixes

  • DFIShield would block JCE's image and file managers
  • Access from blacklisted IPs would send out an email and trigger a log message. That's pointless.
  • The CHANGELOG div caused a horizontal scrollbar to display
  • The Yes/No labels in Configure WAF are always shown in English in Joomla! 1.6 and later
  • Notices thrown by pro.php
  • Only Super Administrators could access Admin Tools on Joomla! 1.6 and later
  • Javascript error thrown by the admin module if the Control Panel admin module is disabled
  • Joomla! 1.7 or later changed the way the integrated extension update system works, rendering our update feeds invalid (Note: Live Update was still functional, as it's a standalone update system)

Important change!!!

  • .htaccess Maker would always allow PHP files inside the templates directory to be web-accessible. If your template requires direct access to .php files inside it (most often used to serve GZipped versions of CSS files) you MUST add exceptions manually in the .htaccess Maker as explained in the documentation and Troubleshooter Wizard.