Support

Admin Tools

#14590 Password-protect Administrator & JLSecure My Site

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Wednesday, 09 January 2013 03:13 CST

Tuesday, 08 January 2013 08:12 CST

user71441

Hi,

First of all, my English is very very bad and I apologize for that.

I use Administrator secret URL parameter

Now, I can access admin panel only through /administrator?something

If i try just /administrator - it will redirect to home page.

Also, I have enabled Password-protect Administrator, but the problem is that it works in both cases, for /administrator?something and for /administrator.

Is it possible to configure it so it will work only for /administrator?something??

Thanks in advance!

Best regards,

Filip

Edited by user71441 on 2013-01-08 08:25 CST

Tuesday, 08 January 2013 09:36 CST

nicholas

Hello Filip,

You can't do that. The administrator password protection uses .htaccess files. These are read by Apache before PHP gets the chance to run. The secret URL key parameter (.../administrator?something) is something which is enforced by the Joomla! plugin "System - Admin Tools". The order of execution is password protection first, secret URL parameter second. You can't reverse this execution order which is what you're asking.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 09 January 2013 01:56 CST

user71441

Ok, thank you very much Nicholas!

I understand now. :) Thank you, I learned something new :)

Hm, I'm thinking something - what would happen if, in this case, .htaccess (Apache) is configured to rediretct to home page when someone tries just /administrator?

Best regards,

Filip

Wednesday, 09 January 2013 02:26 CST

nicholas

Hello Filip,

Hm, I'm thinking something - what would happen if, in this case, .htaccess (Apache) is configured to rediretct to home page when someone tries just /administrator?

That would prevent anyone and everyone from accessing the site's administrator. Every time you'd want to login ot your site's back-end you'd have to use your FTP client, edit the .htaccess file, comment out the redirection, log in to your site, work on it, log out, use your FTP client again, edit the .htaccess again, re-enable the redirection. Added security: none at all. Added inconvienience: infinite.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 09 January 2013 03:12 CST

user71441

Thank you Nicholas

Best regards,

Filip

Wednesday, 09 January 2013 03:13 CST

nicholas

You're welcome, Filip!

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!