Support

The answer is yes and no. No, you can't entirely hide the administrator URL but yes, you can "cloak" it to protect it against attacks. There are two things you can do:

1. Use the secret URL parameter feature. You will need to type something like http://www.example.com/administrator/index.php?your_secret_word to see the administrator login page. You will still receive security exceptions from people trying to access that page without the secret word, but your back-end is actually protected and these access attempts fended off.

2. Use the administrator password protection. This makes Apache ask for a username and password before you can enter your Joomla! username and password. This is one more layer of protection but if you have badly written components you might have problems in your site's front-end as well.

Towards the top of the Configure WAF page.

Please refer to https://www.akeebabackup.com/documentation/troubleshooter/atwafissues.html

Go inside the plugins/system/admintools directory on your site. You will see a file named main.php. Rename it to main-disable.php. This will turn disable the Web Application Firewall from executing and you can access your site's back-end again.

VERY IMPORTANT STEPS: Go to Components, Admin Tools, Web Application Firewall and click the Exceptions Log button. Delete all records with your own IP address. Then, go back to Web Application Firewall and click on the Auto IP Blocking Administration button. Select the record showing your IP address and click on the Delete button to delete the block.

TIP: Don't know what your IP address is? Just visit whatismyipaddress.com to find out!

Go to Components, Admin Tools, Web Application Firewall, Configure WAF. Make sure that you have entered your secret word correctly.

Now remember to rename main-disable.php back to main.php, otherwise your site will remain unprotected.