Support

 Hi

Today, I locked myself out of my site, as I've done many times before. I got back in by renaming the main.php file in the plugins/system folder, as usual.

However, I ran into a new worrying problem once this file was renamed and before admin tools was brought back live: none of my colleagues could get into the back end of the site: they got 404 errors when trying to bring up the administrator page.

The problem seems to be related to disabling the main.php file and also having password protection on the administrator directory. I fixed it by unblocking my IP and bringing admin tools back up. In the meantime, I was the only one able to log in to the back end - and I think this perhaps had something to do with the fact I had been logged in (and past the administrator password step) prior to getting blocked. But... I felt lucky that I was not locked out of the site too, so I was able to fix this.

I guess my questions are:
1. Has something changed so that re-accessing the site requires more than just accessing the main.php file?
2. How do I disable the password protect on the administrator page - and do you think this could be the cause of the admin 404?

Hope this makes sense, and thanks in advance.

The /administrator folder password protection is done with .htaccess and .htpasswd files in the /administrator folder. You can disable this protection by deleting or renaming these files. This would work independently of main.php because it works at the Apache server level.

Nothing has changed about the way you disable main.php to bypass most Admin Tools protections for Joomla!.

I really can't explain this. My guess is that the 404 was a red herring. There was another error being thrown, your website was looking for a fancy error page and could not find it and then threw the 404 on the missing error page. That is pretty common. You would need to check the server error logs to find out if there was another error and what it was.

Is everything back to normal after you cleared your user ID and restored main.php?

Thanks for your reply. Yes, everything went back to normal once I cleared our IP and restored main.php. The 404 went away, and immediately the admin tools pop-up box appeared.

I was the only staff member able to log in to the back end *after* renaming main.php but *prior* to the IP being cleared- and I think it was because I'd already logged in earlier, so I was past the admin tools pop-up box.

I guess I will just hope this doesn't happen again, and try removing /administrator folder password protection if it does.

That is really strange.

If you need to disable the password, the .htaccess file is the active file. You can just rename that one. The .htpasswd file is an encrypted data file holding the password itself.

This ticket has been automatically closed. All tickets which have been inactive for a long time are automatically closed. If you believe that this ticket was closed in error, please contact us.