Support

Of course it works on Joomla 4. Once you use the secret URL parameter once a flag is set in your session and you are not asked to provide the secret URL parameter for the duration of the session (the session duration is set up in Joomla's Global Configuration page).

Also note the “Browser cookie override for the administrator secret URL parameter” option, by default set to “Enabled, remind to use the full URL”. Once you use the secret URL parameter on a browser and until you explicitly log out from the site there's a cookie set in your browser which tells Admin Tools that you know the secret word. If you try to access the site's administrator without the secret word the cookie will kick in if that setting is anything other than Disabled. If it's just Enabled you will see the admin login page without any other message. The other settings show you a message about it as well.

You DO NOT have to believe me. Open a Private / Incognito browser window and access your site's admin WITHOUT the secret URL parameter. Kicked back to the site's fronted, aren't you?

Please check your server access logs. You will see that on 2022-06-17 04:40 GMT you got an access to /green/administrator/index.php from the IP address 79.107.115.230. It resulted in an HTTP 307 status.  A second later you will see that you got an access to /green from the same IP with a status of 200 OK. That was me testing whether the administrator secret URL parameter works and yes, it does, it kicked me out.

You will see this repeating 3 minutes later. It was me double checking as I am typing this reply. Again, I got kicked out.

Your server access log CANNOT lie. Neither one of us controls it.