Please make sure that you have downloaded and installed Admin Tools Professional. The Web Application Firewall and .htaccess Maker is only included in the Professional package. It does not exist at all in the Core package.
If you already did that, please install the Admin Tools Professional package twice in a row, without uninstalling it before or in between. This ensures that Joomla will copy over all of the necessary files (in a rare few upgrade / update cases it "forgets" to copy all files, a ridiculously elusive Joomla bug that a dozen of us third party and core developers have experienced and have been trying to hunt down since 2007).
> Another question: I would like an 'added' or different extension for /administrator (and so that /administrator redirects to the front end). How can I do that?
Even though this feature does exist, it's marked as "at your own risk / no support" and that's for a very good. Joomla is hardcoded with the administrator application's path being "administrator". Trying to change that DOES cause problems without adding much security.
It is far more effective for your site's security using the Administrator Password Protection feature to add a secondary username and password protection to your administrator application, and forcing the use of Joomla's Multi-factor Authentication feature for all users with back-end access (Manager, Administrator, and Super User groups).
Please note that the latter feature was available as a standalone extensions, Akeeba LoginGuard, before Joomla 4.2.0; since 2016, as a matter of fact. I contributed that to Joomla in May 2022 since the old Two Factor Authentication feature had far outlived its utility and the Joomla project needed to provide its users with a modern solution to prevent account takeovers with stolen credentials (basically, what you are trying to avoid by "renaming" the administrator login page). In short, it's a real world tested solution which has proven it will stop account takeovers, time and again. I wholeheartedly recommend using the WebAuthn method for Multi-factor Authentication. If you have a device equipped with Windows Hello (fingerprint, or facial recognition), Android Screen Lock (fingerprint, or facial recognition), or Apple TouchID / FaceID the secondary authentication is as easy as clicking and button on the screen and presenting your face or your fingerprint.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
