Support

When I tried to access https://digitallofi.com/administrator from my computer (IPv4 94.69.46.174, IPv6 2a02:587:5f79:3a00:2dd8:a4ef:e235:473d) I got redirected to your site's frontend, i.e. the Administrator Secret URL Parameter feature works. If you check Admin Tools, Web Application Firewall, Blocked Requests Log you will see my IP address triggering a blocked request around 15:20 GMT on Sunday, March 3rd, 2024.

Please read the documentation to understand how this feature works. Kindly note there are two important points many people forget about.

The secret URL parameter feature is a session flag, not something you have to enter every time you access the site's backend. You only need to provide it once per session. Moreover, a cookie is set in your browser so even if you forget to provide the secret URL parameter you will still be allowed (this sentence does not apply to the browser's private mode as the cookie is discarded when the last private tab is closed).

Further to that, if your IP address is explicitly allowed (e.g. IP whitelist, never block these IPs) the Administrator Secret URL Parameter will have absolutely no effect whatsoever for you. Essentially, you are telling Admin Tools that specific IP addresses are to be "blindly trusted", therefore there is no reason to challenge them with additional security measures such as the administrator secret URL parameter.

To test this feature properly disconnect your phone / tablet from your WiFi network, and connect to the Internet via a cellular connection (3G, 4G, or 5G). Open a browser private tab on your phone and visit https://digitallofi.com/administrator. You will see that you are thrown back to https://digitallofi.com as you should.