Hiding the login URL of the Joomla 4.0 site, like AdminExile Topic is solved

This forum is for general questions about extensions for Joomla! 4.x.

Moderators: pe7er, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Windows Defender SmartScreen Issues <-- please read this if using Windows 10.
IvanVk
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 156
Joined: Fri Feb 24, 2006 9:52 pm

Hiding the login URL of the Joomla 4.0 site, like AdminExile

Post by IvanVk » Fri Aug 20, 2021 10:49 am

How to hide the login URL of the Joomla 4.0 site, like AdminExile

So far I have used 'AdminExile' free version on Joomla 3x.

This plugin has saved me many times from malicious hackers.
Now I have the latest version of Joomla 4.0.
Is this plugin compatible with Joomla 4x?

If not, is there a similar extension/plugin that can hides the login URL?

Thanks in advance

User avatar
pe7er
Joomla! Master
Joomla! Master
Posts: 24929
Joined: Thu Aug 18, 2005 8:55 pm
Location: Nijmegen, Netherlands
Contact:

Re: Hiding the login URL of the Joomla 4.0 site, like AdminExile

Post by pe7er » Fri Aug 20, 2021 11:27 am

https://extensions.joomla.org/extension/adminexile/ doesn't list the extension as being compatible with Joomla 4.
Maybe you could test in on a test website (using Xampp on a local PC)?
Or contact the developer.
Kind Regards,
Peter Martin, Global Moderator
Company website: https://db8.nl/en/ - Joomla specialist, Nijmegen, Netherlands
The best website: https://the-best-website.com

User avatar
JAVesey
Joomla! Hero
Joomla! Hero
Posts: 2622
Joined: Tue May 14, 2013 1:21 pm
Location: Cardiff, Wales, UK
Contact:

Re: Hiding the login URL of the Joomla 4.0 site, like AdminExile

Post by JAVesey » Fri Aug 20, 2021 3:08 pm

pe7er wrote:
Fri Aug 20, 2021 11:27 am
https://extensions.joomla.org/extension/adminexile/ doesn't list the extension as being compatible with Joomla 4.
Maybe you could test in on a test website (using Xampp on a local PC)?
Or contact the developer.
I think Michael Richey (the dev) had tested it with a beta-version of J4 and it was okay; he was waiting a while before testing on later releases in case of API changes (or similar).

I seem to recall checking it myself; I'll report back if I did :)
John V
Cardiff, Wales, UK
Joomla 5.0.3 "live" site on PHP 8.2.15 and MariaDB 10.11.7
Joomla 5.0.3 on XAMMP for OSX with PHP 8.2.4 and MariaDB 10.4.28

IvanVk
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 156
Joined: Fri Feb 24, 2006 9:52 pm

Re: Hiding the login URL of the Joomla 4.0 site, like AdminExile

Post by IvanVk » Fri Aug 20, 2021 4:20 pm

Guys thank you for the answers.
At this point I have uninstalled the old version which was disabled.
I have to think about what I'm going to do.

Maybe in the meantime the author of 'AdminExile' publishes a version for Joomla 4x. It really is a great plugin.
Regards

User avatar
JAVesey
Joomla! Hero
Joomla! Hero
Posts: 2622
Joined: Tue May 14, 2013 1:21 pm
Location: Cardiff, Wales, UK
Contact:

Re: Hiding the login URL of the Joomla 4.0 site, like AdminExile

Post by JAVesey » Sat Aug 21, 2021 2:05 pm

IvanVk wrote:
Fri Aug 20, 2021 4:20 pm
At this point I have uninstalled the old version which was disabled.
I have to think about what I'm going to do.
Regards
Have you tried installing the current version of AdminExile on J4?

Worth take a look/read through some of the content on the dev's website ("RicheyWeb") :)
John V
Cardiff, Wales, UK
Joomla 5.0.3 "live" site on PHP 8.2.15 and MariaDB 10.11.7
Joomla 5.0.3 on XAMMP for OSX with PHP 8.2.4 and MariaDB 10.4.28

IvanVk
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 156
Joined: Fri Feb 24, 2006 9:52 pm

Re: Hiding the login URL of the Joomla 4.0 site, like AdminExile

Post by IvanVk » Sat Aug 21, 2021 2:46 pm

No I did not.
I dare not install the current version 3.16.3 and test it.
In case something goes wrong, I will have a bigger problem than now.
Regards

User avatar
AMurray
Joomla! Exemplar
Joomla! Exemplar
Posts: 9639
Joined: Sat Feb 13, 2010 7:35 am
Location: Australia

Re: Hiding the login URL of the Joomla 4.0 site, like AdminExile

Post by AMurray » Sun Aug 22, 2021 12:23 am

Akeeba Admin tools has that exact function.
Regards - A Murray
General Support Moderator

IvanVk
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 156
Joined: Fri Feb 24, 2006 9:52 pm

Re: Hiding the login URL of the Joomla 4.0 site, like AdminExile

Post by IvanVk » Sun Aug 22, 2021 7:02 am

@AMurray thank you for the advice.
I looked at the documentation for ‘Akeeba Admin tools’.
There are a lot of useful parts there.
It’s a fantastic product package but too complicated for me (from installation to setup).
Especially if I need to contact my hosting company and ask for a service, I want to avoid contacting them if possible.

BTW: 'Administrator secret URL parameter' and 'Change administrator login URL' are not supported in Core version. I just need that part of the package.

I am satisfied with 'AdminExile' and I'll wait for the author to publish a new version of Joomla 4x.

IvanVk
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 156
Joined: Fri Feb 24, 2006 9:52 pm

Re: Hiding the login URL of the Joomla 4.0 site, like AdminExile

Post by IvanVk » Sun Aug 22, 2021 12:22 pm

I found a temporary solution.
In the '.htaccess' file after "RewriteEngine On" I added code below

Code: Select all

##Blocking access to the web administrator eg http://www.site.com/administrator
RewriteRule (^|/)administrator(/|$) - [F]
In my testing , this code prevents access to the administrator panel on the website.
Since I access once every two weeks, this meets my needs.
This is a temporary solution until the author of "AdminExile" publishes a newer version for Joomla 4x.

It is not difficult for me to make changes to the ".htaccess" file once or twice in two weeks, when I want to access the 'Joomla Admin CP' on the website. It takes 1 minute.

So when I want to access 'Joomla Admin CP' on a website, I simply add a comment (in '.htaccess' file) in front, so it looks like this (#RewriteRule (^|/)administrator(/|$) - [F])

I hope this helps other forum members as well.

sozzled
I've been banned!
Posts: 13639
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia

Re: Hiding the login URL of the Joomla 4.0 site, like AdminExile

Post by sozzled » Sun Aug 22, 2021 8:41 pm

There have been a few of these hide-Joomla-admin-URL tools developed over the years; I've used a couple of them; I still use a couple of them with a couple of J! 3 websites. Yes, there is a feature in Akeeba Admin Tools as @Amurrray says. Alternatively you can redirect the URL somewhere else with a rule written in .htaccess; however, because I visit the backend of my websites several times a week (and, several times a day, in some cases), the number of times I would be enabling/disabling .htaccess would probably mean that the backend login form would be exposed for large amounts of time.

If you just want a simple plugin to [in effect] "hide" the Joomla backend login screen then it shouldn't be too difficult to write one. As an academic exercise, I'll play around with writing such a plugin but it's not my top priority at this time. 8)

User avatar
brian
Joomla! Master
Joomla! Master
Posts: 12781
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Re: Hiding the login URL of the Joomla 4.0 site, like AdminExile

Post by brian » Sun Aug 22, 2021 9:53 pm

The best and most performant option is always to use an htaccess file to set a username and password for the admin directory. This will always be more performant than any of the php based solutions recommended above as it blocks the access at a much earlier stage. It is also more convenient imho to have consistent urls across every site to access the admin instead of having to remember a secret key. (Something you cant put in a password manager.) A bonus is that if you have a static ip address then you will pass/fail the authentication automatically. Or if you are using username/password in the htaccess then you will not be asked for it repeatedly during the day.

Hiding the existence of the admin directory in an attempt to hide the fact your site is joomla is no security at all.

Using a php based protection can lead your site to be dos'ed because of the resources used on the server.

Using htaccess based protection just works.

And if you are concerned about howto set this up then it really couldnt be easier and there are a lot of online tools that will do it all for you.

This is a very good one and well documented https://www.mobilefish.com/services/htp ... erator.php
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

sozzled
I've been banned!
Posts: 13639
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia

Re: Hiding the login URL of the Joomla 4.0 site, like AdminExile

Post by sozzled » Mon Aug 23, 2021 6:47 am

I agree with @brian that it's probably "best practice" to protect the backend of your J! website with .htpasswd and/or .htaccess. Having said that, everyone's different and some people just like to do things in another way. As for me, I don't have black-and-white view on what people want to do or what people should do. As I say, everyone's different. Third-party extension developers have capitalised on people's differences and that's why Michael Richey and Nick Dionysolopoulos (among others) have enjoyed some success.

So, while I unconditionally agree with @brian, everyone likes to add their own "condiments" to their software "soup". ;)

I'm going to have a play with writing a plugin ... just for the enjoyment of doing it. 8)

IvanVk
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 156
Joined: Fri Feb 24, 2006 9:52 pm

Re: Hiding the login URL of the Joomla 4.0 site, like AdminExile

Post by IvanVk » Mon Aug 23, 2021 7:16 am

Hi guys, thank you for the detailed answers.

First of all, just to clarify something.
Only I access my website.
No one else will log in to the website and also to the administrator CP.

I am currently using the code listed above in the '.htacces' file, and it meets my needs.

However, as the set mentioned, frequent access to the admin CP on the website would also require frequent changes to the '.htaccess' file. But I don't do it often.

@sozzled:
I visit the backend of my websites several times a week (and, several times a day, in some cases), the number of times I would be enabling/disabling .htaccess would probably mean that the backend login form would be exposed for large amounts of time.
I agree with you, my login average is small and sometimes it takes a month for me not to log in to the web.

I installed 'AdminExile' after the first hacking of my website.
Another hacking attempt occurred.

But the hacker could not log in to the website because he did not know the secret additional code (.../administrator=sdj5/8wsjd$qwkdfdjkLUe+rtKasdkjf"#?%0deX)
That's what I realized when I logged on my web site and noticed another administrator.
I wrote about it here on the forum. So 'AdminExile' saved me

@sozzled:
If you just want a simple plugin to [in effect] "hide" the Joomla backend login screen
This is exactly what I want and I am currently doing it through the '.htaccess' file.

@brian:
The best and most performant option is always to use an htaccess file to set a username and password for the admin directory.
You cheered me up with this sentence. Also, thank you for the link. I will study the method specified there.
My respect for both of you

User avatar
AMurray
Joomla! Exemplar
Joomla! Exemplar
Posts: 9639
Joined: Sat Feb 13, 2010 7:35 am
Location: Australia

Re: Hiding the login URL of the Joomla 4.0 site, like AdminExile

Post by AMurray » Mon Aug 23, 2021 9:51 pm

I hope that's not your REAL "secret" code you just posted in a PUBLIC forum!

As to .htaccess protection Admin Tools does that as well- Core version should do both the 'secret key' and htaccess /administrator folder protection. That's the top 2 features I use it for.
Regards - A Murray
General Support Moderator

IvanVk
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 156
Joined: Fri Feb 24, 2006 9:52 pm

Re: Hiding the login URL of the Joomla 4.0 site, like AdminExile

Post by IvanVk » Tue Aug 24, 2021 6:17 am

AMurray wrote:
Mon Aug 23, 2021 9:51 pm
I hope that's not your REAL "secret" code you just posted in a PUBLIC forum!
Of course not, I wrote that just for example.
So far I have fixed the problem and I am currently using the '.htaccess' file.
Regards

ghepardus
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Tue Apr 08, 2014 9:06 am

Re: Hiding the login URL of the Joomla 4.0 site, like AdminExile

Post by ghepardus » Mon Oct 04, 2021 6:30 am

To make it work version plg_sys_adminexile-3.16.3 with joomla 4.0.3 I modified the following:

adminexile.php
line 29 : $this->_app->isAdmin() --> $this->_app->isClient('administrator')
line 30 : $this->_app->isSite() --> $this->_app->isClient('site')
line 40 : $this->_app->isSite() --> $this->_app->isClient('site')
line 46 : $this->_app->isSite() --> $this->_app->isClient('site')
line 48 : $this->_app->isAdmin() --> $this->_app->isClient('administrator')

adminexile.xml
line 75 : type="usergroup" --> type="usergrouplist"
line 89 : type="usergroup" --> type="usergrouplist"

User avatar
pe7er
Joomla! Master
Joomla! Master
Posts: 24929
Joined: Thu Aug 18, 2005 8:55 pm
Location: Nijmegen, Netherlands
Contact:

Re: Hiding the login URL of the Joomla 4.0 site, like AdminExile

Post by pe7er » Mon Oct 04, 2021 7:11 am

Thanks for sharing your solution, ghepardus!

Could you please share it with the AdminExile developer too?
Kind Regards,
Peter Martin, Global Moderator
Company website: https://db8.nl/en/ - Joomla specialist, Nijmegen, Netherlands
The best website: https://the-best-website.com

IvanVk
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 156
Joined: Fri Feb 24, 2006 9:52 pm

Re: Hiding the login URL of the Joomla 4.0 site, like AdminExile

Post by IvanVk » Mon Oct 04, 2021 1:27 pm

@ghepardus
Thank you for your help,
However, at this moment I decided to use the '.htaccess' file.

User avatar
Per Yngve Berg
Joomla! Master
Joomla! Master
Posts: 30819
Joined: Mon Oct 27, 2008 9:27 pm
Location: Romerike, Norway

Re: Hiding the login URL of the Joomla 4.0 site, like AdminExile

Post by Per Yngve Berg » Mon Oct 04, 2021 2:55 pm

Have you considered enabling 2FA?

IvanVk
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 156
Joined: Fri Feb 24, 2006 9:52 pm

Re: Hiding the login URL of the Joomla 4.0 site, like AdminExile

Post by IvanVk » Mon Oct 04, 2021 4:41 pm

I'm satisfied with the '.htaccess' by a solution, for now.

koppie
Joomla! Fledgling
Joomla! Fledgling
Posts: 3
Joined: Thu Oct 23, 2008 10:58 am

Re: Hiding the login URL of the Joomla 4.0 site, like AdminExile

Post by koppie » Wed Nov 24, 2021 1:32 pm


IvanVk
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 156
Joined: Fri Feb 24, 2006 9:52 pm

Re: Hiding the login URL of the Joomla 4.0 site, like AdminExile

Post by IvanVk » Sat Dec 04, 2021 9:44 am

koppie wrote:
Wed Nov 24, 2021 1:32 pm
Try this in Joomla 4
Thank you

User avatar
razor7
Joomla! Explorer
Joomla! Explorer
Posts: 374
Joined: Wed Aug 24, 2005 2:06 pm
Location: Argentina
Contact:

Re: Hiding the login URL of the Joomla 4.0 site, like AdminExile

Post by razor7 » Wed Jun 15, 2022 5:56 pm

ghepardus wrote:
Mon Oct 04, 2021 6:30 am
To make it work version plg_sys_adminexile-3.16.3 with joomla 4.0.3 I modified the following:

adminexile.php
line 29 : $this->_app->isAdmin() --> $this->_app->isClient('administrator')
line 30 : $this->_app->isSite() --> $this->_app->isClient('site')
line 40 : $this->_app->isSite() --> $this->_app->isClient('site')
line 46 : $this->_app->isSite() --> $this->_app->isClient('site')
line 48 : $this->_app->isAdmin() --> $this->_app->isClient('administrator')

adminexile.xml
line 75 : type="usergroup" --> type="usergrouplist"
line 89 : type="usergroup" --> type="usergrouplist"
Saved me precious minutes. Thanks!
Visit http://www.mgscreativa.com

Take a look at our downloads section for VirtueMart payment plugins and mouch more! http://www.mgscreativa.com/contenidos/i ... Itemid=214

User avatar
Nidzo2203
Joomla! Explorer
Joomla! Explorer
Posts: 320
Joined: Sat Nov 21, 2009 4:52 pm
Contact:

Re: Hiding the login URL of the Joomla 4.0 site, like AdminExile

Post by Nidzo2203 » Fri Jun 17, 2022 10:26 am

ghepardus wrote:
Mon Oct 04, 2021 6:30 am
To make it work version plg_sys_adminexile-3.16.3 with joomla 4.0.3 I modified the following:

adminexile.php
line 29 : $this->_app->isAdmin() --> $this->_app->isClient('administrator')
line 30 : $this->_app->isSite() --> $this->_app->isClient('site')
line 40 : $this->_app->isSite() --> $this->_app->isClient('site')
line 46 : $this->_app->isSite() --> $this->_app->isClient('site')
line 48 : $this->_app->isAdmin() --> $this->_app->isClient('administrator')

adminexile.xml
line 75 : type="usergroup" --> type="usergrouplist"
line 89 : type="usergroup" --> type="usergrouplist"
Long time AdminExile user on J3.
I change code exactly, admin interface doesn't show errors but I can still access backend with /administrator url!?
Joomla 4.1.4

EDIT: It works only if Counterfeit 404 is selected. Doesn't work with Homepage and Custom destination option.

User avatar
razor7
Joomla! Explorer
Joomla! Explorer
Posts: 374
Joined: Wed Aug 24, 2005 2:06 pm
Location: Argentina
Contact:

Re: Hiding the login URL of the Joomla 4.0 site, like AdminExile

Post by razor7 » Fri Jul 01, 2022 10:07 pm

Just rewrote it for J4, hope it helps, no support given, but I'm using in my own J4 sites...
plg_sys_adminexile-4.0.0.zip
You do not have the required permissions to view the files attached to this post.
Visit http://www.mgscreativa.com

Take a look at our downloads section for VirtueMart payment plugins and mouch more! http://www.mgscreativa.com/contenidos/i ... Itemid=214

vsudo
Joomla! Apprentice
Joomla! Apprentice
Posts: 11
Joined: Wed May 12, 2021 10:44 am

Re: Hiding the login URL of the Joomla 4.0 site, like AdminExile

Post by vsudo » Sun Jul 03, 2022 4:38 pm

IvanVk wrote:
Fri Aug 20, 2021 10:49 am
How to hide the login URL of the Joomla 4.0 site, like AdminExile

So far I have used 'AdminExile' free version on Joomla 3x.

This plugin has saved me many times from malicious hackers.
Now I have the latest version of Joomla 4.0.
Is this plugin compatible with Joomla 4x?

If not, is there a similar extension/plugin that can hides the login URL?

Thanks in advance
I think you should hide admin URL by proxy server like nginx or apache. Only allow access admin URL from allowed IPs!

jtalbot
Joomla! Apprentice
Joomla! Apprentice
Posts: 25
Joined: Mon Jan 26, 2009 3:44 am

Re: Hiding the login URL of the Joomla 4.0 site, like AdminExile

Post by jtalbot » Fri Nov 25, 2022 10:25 pm

brian wrote:
Sun Aug 22, 2021 9:53 pm
The best and most performant option is always to use an htaccess file to set a username and password for the admin directory. This will always be more performant than any of the php based solutions recommended above as it blocks the access at a much earlier stage. It is also more convenient imho to have consistent urls across every site to access the admin instead of having to remember a secret key. (Something you cant put in a password manager.) A bonus is that if you have a static ip address then you will pass/fail the authentication automatically. Or if you are using username/password in the htaccess then you will not be asked for it repeatedly during the day.
I'm interested in this approach. Has anyone got this to work with Joomla 4 + hostgator? I used cpanel's "Directory Privacy" tool to generate the .htaccess, which works for the main site directory, but when I try to do it for the administrator portion only I get a 404 when trying to open /administrator. I asked hostgator tech support and they said it's a script issue (i.e., joomla).

Thanks.

User avatar
AMurray
Joomla! Exemplar
Joomla! Exemplar
Posts: 9639
Joined: Sat Feb 13, 2010 7:35 am
Location: Australia

Re: Hiding the login URL of the Joomla 4.0 site, like AdminExile

Post by AMurray » Sat Nov 26, 2022 10:48 pm

I don't see how trying to apply htpasswd/htaccess to a sub folder through your Hosting's cpanel is a fault of Joomla. That works independently of anything in Joomla. Nothing should be interfering with it.

You could always create the files manually and place them in the /administrator folder.
Regards - A Murray
General Support Moderator

User avatar
toivo
Joomla! Master
Joomla! Master
Posts: 17361
Joined: Thu Feb 15, 2007 5:48 am
Location: Sydney, Australia

Re: Hiding the login URL of the Joomla 4.0 site, like AdminExile

Post by toivo » Sun Nov 27, 2022 1:50 am

I agree with @AMurray, any issues like a 404 error are due to the configuration of the server. The Directory Privacy option works all right with websites hosted for example by Rochen.

Akeeba's Admin Tools has also an option to set up .htaccess files with an extra username and password, as mentioned earlier.
Toivo Talikka, Global Moderator

User avatar
razor7
Joomla! Explorer
Joomla! Explorer
Posts: 374
Joined: Wed Aug 24, 2005 2:06 pm
Location: Argentina
Contact:

Re: Hiding the login URL of the Joomla 4.0 site, like AdminExile

Post by razor7 » Tue Nov 29, 2022 10:52 am

I'ts pretty easy to create the .htaccess file manually, first you need to create the protected folder by cPanel, then, it's pretty common that the password file gets created in the .htpasswds folder of your FTP root. Inside you'll find a file named passwd with the username you wrote and a hashed password, then, to debug your .htaccess file you can compare it with mine, this is a standard .htaccess file I use for all administrator folders of my J! sites, it's pretty straight forward.

Code: Select all

ErrorDocument 401 "Authorization Required"
AuthName "Usuarios autorizados"
AuthUserFile "/home/YOURCPANELUSERNAME/.htpasswds/passwd"
AuthType Basic
require valid-user
Visit http://www.mgscreativa.com

Take a look at our downloads section for VirtueMart payment plugins and mouch more! http://www.mgscreativa.com/contenidos/i ... Itemid=214


Post Reply

Return to “Extensions for Joomla! 4.x”