how to protect joomla administrator folder?

StackOverflow https://stackoverflow.com/questions/9311903

  •  30-04-2021
  •  | 
  •  

Question

index.php

$admin_cookie_code="1234567890";
setcookie("JoomlaAdminSession",$admin_cookie_code,0,"/");
header("Location: /administrator/index.php");

.htaccess file

RewriteEngine On
RewriteCond %{REQUEST_URI} ^/administrator
RewriteCond %{HTTP_COOKIE} !JoomlaAdminSession=1234567890
RewriteRule .* - [L,F]

i used this code but it's not working... page will be redirect to administrator but www.domain.com/administrator is also accessable

Was it helpful?

Solution

I got tired of searching an answer for this one and just made a PHP code that will redirect if the visitor gets into the /administration folder without the security key or as a registered user:

Just place this code at the end of the index.php file on your administration folder (/administration/index.php) before the 'echo' instruction:

/* Block access to administrator
 --------------------------------------------- */
$user =& JFactory::getUser();
$secretkey = 'mysecretkey';
$redirectto = 'location: http://www.mysite.com';
$usertype = 'Registered';

//Check if the user is not logged in or if is not a super user:
if ($user->guest || (!$user->guest && $user->usertype != $usertype) ) {
 //Check if the secret key is present on the url:
 if (@$_GET['access'] != $secretkey) { header($redirectto); }
}
/* --------------------------------------------- */

After you will be only able of accessing your site using: www.mysite.com/administrator/?access=mysecretkey

Tested on Joomla 1.5 and Jooma 2.5, worked well for both.

I explain it a little bit more on my page: http://developer.infoymas.com/jooma/protect-your-joomla-administrator-folder/

OTHER TIPS

http://extensions.joomla.org/extensions/access-a-security/site-security/login-protection

you can use this protect your admin login. this is really esay and nice extension.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top