One of the features we missed most when adopting Joomla! as our CMS was the possibility to change the admin url from the standard http://yoursite.com/administrator to something more secret. Yes, we now that secuirty by obscutiy is not really effective, but we believe that it can’t hurt and will at least keep some of your nosy visitors from trying to guess your passwords.
As this functionality is not inbuilt, we had to look for a plugin that takes care of hiding the backend’s url. After a moment of googling we found the jSecure Authentication plugin (download link). As you can see on the plugin’s site in Joomla! Extensions Directory, it has excellent user ratings and is quite popular among the Joomla! community. That’s a really important aspect, because it means that it is highly compatible with different Joomla! installations and is thoroughly tested. Once you have downloaded the plugin’s zip package, here’s what you need to do to apply it to your Joomla! site:
- Login to your Joomla! backend and go to Extensions->Install/Uninstall. Upload the downloaded package and install it.
- Go to Extensions->Plugin Manager and filter your results by ‘jsecure’ to find your newly installed plugin.
- Before enabling the plugin remember to set it up. You can do this by clicking on the plugin in the Plugin Manager.
- In the plugin configuration you will notice a Parameters box on the right side of the page. There you can set the Key, which will be your secret phrase that needs to be added to your admin url in order to access the backend. For the purpose of this post, let’s assume that we set it to ’secretword’.
- You can also configure what will happen when someone tries to access the standard yoursite.com/administrator url. It is controlled by the ‘Redirect Options’ parameter. You can either redirect the user to your homepage, or display a custom page. You could, for example, prepare a website saying something like: “My site is not that easily hackable” and teach the wrongdoer a lesson
After all the configuration is done and the plugin is enabled you will no longer be able to access your backend by going to yoursite.com/administrator. You will need to use yoursite.com/administrator/?secretword, substituting the secretword with whatever you have set in the plugin’s configuration.
UPDATE: The jSecure extension went commercial and you now have to pay for it. In a followup post we present a free alternative with even more functions…
