When we have a look at our website log files, we find plenty of hits to the Joomla Administration screen. There are hundreds of bots out there crawling sites to find easy login details or other potential security issues with your Joomla website. Now - why should somebody besides yourself and other Joomla administrators be able to access the Joomla Administration screen?
Infact, nobody should be able to access your Joomla backend, except those people who are actually doing administration work.
Hide the Joomla Administration Backend
Although security by obscurity is not one of the best security decisions to make, in this instance we totally recommending hiding or obscuring the actual path to your Joomla backend. We do this by installing the plugin AdminExile.
WhatExileAdmin does is - it creates your own custom URL for you to actually define what URL you want to use to be able to access the Joomla administration backend. By doing this, you are protecting your Joomla backend from those hundreds of bots, or malicious users who are trying to access the Administration URL.
There are also other ways you can protect your Joomla Administration site using AdminExile.
Email yourself a link to the protected Joomla administration screen
You can choose to share the Joomla secret adminstration URL with selected persons in specific groups only, or get the link to the screen via a special link.
Maybe your access key(s) are so fantastically difficult, that you can't even remember it yourself. Or maybe you are managing a team of webmasters and you frequently change the secret access key. You securely can gain access, without knowing the key - by using the Mail Link function of AdminExile.
When enabled, the Mail Link functions can send to anyone who is a member of the authorized groups, the secret key. They can request the /administrator URL + keys be emailed to them by trying to access the below URL (replacing username with an authorized username):
Restrict Joomla backend to specific IP
Of course, if you always access the Joomla backend from a few specific fixed IPs, you can simply restrict Joomla backend access to these IPs only, and anybody else won't be able to access the backend. AdminExile supports both blacklists and whitelists.
Protect Joomla Backend from Brute Force attacks
One of the very first things we mentioned in this article is bots trying to guess your username and password through brute force attacks. AdminExile can protect your Joomla website from such attacks.
Yes, we do believe that AdminExile is one of those gold nuggets for Joomla security and there is nothing better than it to protect your Joomla administration backend.