When we have a look at our website log files, we  find plenty of hits to the Joomla Administration screen. There are hundreds of bots out there crawling sites to find easy login details or other potential security issues with your Joomla website. Now - why should somebody besides yourself and other Joomla administrators be able to access the Joomla Administration screen?

Infact, nobody should be able to access your Joomla backend, except those people who are actually doing administration work.

Hide the Joomla Administration Backend

Although security by obscurity is not one of the best security decisions to make, in this instance we totally recommending hiding or obscuring the actual path to your Joomla backend. We do this by installing the plugin AdminExile.

WhatExileAdmin does is - it creates your own custom URL for you to actually define what URL you want to use to be able to access the Joomla administration backend. By doing this, you are protecting your Joomla backend from those hundreds of bots, or malicious users who are trying to access the Administration URL.

AdminExile Access Key


There are also other ways you can protect your Joomla Administration site using AdminExile.

Email yourself a link to the protected Joomla administration screen

You can choose to share the Joomla secret adminstration URL with selected persons in specific groups only, or get the link to the screen via a special link.

Maybe your access key(s) are so fantastically difficult, that you can't even remember it yourself.  Or maybe you are managing a team of webmasters and you frequently change the secret access key.  You securely can gain access, without knowing the key - by using the Mail Link function of AdminExile.

When enabled, the Mail Link functions can send to anyone who is a member of the authorized groups, the secret key. They can request the /administrator URL + keys be emailed to them by trying to access the below URL (replacing username with an authorized username):


Email a link to joomla administration screen

Restrict Joomla backend to specific IP

Of course, if you always access the Joomla backend from a few specific fixed IPs, you can simply restrict Joomla backend access to these IPs only, and anybody else won't be able to access the backend. AdminExile supports both blacklists and whitelists.

Restrict Joomla Administration access to specific IP


Protect Joomla Backend from Brute Force attacks

One of the very first things we mentioned in this article is bots trying to guess your username and password through brute force attacks. AdminExile can protect your Joomla website from such attacks.

Protect Joomla administration screen from brute force attacks

Yes, we do believe that AdminExile is one of those gold nuggets for Joomla security and there is nothing better than it to protect your Joomla administration backend.


About the Author
David Attard
Author: David AttardWebsite: https://www.linkedin.com/in/dattard/
David has been working in or around the online / digital industry for the last 18 years. He has vast experience in the software and web design industries and niches surrounding them. As a digital consultant, his focus is on helping businesses get a competitive advantage using a combination of their website and digital platforms available today.

One more thing... Did you know that people who share useful stuff like this post look AWESOME too? ;-)
Please leave a useful comment with your thoughts, then share this on your Facebook group(s) who would find this useful and let's reap the benefits together. Thank you for sharing and being nice!

Featured On

Inc Magazine Logo  

Sitepoint logo  

CSS Tricks logo   

webdesignerdepot logo   WPMU DEV logo   

and many more!



Get Started Now With ShutterstockShutterstock

Best Rated Caching Plugin

Make your website faster 

How to make your website FAST!

Step-by-step - free email course, how to make your website load in less than 1 second 


Work with CollectiveRay.com

CollectiveRay (formerly known as DART Creations) is interested in developing partnerships with mutual benefit. If you like the stuff we publish and would like to develop a relationship, we'd be happy to hear from you. Go on - drop us a line - we'd love to hear from you :-)


Disclosure: CollectiveRay is funded personally out of a pure passion for helping people working with websites. We do however generate some income through recommendations of products. This means if you click on a link and purchase an item we link to, we will receive a small sum out of that sale. We usually partner with vendors to make your purchase cheaper than buying direct.


InMotion Hosting CollectiveRay Deal

who are we?

CollectiveRay is run by David Attard - working in and around the web design niche for more than 12 years, we provide actionable tips for people who work with and on websites. We also run DronesBuy.net - a website for drone hobbyists.

David attard