When we have a look at our website log files, we  find plenty of hits to the Joomla Administration screen. There are hundreds of bots out there crawling sites to find easy login details or other potential security issues with your Joomla website. Now - why should somebody besides yourself and other Joomla administrators be able to access the Joomla Administration screen?

Infact, nobody should be able to access your Joomla backend, except those people who are actually doing administration work.

Hide the Joomla Administration Backend

Although security by obscurity is not one of the best security decisions to make, in this instance we totally recommending hiding or obscuring the actual path to your Joomla backend. We do this by installing the plugin AdminExile.

WhatExileAdmin does is - it creates your own custom URL for you to actually define what URL you want to use to be able to access the Joomla administration backend. By doing this, you are protecting your Joomla backend from those hundreds of bots, or malicious users who are trying to access the Administration URL.

AdminExile Access Key


There are also other ways you can protect your Joomla Administration site using AdminExile.

Email yourself a link to the protected Joomla administration screen

You can choose to share the Joomla secret adminstration URL with selected persons in specific groups only, or get the link to the screen via a special link.

Maybe your access key(s) are so fantastically difficult, that you can't even remember it yourself.  Or maybe you are managing a team of webmasters and you frequently change the secret access key.  You securely can gain access, without knowing the key - by using the Mail Link function of AdminExile.

When enabled, the Mail Link functions can send to anyone who is a member of the authorized groups, the secret key. They can request the /administrator URL + keys be emailed to them by trying to access the below URL (replacing username with an authorized username):


Email a link to joomla administration screen

Restrict Joomla backend to specific IP

Of course, if you always access the Joomla backend from a few specific fixed IPs, you can simply restrict Joomla backend access to these IPs only, and anybody else won't be able to access the backend. AdminExile supports both blacklists and whitelists.

Restrict Joomla Administration access to specific IP


Protect Joomla Backend from Brute Force attacks

One of the very first things we mentioned in this article is bots trying to guess your username and password through brute force attacks. AdminExile can protect your Joomla website from such attacks.

Protect Joomla administration screen from brute force attacks

Yes, we do believe that AdminExile is one of those gold nuggets for Joomla security and there is nothing better than it to protect your Joomla administration backend.


One more thing... Did you know that people who share useful stuff like this post look AWESOME too? ;-)
Please leave a useful comment with your thoughts, then share this on your Facebook group(s) who would find this useful and let's reap the benefits together. Thank you for sharing and being nice!

Featured On

Inc Magazine Logo  

Sitepoint logo  

CSS Tricks logo   

webdesignerdepot logo   WPMU DEV logo   

and many more!


Get Started Now With ShutterstockShutterstock

Best Rated Caching Plugin

Make your website faster 

Monstrous B-Day Party

CLICK HERE for discounts!

Monstrous bday party

How to make your website FAST!

Step-by-step - free email course, how to make your website load in less than 1 second 


The Outstanding HungryJPEG Bundles

AWESOMENESS! Bundles of premium font + graphic packs at more than 96% OFF!  Get a bundle for just $9 - ONLY!

The Hungry JPEG Awesome font bundles


Work with CollectiveRay.com

CollectiveRay (formerly known as DART Creations) is interested in developing partnerships with mutual benefit. If you like the stuff we publish and would like to develop a relationship, we'd be happy to hear from you. Go on - drop us a line - we'd love to hear from you :-)


Disclosure: CollectiveRay is funded personally out of pure passion for helping people working with websites. We do however generate some income through recommendations of products. This means if you click on a link and purchase an item we link to, we will receive a small sum out of that sale. We usually partner with vendors to make your purchase cheaper than buying direct.


InMotion Hosting CollectiveRay Deal

who are we?

CollectiveRay is run by David Attard - working in and around the web design niche for more than 12 years, we provide actionable tips for people who work with and on websites. We also run DronesBuy.net - a website for drone hobbyists.

David attard

Follow us on Social

Follow us on Facebook   Subscribe to our RSS Feed   Follow us on Twitter


Where are we hosted?

This site is proudly powered by FAST VPS InMotion Servers and given an insane speed thanks to StackPath CDN!

Web Hosting stackpath


Popular Content

Joomla extensions to take your website to the NEXT level

Is your Joomla website reaching its full potential? We install many of these extensions on almost ALL of our Joomla sites - why don't you check them out our list of Joomla Extensions and see whether you can take your site to the next level?