Forgot your username?             Forgot your password?

Want more?

Our Core versions are provided free of charge, but they only scratch the surface of what's possible. Subscribe today to get access to the exclusive features and enhanced support of our Professional releases!

Subscribe Already a subscriber? Log in.

Admin Tools

Version 4.0.1 Stable

Released on: Thursday, 28 July 2016 10:55

 

Maturity
Stable
Released on
Thursday, 28 July 2016 10:55
Viewed
0 times

This is a bugfix release for Admin Tools 4.0, addressing the issues which were not reported during the beta and Release Candidate run the previous few weeks.

Release highlights

YOU MUST UPDATE THE PROFESSIONAL VERSION MANUALLY. Due to the changes in the packaging format and the way Joomla's extensions updater works the Download ID of the Professional release was not registered with Joomla. As a result any attempt to update Admin Tools from 4.0.0.b1, 4.0.0.b2, 4.0.0.rc1 or 4.0.0 to this version using the Joomla extensions updater will NOT work. You MUST download this new version and install it on your site like any other extension. This will address the update issue.

Several issues regarding passwords with non-alphanumeric characters were addressed in this release. These issues primarily affected the Master password and Administrator Password Protection features.

Updating from Admin Tools 3.5 or earlier could cause a PHP Fatal error due to a leftover file.

Joomla! 3.4, 3.5 and 3.6 only

This version of Admin Tools will only work on Joomla 3.4 and later versions, including the brand new Joomla 3.6.

We VERY STRONGLY advise you to update to the latest released version of Joomla! at all times. Admin Tools' support for older versions of Joomla! is only meant to be a temporary workaround while you're working on the update of your site.

Please note that we will only provide full support for the latest Joomla! version. Some features may not work at all in older Joomla! versions. We've thoroughly tested the security critical Web Application Firewall features against the supported versions of Joomla! as stated above and found them to be working properly.

PHP 5.4.0 or any later 5.x/7.x version is required

Support for PHP 5.3 is discontinued. It's end of life since August 2014 and widely considered a security risk, unfit for production sites. Our software requires PHP 5.4 or later and is compatible with PHP 5.4, 5.5, 5.6 and 7.0. We strongly recommend using PHP 5.6 or 7.0.

We'd like to remind you that Joomla! 3.4 does NOT support PHP 7. PHP 7 is only supported by Joomla! 3.5.0 and later versions. Admin Tools will work perfectly fine (and very fast!) on a Joomla! 3.6 or later site running on PHP 7.0.

Changelog

Bug fixes

  • [LOW] If you were living under a rock and hadn't updated to Admin Tools 3.6 or later the last 2 years you may get a fatal error after update to 4.0
  • [LOW] Layout / Javascript issues with IE11 on the Configure WAF page
  • [MEDIUM] Administrator Password Protection does not work with passwords containing special characters
  • [MEDIUM] Configure Permissions does not work with folder names containing special characters
  • [MEDIUM] Master password does not work with passwords containing special characters
  • [MEDIUM] PHP File Scanner's front-end scanning feature does not work with secret keys containing special characters

Critical bugs and important changes

  • YOU MUST UPDATE TO THIS RELEASE MANUALLY. The Download ID was not registered with Joomla, making updates from 4.0.0.b1, 4.0.0.b2, 4.0.0.rc1 and 4.0.0 impossible.

Take me to the downloads for this version

Version 4.0.0 Stable

Released on: Thursday, 21 July 2016 09:36

 

Maturity
Stable
Released on
Thursday, 21 July 2016 09:36
Viewed
0 times

This is the stable version of Admin Tools 4.0, adding new features and addressing the issues reported during the beta and Release Candidate run the previous few weeks.

Release highlights

Rewritten using a more modern framework. Admin Tools is now faster to use.

You can export/import WAF Blacklist and Exceptions (always forbidden and always allowed component/view/task access) along with all the other settings.

Highlight the suspicious and malicious matches on the file source in the PHP File Change Scanner results making it easier to understand which parts of each file contribute to its Threat Score.

IP whitelist and blacklist will warn you when the feature is not enabled. Many users were confused as to why the addresses they added in the IP white- or blacklist did not take effect. No more wondering, it will tell you.

Joomla! 3.6 compatibility. Joomla! 3.6 has moved the logs folder inside /administrator. Our software is now adjusted for this change.

URL redirection would issue temporary instead of permanent redirects because of a Joomla bug affacting only Joomla 3.3 and later. We are now working around said Joomla bug.

Joomla's Conservative cache mode is buggy, affecting several features of our component. For example, you could not enter a Download ID, you could not apply the proposed Secret Word and most importanty the component options were reset without warning. We are now asking Joomla to forcibly disable caching for the control panel page of our component.

WAF blacklists were unusable with RegEx matching due to a runaway equals sign. The equals sign was terminated with extreme prejudice.

Joomla! 3.4, 3.5 and 3.6 only

This version of Admin Tools will only work on Joomla 3.4 and later versions, including the brand new Joomla 3.6.

We VERY STRONGLY advise you to update to the latest released version of Joomla! at all times. Admin Tools' support for older versions of Joomla! is only meant to be a temporary workaround while you're working on the update of your site.

Please note that we will only provide full support for the latest Joomla! version. Some features may not work at all in older Joomla! versions. We've thoroughly tested the security critical Web Application Firewall features against the supported versions of Joomla! as stated above and found them to be working properly.

PHP 5.4.0 or any later 5.x/7.x version is required

Support for PHP 5.3 is discontinued. It's end of life since August 2014 and widely considered a security risk, unfit for production sites. Our software requires PHP 5.4 or later and is compatible with PHP 5.4, 5.5, 5.6 and 7.0. We strongly recommend using PHP 5.6 or 7.0.

We'd like to remind you that Joomla! 3.4 does NOT support PHP 7. PHP 7 is only supported by Joomla! 3.5.0 and later versions. Admin Tools will work perfectly fine (and very fast!) on a Joomla! 3.6 or later site running on PHP 7.0.

Changelog

Bug fixes

  • [LOW] Missing language key for user signup notes

New features

  • Added option to display hidden files in Permissions Configuration page
  • Improved performance while importing settings with thousands of IP addresses

Take me to the downloads for this version

Version 3.8.6 Stable

Released on: Friday, 01 July 2016 12:16

 

Maturity
Stable
Released on
Friday, 01 July 2016 12:16
Viewed
0 times

This is a new minor version release, adding workarounds for Joomla issues and preparing the ground for version 4.

Release highlights

Joomla 3.6 support. Joomla 3.6 has changed the location of the logs directory. This version addresses this change.

Workarounds for Joomla issues regarding caching and email sending.

Preparation for Admin Tools 4. Due to the way Joomla updates worj you will need to install this version first. The update site definition will be replaced with the one for Admin Tools 4 so you'll be notified when it's released and be able to update to it with one click. If you do not install Admin Tools 3.8.4 you will NOT be able to update to Admin Tools 4 through Joomla's extensions updater.

Joomla! 3.x only

Despite our policy of only allowing installation on the latest Joomla! release, this version will run on Joomla! 3.0, 3.1, 3.2, 3.3, 3.4, 3.5 and 3.6 to mitigate the major security issues discovered in Joomla! in October and December 2015. We VERY STRONGLY advise you to update to the latest released version of Joomla! at all times. Admin Tools' support for old versions of Joomla! is only meant to be a temporary workaround while you're working on the update of your site.

Please note that we will only provide full support for the latest Joomla! version. Some features –like the Change administrator directory– may not work at all in older Joomla! versions. We've thoroughly tested the security critical Web Application Firewall features against older releases of Joomla! and found them to be working properly.

PHP 5.3.4 or later 5.x version is required

This version requires PHP 5.3.4 or later (e.g. 5.3.29 which is twenty five versions newer than PHP 5.3.4), 5.4, 5.5 or 5.6. Please note that PHP 5.3 is obsolete since August 2014 and we're going to stop supporting it without warning in future versions of our software. We'd like to remind you that Joomla! 3.4 does not currently support PHP 7. You need Joomla! 3.5 to run Joomla! and Admin Tools on PHP 7.

Note: there is no such thing as PHP 6. PHP versions jumped from 5.6 to 7.0. Why? Well, it's a long story. TL;DR: It doesn't have to make sense, just accept it.

Changelog

Bug fixes

  • [HIGH] PHP File Change Scanner's CLI script didn't work
  • [LOW] PHP File Change Scanner emails (from CLI) displayed the HTML markup instead of formatted text

Take me to the downloads for this version

Version 4.0.0.rc1 Release Candidate

Released on: Friday, 01 July 2016 02:09

 

Maturity
Release Candidate
Released on
Friday, 01 July 2016 02:09
Viewed
0 times

This is a Release Candidate, the final testing release of the new major version 4.0, adding new features and addressing the issues reported during the beta run the previous two weeks. The Release Candidate is stable enough to use on live sites.

Release highlights

Rewritten using a more modern framework. Admin Tools is now faster to use.

You can export/import WAF Blacklist and Exceptions (always forbidden and always allowed component/view/task access) along with all the other settings.

Highlight the suspicious and malicious matches on the file source in the PHP File Change Scanner results making it easier to understand which parts of each file contribute to its Threat Score.

IP whitelist and blacklist will warn you when the feature is not enabled. Many users were confused as to why the addresses they added in the IP white- or blacklist did not take effect. No more wondering, it will tell you.

Joomla! 3.6 compatibility. Joomla! 3.6 has moved the logs folder inside /administrator. Our software is now adjusted for this change.

URL redirection would issue temporary instead of permanent redirects because of a Joomla bug affacting only Joomla 3.3 and later. We are now working around said Joomla bug.

Joomla's Conservative cache mode is buggy, affecting several features of our component. For example, you could not enter a Download ID, you could not apply the proposed Secret Word and most importanty the component options were reset without warning. We are now asking Joomla to forcibly disable caching for the control panel page of our component.

WAF blacklists were unusable with RegEx matching due to a runaway equals sign. The equals sign was terminated with extreme prejudice.

Joomla! 3.4, 3.5 and 3.6 only

This version of Admin Tools will only work on Joomla 3.4 and later versions, including the upcoming Joomla 3.6 (as far as we can confirm by running it against Joomla! 3.6 beta 1).

We VERY STRONGLY advise you to update to the latest released version of Joomla! at all times. Admin Tools' support for older versions of Joomla! is only meant to be a temporary workaround while you're working on the update of your site.

Please note that we will only provide full support for the latest Joomla! version. Some features may not work at all in older Joomla! versions. We've thoroughly tested the security critical Web Application Firewall features against the supported versions of Joomla! as stated above and found them to be working properly.

PHP 5.4.0 or any later 5.x/7.x version is required

Support for PHP 5.3 is discontinued. It's end of life since August 2014 and widely considered a security risk, unfit for production sites. Our software requries PHP 5.4 or later and is compatible with PHP 5.4, 5.5, 5.6 and 7.0. We strongly recommend using PHP 5.6 or 7.0.

We'd like to remind you that Joomla! 3.4 does NOT support PHP 7. PHP 7 is only supported by Joomla! 3.5.0 and later versions. Admin Tools will work perfectly fine (and very fast!) on a Joomla! 3.5 or later site running on PHP 7.0.

Changelog

Bug fixes

  • [HIGH] The PHP File Change Scanner front-end scheduling feature was broken
  • [HIGH] The Professional package was missing the CLI scripts
  • [LOW] Incorrect language strings, thank you @brianteeman
  • [LOW] Missing language strings
  • [LOW] PHP File Change Scanner emails (from CLI) displayed the HTML markup instead of formatted text
  • [LOW] PHP notices on installation from missing method arguments
  • [LOW] The warnings about the IP white/blacklist being disabled were displayed under the wrong conditions
  • [LOW] The “Reload update information” button in the control panel page resulted in an error
  • [MEDIUM] The Quick Setup Wizard would claim to have already run even on fresh installations (thanks @brianteeman)

Miscellaneous changes

  • Changing the #__akeeba_common table schema
  • Exceptions from WAF are not available on broken servers which don't set the HTTP_HOST environment variable

Take me to the downloads for this version

Version 4.0.0.b1 Beta

Released on: Wednesday, 22 June 2016 10:52

 

Maturity
Beta
Released on
Wednesday, 22 June 2016 10:52
Viewed
0 times

This is a beta (testing release) of the new major version 4.0, adding new features.

Release highlights

Rewritten using a more modern framework. Admin Tools is now faster to use.

You can export/import WAF Blacklist and Exceptions (always forbidden and always allowed component/view/task access) along with all the other settings.

Highlight the suspicious and malicious matches on the file source in the PHP File Change Scanner results making it easier to understand which parts of each file contribute to its Threat Score.

IP whitelist and blacklist will warn you when the feature is not enabled. Many users were confused as to why the addresses they added in the IP white- or blacklist did not take effect. No more wondering, it will tell you.

Joomla! 3.6 compatibility. Joomla! 3.6 has moved the logs folder inside /administrator. Our software is now adjusted for this change.

URL redirection would issue temporary instead of permanent redirects because of a Joomla bug affacting only Joomla 3.3 and later. We are now working around said Joomla bug.

Joomla's Conservative cache mode is buggy, affecting several features of our component. For example, you could not enter a Download ID, you could not apply the proposed Secret Word and most importanty the component options were reset without warning. We are now asking Joomla to forcibly disable caching for the control panel page of our component.

WAF blacklists were unusable with RegEx matching due to a runaway equals sign. The equals sign was terminated with extreme prejudice.

Joomla! 3.4, 3.5 and 3.6 only

This version of Admin Tools will only work on Joomla 3.4 and later versions, including the upcoming Joomla 3.6 (as far as we can confirm by running it against Joomla! 3.6 beta 1).

We VERY STRONGLY advise you to update to the latest released version of Joomla! at all times. Admin Tools' support for older versions of Joomla! is only meant to be a temporary workaround while you're working on the update of your site.

Please note that we will only provide full support for the latest Joomla! version. Some features may not work at all in older Joomla! versions. We've thoroughly tested the security critical Web Application Firewall features against the supported versions of Joomla! as stated above and found them to be working properly.

PHP 5.4.0 or any later 5.x/7.x version is required

Support for PHP 5.3 is discontinued. It's end of life since August 2014 and widely considered a security risk, unfit for production sites. Our software requries PHP 5.4 or later and is compatible with PHP 5.4, 5.5, 5.6 and 7.0. We strongly recommend using PHP 5.6 or 7.0.

We'd like to remind you that Joomla! 3.4 does NOT support PHP 7. PHP 7 is only supported by Joomla! 3.5.0 and later versions. Admin Tools will work perfectly fine (and very fast!) on a Joomla! 3.5 or later site running on PHP 7.0.

Changelog

Bug fixes

  • [HIGH] Joomla! "Conservative" cache bug: component Options (e.g. Download ID, Secret Word, front-end file scanner feature) would be forgotten on the next page load
  • [HIGH] Joomla! "Conservative" cache bug: you could not apply the proposed Secret Word when prompted
  • [HIGH] Joomla! "Conservative" cache bug: you could not enter the Download ID when prompted
  • [HIGH] WAF Blacklist with RegEx matching would block all requests all the time
  • [LOW] Joomla bug would cause URL redirections to issue HTTP 303 See other (temporary) redirection instead of 301 Moved (permanent) redirection

New features

  • .htaccess / nginx.conf / web.config maker: added .well-known to the default list of allowed access folders for non-PHP files
  • Enabling HSTS in .htaccess Maker will now also avoid unsafe (HTTP) redirections wherever possible and not send the HSTS header over plain HTTP. Does not apply to NginX Conf and web.config Makers. PLEASE READ THE DOCUMENTATION!
  • Highlight the suspicious and malicious matches on the file source in the PHP File Change Scanner results
  • IP blacklist will warn you when the feature is not enabled
  • IP whitelist will warn you when the feature is not enabled
  • Improved detection and removal of duplicate update sites
  • Rewritten using FOF 3.0
  • URL Redirection is now available in the free of charge Core release
  • You can export/import WAF Blacklist and Exceptions (always forbidden and always allowed component/view/task access)

Miscellaneous changes

  • Extremely conservative .htaccess Maker settings applied by the Quick Setup Wizard because people don't bother reading the big, fat warning above the apply button
  • Joomla! 3.6 has moved the logs folder inside /administrator. Our software is now adjusted for this change.
  • Remove obsolete FOF 2.x update site if it exists
  • Warn about eAccelerator
  • Warn about end of life PHP versions

Take me to the downloads for this version

Version 3.8.5 Stable

Released on: Tuesday, 21 June 2016 01:30

 

Maturity
Stable
Released on
Tuesday, 21 June 2016 01:30
Viewed
0 times

This is a new minor version release, adding workarounds for Joomla issues and preparing the ground for version 4.

Release highlights

Joomla 3.6 support. Joomla 3.6 has changed the location of the logs directory. This version addresses this change.

Workarounds for Joomla issues regarding caching and email sending.

Preparation for Admin Tools 4. Due to the way Joomla updates worj you will need to install this version first. The update site definition will be replaced with the one for Admin Tools 4 so you'll be notified when it's released and be able to update to it with one click. If you do not install Admin Tools 3.8.4 you will NOT be able to update to Admin Tools 4 through Joomla's extensions updater.

Joomla! 3.x only

Despite our policy of only allowing installation on the latest Joomla! release, this version will run on Joomla! 3.0, 3.1, 3.2, 3.3, 3.4, 3.5 and 3.6 to mitigate the major security issues discovered in Joomla! in October and December 2015. We VERY STRONGLY advise you to update to the latest released version of Joomla! at all times. Admin Tools' support for old versions of Joomla! is only meant to be a temporary workaround while you're working on the update of your site.

Please note that we will only provide full support for the latest Joomla! version. Some features –like the Change administrator directory– may not work at all in older Joomla! versions. We've thoroughly tested the security critical Web Application Firewall features against older releases of Joomla! and found them to be working properly.

PHP 5.3.4 or later 5.x version is required

This version requires PHP 5.3.4 or later (e.g. 5.3.29 which is twenty five versions newer than PHP 5.3.4), 5.4, 5.5 or 5.6. Please note that PHP 5.3 is obsolete since August 2014 and we're going to stop supporting it without warning in future versions of our software. We'd like to remind you that Joomla! 3.4 does not currently support PHP 7. You need Joomla! 3.5 to run Joomla! and Admin Tools on PHP 7.

Note: there is no such thing as PHP 6. PHP versions jumped from 5.6 to 7.0. Why? Well, it's a long story. TL;DR: It doesn't have to make sense, just accept it.

Changelog

Critical bugs and important changes

  • File packaging issues affecting the Core release

Take me to the downloads for this version

Version 3.8.4 Stable

Released on: Monday, 20 June 2016 15:59

 

Maturity
Stable
Released on
Monday, 20 June 2016 15:59
Viewed
0 times

This is a new minor version release, adding workarounds for Joomla issues and preparing the ground for version 4.

Release highlights

Joomla 3.6 support. Joomla 3.6 has changed the location of the logs directory. This version addresses this change.

Workarounds for Joomla issues regarding caching and email sending.

Preparation for Admin Tools 4. Due to the way Joomla updates worj you will need to install this version first. The update site definition will be replaced with the one for Admin Tools 4 so you'll be notified when it's released and be able to update to it with one click. If you do not install Admin Tools 3.8.4 you will NOT be able to update to Admin Tools 4 through Joomla's extensions updater.

Joomla! 3.x only

Despite our policy of only allowing installation on the latest Joomla! release, this version will run on Joomla! 3.0, 3.1, 3.2, 3.3, 3.4, 3.5 and 3.6 to mitigate the major security issues discovered in Joomla! in October and December 2015. We VERY STRONGLY advise you to update to the latest released version of Joomla! at all times. Admin Tools' support for old versions of Joomla! is only meant to be a temporary workaround while you're working on the update of your site.

Please note that we will only provide full support for the latest Joomla! version. Some features –like the Change administrator directory– may not work at all in older Joomla! versions. We've thoroughly tested the security critical Web Application Firewall features against older releases of Joomla! and found them to be working properly.

PHP 5.3.4 or later 5.x version is required

This version requires PHP 5.3.4 or later (e.g. 5.3.29 which is twenty five versions newer than PHP 5.3.4), 5.4, 5.5 or 5.6. Please note that PHP 5.3 is obsolete since August 2014 and we're going to stop supporting it without warning in future versions of our software. We'd like to remind you that Joomla! 3.4 does not currently support PHP 7. You need Joomla! 3.5 to run Joomla! and Admin Tools on PHP 7.

Note: there is no such thing as PHP 6. PHP versions jumped from 5.6 to 7.0. Why? Well, it's a long story. TL;DR: It doesn't have to make sense, just accept it.

Changelog

Bug fixes

  • [HIGH] Joomla! "Conservative" cache bug: component Options (e.g. Download ID, Secret Word, front-end file scanner feature) would be forgotten on the next page load
  • [HIGH] Joomla! "Conservative" cache bug: you could not apply the proposed Secret Word when prompted
  • [HIGH] Joomla! "Conservative" cache bug: you could not enter the Download ID when prompted
  • [HIGH] WAF Blacklist with RegEx matching would block all requests all the time
  • [LOW] Under rare circumstances, banning the same IP twice would result in a uncaught exception

New features

  • Added support for WAF blacklist and WAF exclusions import/export
  • Improved detection and removal of duplicate update sites

Miscellaneous changes

  • Joomla! 3.6 has moved the logs folder inside /administrator. Our software is now adjusted for this change.
  • Remove obsolete FOF 2.x update site if it exists
  • Replace the update site with the one which will be used for version 4.x
  • Work around MASSIVE BUG IN JOOMLA! 3.5.1+ regarding email sending

Take me to the downloads for this version

Version 3.8.3 Stable

Released on: Sunday, 20 March 2016 16:56

 

Maturity
Stable
Released on
Sunday, 20 March 2016 16:56
Viewed
0 times

This is a new minor version release, adding new features.

Release highlights

web.config Maker for IIS. The web.config Maker brings our advanced server protection features, available to Apache users through the .htaccess Maker, to Windows servers running IIS. Please note that you need IIS 7 or later with the optional Rewrite module from Microsoft. These are the same requirements for Joomla!'s web.config.txt file which enables SEF (pretty) URLs on servers runnign IIS.

PHP 7 and Joomla! 3.5 compatible. We have even added UTF8MB4 (multibyte character support). If you are using Joomla! 3.5 on a server which supports UTF8MB4 you can use multibyte characters, such as Emoji, for all free text entries in the component e.g. titles of IP ranges, email templates, block messages etc.

Auto-compress SVG files through the .htaccess / NginX Conf / web.config Maker features. SVG data is essentially text. Turning on this option speeds up their delivery by a typical factor of 5.

Admin Tools can warn you if your temp and/or log folders are incorrect. We've seen many sites where either or both of these folders point to an nonexistent location or, worse, the site's root. This can cause all sorts of problems, from simply being unable to install extensions to serious security issues. Admin Tools detects these issues and lets you click a button to automatically fix them.

Improved emails sent by the PHP File Change Scanner. We now make it easier for you to use mail filters e.g. to flag any emails warning you about changed or suspicious files.

Joomla! 3.x only

Despite our policy of only allowing installation on the latest Joomla! release, this version will run on Joomla! 3.0, 3.1, 3.2, 3.3, 3.4 and 3.5 to mitigate the major security issues discovered in Joomla! in October and December 2015. We VERY STRONGLY advise you to update to the latest released version of Joomla! at all times. Admin Tools' support for old versions of Joomla! is only meant to be a temporary workaround while you're working on the update of your site.

Please note that we will only provide full support for the latest Joomla! version. Some features –like the Change administrator directory– may not work at all in older Joomla! versions. We've thoroughly tested the security critical Web Application Firewall features against older releases of Joomla! and found them to be working properly.

PHP 5.3.4 or later 5.x version is required

This version requires PHP 5.3.4 or later (e.g. 5.3.29 which is twenty five versions newer than PHP 5.3.4), 5.4, 5.5 or 5.6. Please note that PHP 5.3 is obsolete since August 2014 and we're going to stop supporting it without warning in future versions of our software. We'd like to remind you that Joomla! 3.4 does not currently support PHP 7. You need Joomla! 3.5 to run Joomla! and Admin Tools on PHP 7.

Note: there is no such thing as PHP 6. PHP versions jumped from 5.6 to 7.0. Why? Well, it's a long story. TL;DR: It doesn't have to make sense, just accept it.

Changelog

Bug fixes

  • [HIGH] The display of log and temp directories is inversed, leading many of our users to unnecessarily panic.

Take me to the downloads for this version

Version 3.8.2 Stable

Released on: Sunday, 20 March 2016 13:47

 

Maturity
Stable
Released on
Sunday, 20 March 2016 13:47
Viewed
0 times

This is a new minor version release, adding new features.

Release highlights

web.config Maker for IIS. The web.config Maker brings our advanced server protection features, available to Apache users through the .htaccess Maker, to Windows servers running IIS. Please note that you need IIS 7 or later with the optional Rewrite module from Microsoft. These are the same requirements for Joomla!'s web.config.txt file which enables SEF (pretty) URLs on servers runnign IIS.

PHP 7 and Joomla! 3.5 compatible. We have even added UTF8MB4 (multibyte character support). If you are using Joomla! 3.5 on a server which supports UTF8MB4 you can use multibyte characters, such as Emoji, for all free text entries in the component e.g. titles of IP ranges, email templates, block messages etc.

Auto-compress SVG files through the .htaccess / NginX Conf / web.config Maker features. SVG data is essentially text. Turning on this option speeds up their delivery by a typical factor of 5.

Admin Tools can warn you if your temp and/or log folders are incorrect. We've seen many sites where either or both of these folders point to an nonexistent location or, worse, the site's root. This can cause all sorts of problems, from simply being unable to install extensions to serious security issues. Admin Tools detects these issues and lets you click a button to automatically fix them.

Improved emails sent by the PHP File Change Scanner. We now make it easier for you to use mail filters e.g. to flag any emails warning you about changed or suspicious files.

Joomla! 3.x only

Despite our policy of only allowing installation on the latest Joomla! release, this version will run on Joomla! 3.0, 3.1, 3.2, 3.3, 3.4 and 3.5 to mitigate the major security issues discovered in Joomla! in October and December 2015. We VERY STRONGLY advise you to update to the latest released version of Joomla! at all times. Admin Tools' support for old versions of Joomla! is only meant to be a temporary workaround while you're working on the update of your site.

Please note that we will only provide full support for the latest Joomla! version. Some features –like the Change administrator directory– may not work at all in older Joomla! versions. We've thoroughly tested the security critical Web Application Firewall features against older releases of Joomla! and found them to be working properly.

PHP 5.3.4 or later 5.x version is required

This version requires PHP 5.3.4 or later (e.g. 5.3.29 which is twenty five versions newer than PHP 5.3.4), 5.4, 5.5 or 5.6. Please note that PHP 5.3 is obsolete since August 2014 and we're going to stop supporting it without warning in future versions of our software. We'd like to remind you that Joomla! 3.4 does not currently support PHP 7. You need Joomla! 3.5 to run Joomla! and Admin Tools on PHP 7.

Note: there is no such thing as PHP 6. PHP versions jumped from 5.6 to 7.0. Why? Well, it's a long story. TL;DR: It doesn't have to make sense, just accept it.

Changelog

Removed features

  • Removed integrity check (showing wrong check results on some sites)

Take me to the downloads for this version

Version 3.8.1 Stable

Released on: Sunday, 20 March 2016 12:58

 

Maturity
Stable
Released on
Sunday, 20 March 2016 12:58
Viewed
0 times

This is a new minor version release, adding new features.

Release highlights

web.config Maker for IIS. The web.config Maker brings our advanced server protection features, available to Apache users through the .htaccess Maker, to Windows servers running IIS. Please note that you need IIS 7 or later with the optional Rewrite module from Microsoft. These are the same requirements for Joomla!'s web.config.txt file which enables SEF (pretty) URLs on servers runnign IIS.

PHP 7 and Joomla! 3.5 compatible. We have even added UTF8MB4 (multibyte character support). If you are using Joomla! 3.5 on a server which supports UTF8MB4 you can use multibyte characters, such as Emoji, for all free text entries in the component e.g. titles of IP ranges, email templates, block messages etc.

Auto-compress SVG files through the .htaccess / NginX Conf / web.config Maker features. SVG data is essentially text. Turning on this option speeds up their delivery by a typical factor of 5.

Admin Tools can warn you if your temp and/or log folders are incorrect. We've seen many sites where either or both of these folders point to an nonexistent location or, worse, the site's root. This can cause all sorts of problems, from simply being unable to install extensions to serious security issues. Admin Tools detects these issues and lets you click a button to automatically fix them.

Improved emails sent by the PHP File Change Scanner. We now make it easier for you to use mail filters e.g. to flag any emails warning you about changed or suspicious files.

Joomla! 3.x only

Despite our policy of only allowing installation on the latest Joomla! release, this version will run on Joomla! 3.0, 3.1, 3.2, 3.3, 3.4 and 3.5 to mitigate the major security issues discovered in Joomla! in October and December 2015. We VERY STRONGLY advise you to update to the latest released version of Joomla! at all times. Admin Tools' support for old versions of Joomla! is only meant to be a temporary workaround while you're working on the update of your site.

Please note that we will only provide full support for the latest Joomla! version. Some features –like the Change administrator directory– may not work at all in older Joomla! versions. We've thoroughly tested the security critical Web Application Firewall features against older releases of Joomla! and found them to be working properly.

PHP 5.3.4 or later 5.x version is required

This version requires PHP 5.3.4 or later (e.g. 5.3.29 which is twenty five versions newer than PHP 5.3.4), 5.4, 5.5 or 5.6. Please note that PHP 5.3 is obsolete since August 2014 and we're going to stop supporting it without warning in future versions of our software. We'd like to remind you that Joomla! 3.4 does not currently support PHP 7. You need Joomla! 3.5 to run Joomla! and Admin Tools on PHP 7.

Note: there is no such thing as PHP 6. PHP versions jumped from 5.6 to 7.0. Why? Well, it's a long story. TL;DR: It doesn't have to make sense, just accept it.

Changelog

Critical bugs and important changes

  • Update failure on ancient servers lacking UTF8MB4 support

Take me to the downloads for this version

Version 3.8.0 Stable

Released on: Sunday, 20 March 2016 12:02

 

Maturity
Stable
Released on
Sunday, 20 March 2016 12:02
Viewed
0 times

This is a new minor version release, adding new features.

Release highlights

web.config Maker for IIS. The web.config Maker brings our advanced server protection features, available to Apache users through the .htaccess Maker, to Windows servers running IIS. Please note that you need IIS 7 or later with the optional Rewrite module from Microsoft. These are the same requirements for Joomla!'s web.config.txt file which enables SEF (pretty) URLs on servers runnign IIS.

PHP 7 and Joomla! 3.5 compatible. We have even added UTF8MB4 (multibyte character support). If you are using Joomla! 3.5 on a server which supports UTF8MB4 you can use multibyte characters, such as Emoji, for all free text entries in the component e.g. titles of IP ranges, email templates, block messages etc.

Auto-compress SVG files through the .htaccess / NginX Conf / web.config Maker features. SVG data is essentially text. Turning on this option speeds up their delivery by a typical factor of 5.

Admin Tools can warn you if your temp and/or log folders are incorrect. We've seen many sites where either or both of these folders point to an nonexistent location or, worse, the site's root. This can cause all sorts of problems, from simply being unable to install extensions to serious security issues. Admin Tools detects these issues and lets you click a button to automatically fix them.

Improved emails sent by the PHP File Change Scanner. We now make it easier for you to use mail filters e.g. to flag any emails warning you about changed or suspicious files.

Joomla! 3.x only

Despite our policy of only allowing installation on the latest Joomla! release, this version will run on Joomla! 3.0, 3.1, 3.2, 3.3, 3.4 and 3.5 to mitigate the major security issues discovered in Joomla! in October and December 2015. We VERY STRONGLY advise you to update to the latest released version of Joomla! at all times. Admin Tools' support for old versions of Joomla! is only meant to be a temporary workaround while you're working on the update of your site.

Please note that we will only provide full support for the latest Joomla! version. Some features –like the Change administrator directory– may not work at all in older Joomla! versions. We've thoroughly tested the security critical Web Application Firewall features against older releases of Joomla! and found them to be working properly.

PHP 5.3.4 or later 5.x version is required

This version requires PHP 5.3.4 or later (e.g. 5.3.29 which is twenty five versions newer than PHP 5.3.4), 5.4, 5.5 or 5.6. Please note that PHP 5.3 is obsolete since August 2014 and we're going to stop supporting it without warning in future versions of our software. We'd like to remind you that Joomla! 3.4 does not currently support PHP 7. You need Joomla! 3.5 to run Joomla! and Admin Tools on PHP 7.

Note: there is no such thing as PHP 6. PHP versions jumped from 5.6 to 7.0. Why? Well, it's a long story. TL;DR: It doesn't have to make sense, just accept it.

Changelog

New features

  • .htaccess & NginX Conf Maker: Add GZip compression support for SVG files
  • UTF8MB4 support for our own database tables (requires Joomla! 3.5 and a PHP/MySQL environment with UTF8MB4 support)
  • gh-80 Added Joomla! temp and log directory check
  • gh-84 Improved text of emails sent by the PHP Scanner when there are no modified or added files
  • web.config Maker for IIS

Miscellaneous changes

  • The Quick Setup Wizard is now hidden after you configure Admin Tools for the first time

Removed features

  • Removed the "Forbid displaying in FRAME (for HTTPS-only sites)" switch from .htaccess Maker / NginX Conf Maker. It's exactly the same feature as "Protect against clickjacking". Enable the latter to get the same protection.

Take me to the downloads for this version

Version 3.7.1 Stable

Released on: Monday, 08 February 2016 04:37

 

Maturity
Stable
Released on
Monday, 08 February 2016 04:37
Viewed
0 times

This is a features and maintenance release.

Release highlights

PHP 7 and Joomla! 3.5 compatible.

Front-end scheduling URL for the PHP File Change Scanner. This allows you to schedule PHP File Change Scanner runs without having to resort to CRON. Check out the new Scheduling information page for more information.

Check Joomla Global Configuration for invalid log or temporary directories. We have observed many of you using your sites' roots for these folders. BAD IDEA! Now we warn you.

Disable IP workarounds in the Core version. They were mistakenly enabled when they are not used anywhere. Sorry about that!

Joomla! 3.x only

Despite our policy of only allowing installation on the latest Joomla! release, this version will run on Joomla! 3.0, 3.1, 3.2, 3.3 and 3.4 to mitigate the major security issues discovered in Joomla! in October and December 2015.

Please note that we will only provide full support for the latest Joomla! version. Some features –like the Change administrator directory– may not work at all in older Joomla! versions. We've thoroughly tested the security critical Web Application Firewall features against older releases of Joomla! and found them to be working properly.

PHP 5.3.4 or later 5.x version is required

This version requires PHP 5.3.4 or later (e.g. 5.3.29 which is twenty five versions newer than PHP 5.3.4), 5.4, 5.5 or 5.6. Please note that PHP 5.3 is obsolete since August 2014 and we're going to stop supporting it without warning in future versions of our software. We'd like to remind you that Joomla! 3.4 does not currently support PHP 7. You need Joomla! 3.5 to run Joomla! and Admin Tools on PHP 7.

Note: there is no such thing as PHP 6. PHP versions jumped from 5.6 to 7.0. Why? Well, it's a long story. TL;DR: It doesn't have to make sense, just accept it.

Changelog

Critical bugs and important changes

  • Core version throws a fatal error (it tries to access a Professional feature that doesn't exist in the Core version)

Take me to the downloads for this version

Version 3.7.0 Stable

Released on: Monday, 08 February 2016 03:21

 

Maturity
Stable
Released on
Monday, 08 February 2016 03:21
Viewed
0 times

This is a features and maintenance release.

Release highlights

PHP 7 and Joomla! 3.5 compatible.

Front-end scheduling URL for the PHP File Change Scanner. This allows you to schedule PHP File Change Scanner runs without having to resort to CRON. Check out the new Scheduling information page for more information.

Check Joomla Global Configuration for invalid log or temporary directories. We have observed many of you using your sites' roots for these folders. BAD IDEA! Now we warn you.

Disable IP workarounds in the Core version. They were mistakenly enabled when they are not used anywhere. Sorry about that!

Joomla! 3.x only

Despite our policy of only allowing installation on the latest Joomla! release, this version will run on Joomla! 3.0, 3.1, 3.2, 3.3 and 3.4 to mitigate the major security issues discovered in Joomla! in October and December 2015.

Please note that we will only provide full support for the latest Joomla! version. Some features –like the Change administrator directory– may not work at all in older Joomla! versions. We've thoroughly tested the security critical Web Application Firewall features against older releases of Joomla! and found them to be working properly.

PHP 5.3.4 or later 5.x version is required

This version requires PHP 5.3.4 or later (e.g. 5.3.29 which is twenty five versions newer than PHP 5.3.4), 5.4, 5.5 or 5.6. Please note that PHP 5.3 is obsolete since August 2014 and we're going to stop supporting it without warning in future versions of our software. We'd like to remind you that Joomla! 3.4 does not currently support PHP 7. You need Joomla! 3.5 to run Joomla! and Admin Tools on PHP 7.

Note: there is no such thing as PHP 6. PHP versions jumped from 5.6 to 7.0. Why? Well, it's a long story. TL;DR: It doesn't have to make sense, just accept it.

Changelog

Bug fixes

  • [LOW] Preview popup in .htaccess and NginX Conf Maker was not rendering properly due to bad Joomla! default height value for popups

New features

  • gh-76 Front-end scheduling URL for the PHP File Change Scanner
  • gh-76 Scheduling information page for the PHP File Change Scanner
  • gh-77 Check Joomla Global Configuration for invalid log or temporary directories

Miscellaneous changes

  • Disable CLI script workaround necessary only under Joomla! 3.4.7 on all other versions of Joomla!
  • Disable IP workarounds in the Core version
  • Update PHP File Change Scanner signatures
  • Working around SpamAssassin's BROKEN rules for email messages sent by Admin Tools
  • gh-78 Media files are moved to under administrator making it harder to detect Admin Tools' version.

Critical bugs and important changes

  • Joomla! 3.5 breaks CLI scripts, workaround applied

Take me to the downloads for this version

Version 3.6.8 Stable

Released on: Tuesday, 22 December 2015 09:02

 

Maturity
Stable
Released on
Tuesday, 22 December 2015 09:02
Viewed
0 times

This is a bugfix release, addressing a major issue regarding CLI scripts introduced by Joomla! 3.4.7.

Release highlights

Workaround for CLI scripts. Joomla! 3.4.7 introduced a major bug which made it impossible for third party CLI scripts, used in CRON jobs, to complete successfully. Unfortunately it also affected the CLI scripts of our own software. This release applies a workaround which lets the CLI scripts execute without a problem.

Security advisory for Joomla! 3

The Joomla! project announced the immediate availability of version 3.4.7 which further enhances the fix of a very high priority security issue that was first addressed in 3.4.6. This issue has been discovered by different independent security researchers and affects all Joomla! versions from 1.5 onwards. However, the official patch to address this issue is only available for Joomla! 3.4. Unofficial patches exist for 1.5 and 2.5 but not for older 3.x versions..

Admin Tools contains a fix which addresses this issue on ALL Joomla! versions it runs on, including Joomla! 3.0, 3.1, 3.2 and 3.3. If unsure, run our Quick Setup Wizard and accept the default values to enable all the Web Application Firewall features necessary. We STRONGLY advise you to enable the SQLiShield, MUAShield and SessionShield features to successfully mitigate the two known major security issues which were discovered in Joomla! in the second half of 2015.

Joomla! 3.x only

Despite our policy of only allowing installation on the latest Joomla! release, this version will run on Joomla! 3.0, 3.1, 3.2, 3.3 and 3.4 to mitigate the aforementioned Joomla! security issue.

Please note that we will only provide full support for the latest Joomla! version. Some features –like the Change administrator directory– may not work at all in older Joomla! versions. We've thoroughly tested the security critical Web Application Firewall features against older releases of Joomla! and found them to be working properly.

PHP 5.3.4 or later 5.x version is required

This version requires PHP 5.3.4 or later (e.g. 5.3.29 which is twenty five versions newer than PHP 5.3.4), 5.4, 5.5 or 5.6. Please note that PHP 5.3 is obsolete since August 2014 and we're going to stop supporting it without warning in future versions of our software. We'd like to remind you that Joomla! 3.x does not currently support PHP 7. Since our software runs inside Joomla! by definition our software doesn't currently run on PHP 7 either.

Note: there is no such thing as PHP 6. PHP versions jumped from 5.6 to 7.0. Why? Well, it's a long story. TL;DR: It doesn't have to make sense, just accept it.

Changelog

Bug fixes

  • [HIGH] Joomla! 3.4.7 has a major bug which may prevent CLI (CRON) scripts from executing

Take me to the downloads for this version

Version 3.6.7 Stable

Released on: Monday, 21 December 2015 13:04

 

Maturity
Stable
Released on
Monday, 21 December 2015 13:04
Viewed
0 times

This is a maintenance release, addressing known security issues in Joomla!.

Security advisory for Joomla! 3

The Joomla! project announced the immediate availability of version 3.4.7 which further enhances the fix of a very high priority security issue that was first addressed in 3.4.6. This issue has been discovered by different independent security researchers and affects all Joomla! versions from 1.5 onwards. However, the official patch to address this issue is only available for Joomla! 3.4. Unofficial patches exist for 1.5 and 2.5 but not for older 3.x versions..

Admin Tools contains a fix which addresses this issue on ALL Joomla! versions it runs on, including Joomla! 3.0, 3.1, 3.2 and 3.3. If unsure, run our Quick Setup Wizard and accept the default values to enable all the Web Application Firewall features necessary. We STRONGLY advise you to enable the SQLiShield, MUAShield and SessionShield features to successfully mitigate the two known major security issues which were discovered in Joomla! in the second half of 2015.

Joomla! 3.x only

Despite our policy of only allowing installation on the latest Joomla! release, this version will run on Joomla! 3.0, 3.1, 3.2, 3.3 and 3.4 to mitigate the aforementioned Joomla! security issue.

Please note that we will only provide full support for the latest Joomla! version. Some features –like the Change administrator directory– may not work at all in older Joomla! versions. We've thoroughly tested the security critical Web Application Firewall features against older releases of Joomla! and found them to be working properly.

PHP 5.3.4 or later 5.x version is required

This version requires PHP 5.3.4 or later (e.g. 5.3.29 which is twenty five versions newer than PHP 5.3.4), 5.4, 5.5 or 5.6. Please note that PHP 5.3 is obsolete since August 2014 and we're going to stop supporting it without warning in future versions of our software. We'd like to remind you that Joomla! 3.x does not currently support PHP 7. Since our software runs inside Joomla! by definition our software doesn't currently run on PHP 7 either.

Note: there is no such thing as PHP 6. PHP versions jumped from 5.6 to 7.0. Why? Well, it's a long story. TL;DR: It doesn't have to make sense, just accept it.

Changelog

Bug fixes

  • [LOW] Untranslated string COM_ADMINTOOLS_EMAILTEMPLATE_REASON_IPAUTOBAN in notification emails

New features

  • SessionShield to deal with PHP session data poisoning attacks

Removed features

  • Remove XSSShield

Take me to the downloads for this version

Version 3.6.6 Stable

Released on: Wednesday, 16 December 2015 03:42

 

Maturity
Stable
Released on
Wednesday, 16 December 2015 03:42
Viewed
0 times

This is a security release, addressing a major security issue found in Joomla!. All users are kindly requested to update.

Security advisory for Joomla! 3

The Joomla! project announced the immediate availability of version 3.4.6 which fixes a very high priority security issue. This issue has been discovered by different independent security researchers and affects all Joomla! versions from 1.5 onwards. However, the official patch to address this issue is only available for Joomla! 3.4. Unofficial patches exist for 1.5 and 2.5 but not for older 3.x versions.

This version of Admin Tools contains all the necessary mitigation measures against this security issue. If unsure, run our Quick Setup Wizard and accept the default values to enable all the Web Application Firewall features necessary. We STRONGLY advise you to enable the SQLiShield and MUAShield features to successfully mitigate the two known major security issues which were discovered in Joomla! in the second half of 2015.

Joomla! 3.x only

Despite our policy of only allowing installation on the latest Joomla! release, this version will exceptionally run on Joomla! 3.0, 3.1, 3.2, 3.3 and 3.4 to mitigate the aforementioned Joomla! security issue.

Please note that we will only provide full support for the latest Joomla! version. Some features –like the Change administrator directory– may not work at all in older Joomla! versions. We've thoroughly tested the security critical Web Application Firewall features against older releases of Joomla! and found them to be working properly.

PHP 5.3.4 or later 5.x version is required

This version requires PHP 5.3.4 or later (e.g. 5.3.29 which is twenty five versions newer than PHP 5.3.4), 5.4, 5.5 or 5.6. Please note that PHP 5.3 is obsolete since August 2014 and we're going to stop supporting it without warning in future versions of our software. We'd like to remind you that Joomla! 3.x does not currently support PHP 7. Since our software runs inside Joomla! by definition our software doesn't currently run on PHP 7 either.

Note: there is no such thing as PHP 6. PHP versions jumped from 5.6 to 7.0. Why? Well, it's a long story. TL;DR: It doesn't have to make sense, just accept it.

Changelog

Bug fixes

  • [HIGH] Wrong display rendering of file diffs
  • [HIGH] You couldn't configure WAF under Joomla! 3.0 and 3.1 without setting the "Long Configure WAF page" option to Yes
  • [LOW] Notice thrown by the auto-update CLI script
  • [LOW] Some .htaccess Maker options were not compatible with the *!!OLD, INSECURE, DO NOT USE!!* Apache 1.3 version family
  • [LOW] The Quick Setup Wizard button was shown in the Core edition by accident
  • [MEDIUM] The administrator URL parameter wasn't saved by the Quick Setup Wizard

New features

  • Inform the user if he needs to supply the Download ID

Critical bugs and important changes

  • Detection and neutralization of the high priority Joomla! security issue 20151201, ref https://developer.joomla.org/security-centre/630-20151214-core-remote-code-execution-vulnerability.html

Take me to the downloads for this version

Version 3.6.5 Stable

Released on: Thursday, 05 November 2015 08:46

 

Maturity
Stable
Released on
Thursday, 05 November 2015 08:46
Viewed
1585 times

This is a security release, addressing a major security issue found in Joomla!. All users are kindly requested to update.

Security advisory for Joomla! 3

The Joomla! project announced the immediate availability of version 3.4.6 which fixes a very high priority security issue. This issue has been discovered by different independent security researchers and affects all Joomla! versions from 1.5 onwards. However, the official patch to address this issue is only available for Joomla! 3.4. Unofficial patches exist for 1.5 and 2.5 but not for older 3.x versions.

This version of Admin Tools contains all the necessary mitigation measures against this security issue. If unsure, run our Quick Setup Wizard and accept the default values to enable all the Web Application Firewall features necessary. We STRONGLY advise you to enable the SQLiShield and MUAShield features to successfully mitigate the two known major security issues which were discovered in Joomla! in the second half of 2015.

Joomla! 3.x only

Despite our policy of only allowing installation on the latest Joomla! release, this version will exceptionally run on Joomla! 3.0, 3.1, 3.2, 3.3 and 3.4 to mitigate the aforementioned Joomla! security issue.

Please note that we will only provide full support for the latest Joomla! version. Some features –like the Change administrator directory– may not work at all in older Joomla! versions. We've thoroughly tested the security critical Web Application Firewall features against older releases of Joomla! and found them to be working properly.

PHP 5.3.4 or later 5.x version is required

This version requires PHP 5.3.4 or later (e.g. 5.3.29 which is twenty five versions newer than PHP 5.3.4), 5.4, 5.5 or 5.6. Please note that PHP 5.3 is obsolete since August 2014 and we're going to stop supporting it without warning in future versions of our software. We'd like to remind you that Joomla! 3.x does not currently support PHP 7. Since our software runs inside Joomla! by definition our software doesn't currently run on PHP 7 either.

Note: there is no such thing as PHP 6. PHP versions jumped from 5.6 to 7.0. Why? Well, it's a long story. TL;DR: It doesn't have to make sense, just accept it.

Changelog

Bug fixes

  • [HIGH] Wrong display rendering of file diffs
  • [HIGH] You couldn't configure WAF under Joomla! 3.0 and 3.1 without setting the "Long Configure WAF page" option to Yes
  • [LOW] Notice thrown by the auto-update CLI script
  • [LOW] Some .htaccess Maker options were not compatible with the *!!OLD, INSECURE, DO NOT USE!!* Apache 1.3 version family
  • [LOW] The Quick Setup Wizard button was shown in the Core edition by accident
  • [MEDIUM] The administrator URL parameter wasn't saved by the Quick Setup Wizard

New features

  • Inform the user if he needs to supply the Download ID

Critical bugs and important changes

  • Detection and neutralization of the high priority Joomla! security issue 20151201, ref https://developer.joomla.org/security-centre/630-20151214-core-remote-code-execution-vulnerability.html

Take me to the downloads for this version

Version 3.6.4 Stable

Released on: Monday, 19 October 2015 03:52

 

Maturity
Stable
Released on
Monday, 19 October 2015 03:52
Viewed
4414 times

We consider this release a security release which should be installed by all users running a site with Joomla! 3.0, 3.1, 3.2, 3.3 or 3.4. The security issue being addressed does NOT have to do with Admin Tools itself; instead, we are providing mitigation for a high priority security issue in Joomla! 3 even on Joomla! versions the Joomla! project itself cannot support any more.

Security advisory for Joomla! 3

The Joomla! project announced the imminent availability of a new version which fixes a very high priority security issue. This issue has been discovered by different independent security researchers and affects certain Joomla! 3 versions. However, the patch to address this issue will only be available for Joomla! 3.4.

This version of Admin Tools contains all the necessary mitigation measures against this security issue. If unsure, run our Quick Setup Wizard and accept the default values to enable all the Web Application Firewall features necessary.

Joomla! 3 only

Despite our policy of only allowing installation on the latest Joomla! release, this version will exceptionally run on Joomla! 3.0, 3.1, 3.2, 3.3 and 3.4 to mitigate the aforementioned Joomla! security issue.

Please note that we will only provide full support for the latest Joomla! version. Some features –like the Change administrator directory– may not work at all in older Joomla! versions. We've thoroughly tested the security critical Web Application Firewall features against older releases of Joomla! and found them to be working properly.

PHP 5.3.4 or later 5.x version is required

This version requires PHP 5.3.4 or later (e.g. 5.3.29 which is twenty five versions newer than PHP 5.3.4), 5.4, 5.5 or 5.6. Please note that PHP 5.3 is obsolete since August 2014 and we're going to stop supporting it without warning in future versions of our software. We'd like to remind you that Joomla! 3.x does not currently support PHP 7. Since our software runs inside Joomla! by definition our software doesn't currently run on PHP 7 either.

Note: there is no such thing as PHP 6. PHP versions jumped from 5.6 to 7.0. Why? Well, it's a long story. TL;DR: It doesn't have to make sense, just accept it.

Changelog

Bug fixes

  • [HIGH] Possible false negatives for certain query parameters when applying WAF protections
  • [LOW] Fixed WAF exceptions when we have no option parameter
  • [LOW] Fixed double slash in www to non-www redirect with no rewrite base parameter

New features

  • Support array query parameters in the WAF blacklist feature
  • Support negated RegEx in the WAF blacklist feature (for both the query parameter and the query value)

Miscellaneous changes

  • Improved SQLiShield feature
  • This version is compatible with Joomla! 3.0 to 3.4, inclusive

Take me to the downloads for this version

Version 3.6.3 Stable

Released on: Thursday, 08 October 2015 16:21

 

Maturity
Stable
Released on
Thursday, 08 October 2015 16:21
Viewed
2376 times

This is a bugfix release addressing high priority issues discovered in the last release.

Joomla! 3 only

Our software now only supports the latest stable version of Joomla! available. At the time of this writing it is 3.4.4. Using older versions is NOT recommended for security reasons.

PHP 5.3.4 or later 5.x version is required

This version requires PHP 5.3.4 or later (e.g. 5.3.29 which is twenty five versions newer than PHP 5.3.4), 5.4, 5.5 or 5.6. Please note that PHP 5.3 is obsolete since August 2014 and we're going to stop supporting it without warning in future versions of our software. We'd like to remind you that Joomla! 3.x does not currently support PHP 7. Since our software runs inside Joomla! by definition our software doesn't currently run on PHP 7 either.

Note: there is no such thing as PHP 6. PHP versions jumped from 5.6 to 7.0. Why? Well, it's a long story. TL;DR: It doesn't have to make sense, just accept it.

Changelog

Bug fixes

  • [HIGH] Updating the component with the "System - Admin Tools" plugin disabled results in a white page
  • [HIGH] UploadShield would cause blank pages when uploading files in the front-end

Miscellaneous changes

  • Workaround for hosts who blacklist the wrong domain name

Take me to the downloads for this version

Version 3.6.2 Stable

Released on: Monday, 05 October 2015 01:33

 

Maturity
Stable
Released on
Monday, 05 October 2015 01:33
Viewed
1651 times

This is a bugfix release, addressing known issues.

Joomla! 3 only

Our software now only supports the latest stable version of Joomla! available. At the time of this writing it is 3.4.1. Using older versions is NOT recommended for security reasons.

PHP 5.3.4 or later is required

This version requires PHP 5.3.4 or later (e.g. 5.3.29 which is twenty five versions newer than PHP 5.3.4), 5.4, 5.5 or 5.6. Please note that PHP 5.3 is obsolete since August 2014 and we're going to stop supporting it without warning in future versions of our software. We'd like to remind you that Joomla! 3.x does not currently support PHP 7. Since our software runs inside Joomla! by definition our software doesn't currently run on PHP 7 either.

Note: there is no such thing as PHP 6. PHP versions jumped from 5.6 to 7.0. Why? Well, it's a long story. TL;DR: It doesn't have to make sense, just accept it.

Changelog

Bug fixes

  • [HIGH] The CORS option in the .htaccess Maker had a typo which caused a 500 error when you enable it
  • [LOW] Fixed away schedule when it was spanning across the night
  • [LOW] Fixed exporting only some of the settings
  • [LOW] Fixed import settings when some of them are empty
  • [LOW] The autoupdate script could not download the package in PRO versions
  • [MEDIUM] You couldn't use HTML in the custom security exception and block messages

New features

  • Quick Setup Wizard to get you quickly started with the security setup of your site
  • You can now turn off IP workarounds
  • You can now unblock your IP with a single click
  • You can set WAF Exceptions for SEF URLs
  • You can set up email templates for failed/successful administrator login and automatic IP banning of repeat offenders

Take me to the downloads for this version

Version 3.6.1 Stable

Released on: Tuesday, 07 July 2015 04:37

 

Maturity
Stable
Released on
Tuesday, 07 July 2015 04:37
Viewed
13066 times

This is a bugfix release, addressing known issues.

Joomla! 3 only

Our software now only supports the latest stable version of Joomla! available. At the time of this writing it is 3.4.1. Using older versions is NOT recommended for security reasons.

PHP 5.3.4 or later is required

This version requires PHP 5.3.4 or later (e.g. 5.3.29 which is twenty five versions newer than PHP 5.3.4), 5.4, 5.5 or 5.6. Please note that PHP 5.3 is obsolete since August 2014 and we're going to stop supporting it without warning in future versions of our software. We'd like to remind you that Joomla! 3.x does not currently support PHP 7. Since our software runs inside Joomla! by definition our software doesn't currently run on PHP 7 either.

Note: there is no such thing as PHP 6. PHP versions jumped from 5.6 to 7.0. Why? Well, it's a long story. TL;DR: It doesn't have to make sense, just accept it.

Changelog

Bug fixes

  • [LOW] .htaccess and NginX Maker: compatibility issues with PHP 5.3 – Last version to support PHP 5.3.
  • [LOW] Option to prevent plugin reordering was not honoured
  • [LOW] The admintools-update.php script was broken
  • [MEDIUM] Third party security exception integration was not working

Miscellaneous changes

  • .htaccess Maker: Better implementation of "Disable HTTP methods TRACE and TRACK", compatible with Apache 1.3 and 2.2

Take me to the downloads for this version

Version 3.6.0 Stable

Released on: Tuesday, 23 June 2015 08:10

 

Maturity
Stable
Released on
Tuesday, 23 June 2015 08:10
Viewed
4157 times

This is a maintenance release adding new features and introducing improvements in the PHP File Scanner, .htaccess Maker, NginX Conf Maker and Database Collation features. Please read the updated documentation and regenerate your .htaccess and NginX .conf files.

Release highlights

.htaccess and NginX Conf Maker improvements. We have added nearly two dozen new protection and site optimisation options in these two features. Please read the updated documentation and regenerate your .htaccess and NginX .conf files.

Improved PHP File Scanner. The threat scores are calculated more realistically now.

Joomla! 3 only

Our software now only supports the latest stable version of Joomla! available. At the time of this writing it is 3.4.1. Using older versions is NOT recommended for security reasons.

PHP 5.3.4 or later 5.x version is required

This version requires PHP 5.3.4 or later (e.g. 5.3.29 which is twenty five versions newer than PHP 5.3.4), 5.4, 5.5 or 5.6. Please note that PHP 5.3 is obsolete since August 2014 and we're going to stop supporting it without warning in future versions of our software. We'd like to remind you that Joomla! 3.x does not currently support PHP 7. Since our software runs inside Joomla! by definition our software doesn't currently run on PHP 7 either.

Note: there is no such thing as PHP 6. PHP versions jumped from 5.6 to 7.0. Why? Well, it's a long story. TL;DR: It doesn't have to make sense, just accept it.

Changelog

Bug fixes

  • [LOW] Geographic Blocking page: select all / none not working (leftover mooTools code)
  • [LOW] Master Password page: select all / none not working (leftover mooTools code)
  • [LOW] NginX Maker: The Preview button didn't work

New features

  • .htaccess Maker & NginX Conf Maker: "Do not display in IFrame" option for HTTPS site
  • .htaccess Maker & NginX Conf Maker: "Enable CORS (Cross Origin Request Sharing)" option
  • .htaccess Maker & NginX Conf Maker: "Forbid TRACE and TRACK" option
  • .htaccess Maker & NginX Conf Maker: "Protect against clickjacking" option
  • .htaccess Maker: "Set the UTF-8 character set as the default" option
  • .htaccess Maker: Choose how to send ETags (or whether not to send them at all)
  • .htaccess Maker: Force GZip compression for mangled Accept-Encoding headers
  • .htaccess Maker: Prevent content transformation
  • .htaccess Maker: Protection against third party settings modification and .htaccess file regeneration
  • .htaccess Maker: Reduce MIME type security risks
  • .htaccess Maker: Reflected XSS prevention
  • .htaccess Maker: Remove Apache and PHP version signature
  • .htaccess Maker: Will not allow you to add php as an allowed extension for the front-end and back-end protection as that nullifies the protection!
  • .htaccess Maker: apply expiration headers also to .ogg files
  • Add UTF-8 Multibyte (e.g. Emoji) support with the Database Collation feature!
  • NginX Maker: Allows you to set up more complex fastcgi pass-throughs
  • NginX Maker: Enable or disable ETags
  • NginX Maker: Prevent content transformation
  • NginX Maker: Protection against third party settings modification and nginx.conf file regeneration
  • NginX Maker: Reduce MIME type security risks
  • NginX Maker: Reflected XSS prevention
  • NginX Maker: Will not allow you to add php as an allowed extension for the front-end and back-end protection as that nullifies the protection!
  • You can now disable automatically reordering the Admin Tools system plugin
  • [HIGH] NginX Maker: Front-end protection could lead to an infinite redirection loop with SEF URLs on multi-language sites
  • [LOW] NginX Maker: The "No directory indexes" option could cause problems with SEF URLs on multi-language sites

Miscellaneous changes

  • The PHP File Scanner was updated. The threat scores are now more realistically calculated.

Take me to the downloads for this version

Version 3.5.1 Stable

Released on: Tuesday, 31 March 2015 19:00

 

Maturity
Stable
Released on
Tuesday, 31 March 2015 19:00
Viewed
15588 times

This is a bugfix release, addressing known issues.

PHP 5.3.4 or later is required

This version requires PHP 5.3.4 or later, due to show-stopper bugs in earlier versions of PHP 5.3. Important note on reading PHP versions: PHP 5.3.20 is newer than 5.3.10 which is newer than 5.3.4. Moreover, PHP 5.4.0 is newer than PHP 5.3.4. Joomla! 3.3 and later already requires PHP 5.3.10 or later. Also keep in mind that the entire PHP 5.3 series is end of life since August 2014 and MUST NOT be used on live sites any more for performance and security reasons.

Compatibility with Joomla! versions

This release requires any version in the Joomla! 3.3.x or 3.4.x family. It is NOT compatible with older versions of Joomla! including all 1.x, 2.x, 3.0.x, 3.1.x and 3.2.x releases. In any case, if your server doesn't meet the minimum requirements our pre-installation check asks Joomla! to cancel the installation and tell you exactly why it cannot be installed (minimum PHP or Joomla! version not satisfied).

Reading Joomla! versions: Joomla! 2.5.20 is newer than 2.5.10 which is newer than 2.5.6. Moreover, Joomla! 3.4.0 is newer than 3.3.6 which is newer than 2.5.28. In other words, you need to separately compare each one of the the three numbers separated by dots. These numbers are NOT decimals and trailing zeroes DO matter, i.e. 1.10 (pronounced "one dot ten", not one dot one oh) is larger than 1.2.

Changelog

Miscellaneous changes

  • Minor, mostly cosmetic, changes in the Joomla Update Check plugin
  • Restored the Custom administrator directory feature. This feature is provided WITHOUT ANY SUPPORT WHATSOEVER.

Take me to the downloads for this version

Version 3.4.4 Stable

Released on: Monday, 16 February 2015 04:18

 

Maturity
Stable
Released on
Monday, 16 February 2015 04:18
Viewed
13719 times

This is a bugfix release of Admin Tools.

This version requires PHP 5.3.4+, 5.4 or 5.5 and Joomla! 2.5.6+, 3.2.1+ or 3.3. Please note that Joomla! 3.0/3.1 is no longer supported.

Release notes

This version of Admin Tools fixes minor issues with Joomla! 2.5. Please remember that Admin Tools 3.4.x is the last release branch to support Joomla! 2.5. The next version branch of Admin Tools (3.5.x) will only support Joomla! 3.2 and later.

Changelog

Bug fixes

  • [MEDIUM] Custom administrator directory: some servers misbehave when asked to access /administrator instead of /administrator/index.php
  • [MEDIUM] Two Factor Authentication was not working

Take me to the downloads for this version

Version 3.3.1 Stable

Released on: Friday, 17 October 2014 04:06

 

Maturity
Stable
Released on
Friday, 17 October 2014 04:06
Viewed
15426 times

This is a bugfix release of Admin Tools.

This version requires PHP 5.3.4+, 5.4 or 5.5 and Joomla! 2.5.6+, 3.2.1+ or 3.3. Please note that Joomla! 3.0/3.1 is no longer supported.

Release notes

This version of Admin Tools fixes two issues with Joomla! 2.5 and adds an installation self-check feature.

Version 3.3 highlights

A better, more stable way to install and update the database tables. Previous versions were using the database installation and update code in Joomla! itself which was notoriously buggy and resulted in erratic behaviour. In this release we use our own database installer / updater for the base tables of our component. Unfortunately, due to the rules in the Joomla! Extensions Directory, we still have to rely on Joomla!'s code for the administrator menu item creation which may cause no menu item appearing under components on very few sites. We are aware of it, we know how to fix it, but we are not allowed to on penalty of being permanently banned from the directory!

Show the update information in the control panel page. In the previous version we introduced the integration with Joomla!'s own extensions updater. Unfortunately you could no longer see the update information in the component's control panel page. This version fixes it and allows you to force-reload the update information if you need to as Joomla! no longer lets you do that in the latest 3.x versions (for no good reason, really).

Some features not shown on servers which don't support them to prevent confusion. Namely the "Emergency off-line", ".htaccess Maker" and "Password-protect administrator" are not shown on servers which are known to not support .htaccess files. Also the "Permissions Configuration" and "Fix Permissions" features are not shown on Windows servers as the notion of permissions does not exist there. Please remember that when Admin Tools is not absolutely sure it will display the feature anyway!

NginX Configuration Maker brings the power of the .htaccess Maker to the high-performance NginX server! The generated configuration can be added manually to your nginx.conf file or a file can be written in your web root to be included by NginX (note: only the first option is considered secure).

Option to reset Joomla!'s Two Factor Authentication when a user resets their password. Sometimes users who have enabled the Two Factor Authentication (TFA) features on Joomla! 3.2 and later lose their device. Normally they have to go through a site administrator to have them manually deactivate the TFA. With this option the TFA is disabled following a successful password reset of the user account. It's less secure but more convenient.

ON POPULAR REQUEST: Added template emails for security exceptions notifications. You can now have a different email sent out depending on the security exception type. You can also define rate limits for emails so that your inbox doesn't get flooded when you're under attack by a botnet that Admin Tools is successfully coping with.

ON POPULAR REQUEST: Repeated auto-bans can lead to permanent ban. If an IP is constantly triggering the automatic IP ban feature it can get permanently banned, i.e. added to the IP Blacklist. You can configure if and when this will happen.

Forbid HTTP TRACE and TRACK methods (XST protection). One more protection added to .htaccess and NginX Configuration Maker, this time preventing Cross Site Tracking attacks which tend to leave no traces in your server access logs.

Away schedule. Block access to the administrator section of your site between certain times of the day. Useful if you are the sole administrator of a site and don't want hackers to have a chance of logging in while you are fast asleep.

ON POPULAR REQUEST: Admin cloaking. Admin Tools can cloak your administrator URL. Going directly to http://www.example.com/administrator will throw you back to the site's main page (and a security exception will be logged). Instead, going to http://www.example.com/mysecret (where mysecret is configurable) will allow you to see the administrator login page.

Changelog

Bug fixes

  • [HIGH] Missing files in core package leading to incorrect post-setup page under Joomla 2.5
  • [LOW] Database repair CLI script is not installed
  • [MEDIUM] Logging out of Joomla! 2.5 when using secret URL parameter may raise security exception

New features

  • Self-check the installation. If files are missing or have been tampered with you will be notified about it.

Take me to the downloads for this version

Version 3.1.1 Stable

Released on: Friday, 12 September 2014 02:23

 

Maturity
Stable
Released on
Friday, 12 September 2014 02:23
Viewed
13480 times

This is a regular minor release, solving minor issues detected in the previous stable release and adding new minor features.

Release highlights

Added feature to purge PHP Scanner's scanned files cache. This will reduce the database space being used and allow you to start the next scan from a blank state.

Added CLI script to check and repair database tables. It's the same feature as the one provided by the Admin Tools system plugin but you can now use it through a CRON job.

You can now export and import Admin Tools settings. On popular request we added the ability to export and import the most important Admin Tools settings. Please note that after importing Admin Tools settings on a new site you are advised to review at the very least the .htaccess Maker settings to ensure that they reflect the new site's domain name and directory.

Added option to block user registration from selected email addresses. Certain email domain names, mostly free email services, are regularly abused for spam registrations. If you feel so inclined you can now block user registrations from these email domains.

Help us get more insight. Our software includes code to anonymously report your PHP, MySQL, Joomla! and Akeeba Backup version. This information cannot be linked to a particular site or person. It will help us get a glimpse at which versions are in use in real world servers, in what relative percentage, and let us to better plan our deprecation strategy. If you don't wish to take part to this anonymous data collection you can opt out from the component's Options page at any time.

PHP 5.3, 5.4, 5.5 or 5.6 is required

This version requires PHP 5.3, 5.4, 5.5 or 5.6. The rationale behind this is explained in our statement of mid-February 2013. It won't install on hosts running PHP 5.2 or earlier. PHP 5.3.4 or later is required, due to show-stopper bugs in earlier versions of PHP 5.3. Important note on reading PHP versions: PHP 5.3.20 is newer than 5.3.10 which is newer than 5.3.4. Moreover, PHP 5.4.0 is newer than PHP 5.3.4.

Due to the necessary Joomla! API changes found only in Joomla! 2.5.6 or later, this version will not install on Joomla! 2.5.5 or earlier versions. In any case, if your server doesn't meet the minimum requirements it will tell you exactly why it cannot be installed (minimum PHP or Joomla! version not satisfied).

Joomla! 2.5, 3.2, 3.3, 3.4 are supported

This version of our software can be installed on Joomla! 2.5.6 or any later 2.5.x release, as well as any 3.2.x, 3.3.x or 3.4.x release. It is not compatible with Joomla! 3.0 or 3.1. These versions of Joomla! are old and vulnerable. If you are using them please upgrade to the latest Joomla! 3 release available from Joomla.org.

Important note regarding Joomla! updates

Admin Tools 2.5.7 and later no longer includes the Joomla! Updater feature and the Joomla! update icon notification plugin. As the core Joomla! Update component and icon notification plugin, written by our team and donated to the Joomla! project, have a very slow release cycle we decided to release an improved Joomla! update component called Akeeba CMS Update. It is available free of charge. Even though it's marked as beta we consider it stable enough to use it on production sites. There is a known issue: we cannot work around Joomla!'s post-installation script which is bound to fail on low-end shared hosts. Unfortunately this is a problem with Joomla! itself and it prevents us from providing a smooth update experience to all of our users. Since we have no control over that piece of Joomla! code which is necessary to perform updates we ask you to go to Extensions Manager, Database and click on the Fix button after the upgrade is complete to make sure that your site is fully upgraded. Also note that third party extensions, including templates, might not be compatible with newer versions of Joomla!. Always check with your extensions developers before upgrading to a new minor (e.g. 3.3 to 3.4) or major (e.g. 2.x to 3.x) version of Joomla!.

Changelog

Critical bugs and important changes

  • PHP File Change Scanner is broken

Take me to the downloads for this version

Version 2.4.6 Stable

Released on: Monday, 29 September 2014 19:00

 

Maturity
Stable
Released on
Monday, 29 September 2014 19:00
Viewed
3905 times

This is a security release addressing a high impact, but very unlikely, security issue with the Joomla! Update feature. All users are advised to upgrade. For more information please consult our news article.

Please note that this old release of Admin Tools is end of life and no longer supported. This security fix is provided as a courtesy and does not imply that we will provide any kind of support for it.

This is a security release addressing a high impact, but very unlikely, security issue with the Joomla! Update feature. All users are advised to upgrade. For more information please consult our news article.

Please note that this old release of Admin Tools is end of life and no longer supported. This security fix is provided as a courtesy and does not imply that we will provide any kind of support for it.

Take me to the downloads for this version

Version 2.2.a5 Alpha

Released on: Monday, 29 September 2014 19:00

 

Maturity
Alpha
Released on
Monday, 29 September 2014 19:00
Viewed
2083 times

This is a security release addressing a high impact, but very unlikely, security issue with the Joomla! Update feature. All users are advised to upgrade. For more information please consult our news article.

Please note that this old release of Admin Tools is end of life and no longer supported. This security fix is provided as a courtesy and does not imply that we will provide any kind of support for it.

This is a security release addressing a high impact, but very unlikely, security issue with the Joomla! Update feature. All users are advised to upgrade. For more information please consult our news article.

Please note that this old release of Admin Tools is end of life and no longer supported. This security fix is provided as a courtesy and does not imply that we will provide any kind of support for it.

Take me to the downloads for this version

Version 2.2.12 Stable

Released on: Monday, 29 September 2014 19:00

 

Maturity
Stable
Released on
Monday, 29 September 2014 19:00
Viewed
4557 times

This is a security release addressing a high impact, but very unlikely, security issue with the Joomla! Update feature. All users are advised to upgrade. For more information please consult our news article.

Please note that this old release of Admin Tools is end of life and no longer supported. This security fix is provided as a courtesy and does not imply that we will provide any kind of support for it.

This is a security release addressing a high impact, but very unlikely, security issue with the Joomla! Update feature. All users are advised to upgrade. For more information please consult our news article.

Please note that this old release of Admin Tools is end of life and no longer supported. This security fix is provided as a courtesy and does not imply that we will provide any kind of support for it.

Take me to the downloads for this version

Version 2.1.16 Stable

Released on: Monday, 29 September 2014 19:00

 

Maturity
Stable
Released on
Monday, 29 September 2014 19:00
Viewed
3648 times

This is a security release addressing a high impact, but very unlikely, security issue with the Joomla! Update feature. All users are advised to upgrade. For more information please consult our news article.

Please note that this old release of Admin Tools is end of life and no longer supported. This security fix is provided as a courtesy and does not imply that we will provide any kind of support for it.

This is a security release addressing a high impact, but very unlikely, security issue with the Joomla! Update feature. All users are advised to upgrade. For more information please consult our news article.

Please note that this old release of Admin Tools is end of life and no longer supported. This security fix is provided as a courtesy and does not imply that we will provide any kind of support for it.

Take me to the downloads for this version

Releases per page: