01 March 2009 Last updated on 22 March 2016

There are two editions of Admin Tools: Admin Tools Core and Admin Tools Professional. They are targeting different user groups, based on their security needs and experience level.

Admin Tools Core is the Free (as in "free speech" and as in "free beer") edition which contains the necessary features to update your core Joomla! installation, fix directory permissions and perform database maintenance. It's what we believe that all sites shouldn't do without, in one neat extensions. However, it is missing all the active security enhancing features of the Professional release. It's recommended for administrators of very small sites.

Admin Tools Professional, on the other hand, is the for-a-fee edition which has those extra features only useful to larger sites which require active security. We recommend it for power users and web professionals who want to enhance the security of their web sites.

To help you decide if Admin Tools Professional is worth trying, we have compiled the following comparison table:

FeatureCoreProfessional
Emergency Off-Line switch to put your site securely off-line in the case of an attack

Yes

Yes

Protection of its configuration with a Master Password

Yes

Yes

ACL: fine-grained control over which features each user can access

Yes

Yes

Protect access to your administrator directory with a username and password

Yes

Yes

Change your Super Administrator ID

Yes

Yes

Fix the permissions of all files and directories on your server or apply your own configurable, custom permissions down to file and directory level Yes Yes
Automatically rewrite links pointing to your old site's domain name / directory to point to your new domain name / directory

Yes

Yes

Automatically convert all links to insecure (HTTP) items to HTTPS when your site is accessed over SSL

Yes

Yes

One-click purge of your temporary directory

Yes

Yes

Change your database collation (MySQL only)

Yes

Yes

Repair and optimise all of your site's tables (MySQL only) Yes Yes
Purge and optimise the sessions table with a single click (MySQL only) Yes Yes
URL redirection with features beyond even what Joomla! has to offer

 

No

Yes

Scheduled cleanup of your temporary directory

No

Yes

Scheduled optimization of your sessions table (MySQL only)

No

Yes

Scheduled purge of your sessions table (MySQL only)

No

Yes

Automatic migration of hardcoded URLs in your articles, modules and everywhere when you change your site's domain name/location Yes Yes
CSS and JavaScript aggregation to speed up your site Yes Yes
PHP file changes and security scan No Yes
.htaccess and NginX Configuration Maker
Disable directory listings

No

Yes

Protect against common file injection attacks

No

Yes

Disable PHP Easter Eggs

No

Yes

Block access to security-sensitive files such as htaccess.txt, configuration.php-dist and php.ini in your site's root

No

Yes

Block specific user agents

No

Yes

Protection against direct access to PHP file. It can even block access to uploaded hacking scripts, mitigating the attack.

No

Yes

Force index.php parsing before index.html

No

Yes

Optimise expiration time (good for SEO)

No

Yes

Automatically compress static resources such as images, CSS, JS

No

Yes

Redirect index.php to site root

No

Yes

Redirect www to non-www, or non-www to www site, e.g. http://example.com to http://www.example.com

No

Yes

Redirect old domain name to new domain name

No

Yes

Force HTTPS for specific URLs, even when Joomla! doesn't let you to

No

Yes

Force HSTS header for increased HTTPS security

No

Yes

Web Application Firewall
Customised exceptions, down to the component, view or query string level

No

Yes

Full logging of security exceptions

No

Yes

Send out an email when a security exception occurrs

No

Yes

Geographic Blocking: prevent access to your site by specific countries or continents

No

Yes

IP black-listing: prevent access to your site by specific IP addresses or blocks of IP addresses

No

Yes

Administrator IP whitelist: only allow access to your site's administrator section by specific blocks of IP addresses

No

Yes

Administrator secret URL parameter. You can only see the administrator login page if you append ?secretWord to the URL (the secret word is customisable)

No

Yes

Change administrator login URL (e.g. use http://www.example.com/mylogin instead of http://www.example.com/administrator)

No

Yes

Send email on successful or failed administrator login

No

Yes

Customisable email templates and rate throttling for Admin Tools emails

No

Yes

Forbid front-end Super Administrator login to deter brute-force password cracking

No

Yes

SQLiShield protection against SQL injection attacks

No

Yes

Cross Site Scripting block (XSSShield)

No

Yes

Malicious User Agent block (MUAShield)

No

Yes

CSRF/Anti-spam form protection (CSRFShield)

No

Yes

Remote File Inclusion block (RFIShield)

No

Yes

Direct File Inclusion shield (DFIShield)

No

Yes

Uploads scanner (UploadShield)

No

Yes

Anti-spam filtering based on Bad Words list

No

Yes

Hide/customise generator meta tag

No

Yes

Block access to Joomla! extensions installer

No

Yes

Disable editing backend users' properties

No

Yes

X-Content-Encoded-By HTTP header content for GZip compression customisation

No

Yes

X-Powered-By HTTP header override

No

Yes

Block tmpl=foo system template switch

No

Yes

Block template=foo site template switch

No

Yes

Integration with Project Honeypot's HTTP:BL anti-spam / anti-hacker IP blocking directory

No

Yes

Auto-ban IPs causing excessive security exceptions (fully customisable)

No

Yes

Subscribe now