There are two editions of Admin Tools: Admin Tools Core and Admin Tools Professional. They are targeting different user groups, based on their security needs and experience level.
Admin Tools Core is the Free (as in "free speech" and as in "free beer") edition which contains the necessary features to update your core Joomla! installation, fix directory permissions and perform database maintenance. It's what we believe that all sites shouldn't do without, in one neat extensions. However, it is missing all the active security enhancing features of the Professional release. It's recommended for administrators of very small sites.
Admin Tools Professional, on the other hand, is the for-a-fee edition which has those extra features only useful to larger sites which require active security. We recommend it for power users and web professionals who want to enhance the security of their web sites.
To help you decide if Admin Tools Professional is worth trying, we have compiled the following comparison table:
Feature | Core | Professional |
---|---|---|
Emergency Off-Line switch to put your site securely off-line in the case of an attack | ||
Protection of its configuration with a Master Password | ||
ACL: fine-grained control over which features each user can access | ||
Protect access to your administrator directory with a username and password | ||
Change your Super Administrator ID | ||
Fix the permissions of all files and directories on your server or apply your own configurable, custom permissions down to file and directory level | ||
Automatically rewrite links pointing to your old site's domain name / directory to point to your new domain name / directory | ||
Automatically convert all links to insecure (HTTP) items to HTTPS when your site is accessed over SSL | ||
One-click purge of your temporary directory | ||
Change your database collation (MySQL only) | ||
Repair and optimise all of your site's tables (MySQL only) | ||
Purge and optimise the sessions table with a single click (MySQL only) | ||
URL redirection with features beyond even what Joomla! has to offer |
|
|
Scheduled cleanup of your temporary directory | ||
Scheduled optimization of your sessions table (MySQL only) | ||
Scheduled purge of your sessions table (MySQL only) | ||
Automatic migration of hardcoded URLs in your articles, modules and everywhere when you change your site's domain name/location | ||
CSS and JavaScript aggregation to speed up your site | ||
PHP file changes and security scan | ||
.htaccess and NginX Configuration Maker | ||
Disable directory listings | ||
Protect against common file injection attacks | ||
Disable PHP Easter Eggs | ||
Block access to security-sensitive files such as htaccess.txt, configuration.php-dist and php.ini in your site's root | ||
Block specific user agents | ||
Protection against direct access to PHP file. It can even block access to uploaded hacking scripts, mitigating the attack. | ||
Force index.php parsing before index.html | ||
Optimise expiration time (good for SEO) | ||
Automatically compress static resources such as images, CSS, JS | ||
Redirect index.php to site root | ||
Redirect www to non-www, or non-www to www site, e.g. http://example.com to http://www.example.com |
||
Redirect old domain name to new domain name | ||
Force HTTPS for specific URLs, even when Joomla! doesn't let you to | ||
Force HSTS header for increased HTTPS security | ||
Web Application Firewall | ||
Customised exceptions, down to the component, view or query string level | ||
Full logging of security exceptions | ||
Send out an email when a security exception occurrs | ||
Geographic Blocking: prevent access to your site by specific countries or continents | ||
IP black-listing: prevent access to your site by specific IP addresses or blocks of IP addresses | ||
Administrator IP whitelist: only allow access to your site's administrator section by specific blocks of IP addresses | ||
Administrator secret URL parameter. You can only see the administrator login page if you append ?secretWord to the URL (the secret word is customisable) |
||
Change administrator login URL (e.g. use http://www.example.com/mylogin instead of http://www.example.com/administrator) |
||
Send email on successful or failed administrator login |
||
Customisable email templates and rate throttling for Admin Tools emails |
||
Forbid front-end Super Administrator login to deter brute-force password cracking |
||
SQLiShield protection against SQL injection attacks |
||
Cross Site Scripting block (XSSShield) |
||
Malicious User Agent block (MUAShield) |
||
CSRF/Anti-spam form protection (CSRFShield) |
||
Remote File Inclusion block (RFIShield) |
||
Direct File Inclusion shield (DFIShield) |
||
Uploads scanner (UploadShield) |
||
Anti-spam filtering based on Bad Words list |
||
Hide/customise generator meta tag |
||
Block access to Joomla! extensions installer |
||
Disable editing backend users' properties |
||
X-Content-Encoded-By HTTP header content for GZip compression customisation |
||
X-Powered-By HTTP header override |
||
Block tmpl=foo system template switch |
||
Block template=foo site template switch |
||
Integration with Project Honeypot's HTTP:BL anti-spam / anti-hacker IP blocking directory | ||
Auto-ban IPs causing excessive security exceptions (fully customisable) |