When a site is under attack, is there a way to lock down admin access completely, instead of doing an emergency offline mode which brings the entire website down?
#18131 Admin access lockdown
Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket
Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Environment Information
Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a
Latest post by user77751 on Friday, 15 November 2013 12:42 CST
Friday, 15 November 2013 12:16 CST
user77751
Friday, 15 November 2013 12:24 CST
nicholas
Akeeba Staff
Manager
No and you should never need to do that. If you need to "lock down" admin access it simply means that you didn't protect it properly to begin with! When you use the secret URL parameter, two factor authentication and administrator password protection you are more protected than you will realistically ever need.
The administrator password protection means that the attacker has to first guess these two pieces of information before being able to do as much as access the index.php file in the administrator directory. Even if they guess it the secret URL parameter means that attackers won't even see the login page unless they know that bit. Even if they still manage to guess all of that they have a six digit code which changes every 30 seconds. It's more probable that you win the lottery six times in a row than hackers guessing successfully all of the above at the same time.
The administrator password protection means that the attacker has to first guess these two pieces of information before being able to do as much as access the index.php file in the administrator directory. Even if they guess it the secret URL parameter means that attackers won't even see the login page unless they know that bit. Even if they still manage to guess all of that they have a six digit code which changes every 30 seconds. It's more probable that you win the lottery six times in a row than hackers guessing successfully all of the above at the same time.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!
Friday, 15 November 2013 12:42 CST
user77751
Thanks for the explanation. I'll go buy a lottery ticket now. :)