Most of attacks on the web - and Joomla sites aren't an exception - are made fully or in first phase at least by automated robots. These are using known entrance points as administrator logins to most used software solutions to try they chances to break in. So it's a wise move to change these well known locations. But wait! The need to upgrade compatibility may made this difficult, so, how we can do this without changing a line in Joomla code?

Here how you can do this: If you want to change the URL of the administrator login for Joomla easily without changing any line in the original code, here is what you can do:

  1. Create a new folder and name it your way, for example /dungeon
  2. In the folder "dungeon" create a new index.php file containing this code:
     header("Location: /administrator/index.php");
  3. In the siteroot add to the .htaccess file (or, if you don't have already one, create it!) the following lines:
     RewriteEngine On
     RewriteCond %{REQUEST_URI} ^/administrator
     RewriteCond %{HTTP_COOKIE} !JoomlaAdminSession=123123123
     RewriteRule .* - [L,F]

This will have the simple effect of generating an error message if someone directly access the /administrator folder of your site.

To avoid this error message you (and any Administrator user of your site) will need to access first your newly createdfolder (as per above, /dungeon), from where will be redirected to the backendinterface.

Note: replace "123123123" and "dungeon" with a combination you like, but be sure to change the content of index.php and .htaccess files accordingly!

This will not make your site hacker-proof, but will add another layer of security to your site. And the war against hackers the slightest advantage you can gain can make the difference!

Category: Secure Joomla