|How to secure your Joomla Site with jSecure Authentication|
|How to - CMS|
Joomla is a very versatile and easy to use CMS tool. As a result, its been preferred over most other CMS platforms. But, Joomla has one very critical drawback. Anyone can gain access to your Joomla site's backend login page just by appending /administrator to the site's url, eg: http://www.sitename.com/administrator. With such easy access to your site's backend login page, the chances of your site being hacked increases exponentially. The hacker can then use any brute force password hacking tool to hack your website. Remember, that your username is admin by default. So, in most cases the person just have to guess the password. With jSecure plugin, you can easily avoid this.
To download jSecure plugin click here. After you install this plugin, if you want to access your site's backend, you have to append /administrator?key instead of the usual /administrator. This key, holds the key to your site's existence on the web which only you are supposed to know. This key is nothing but a string of characters. To install follow the steps:
1. Go to Extensions and click on Install/Uninstall.
2. Browse to the plugin and click on Upload File & Install. This will install the plugin. You can view it in your plugin manager. When this article was written, plgSystemJSecure-1.0.9 was the latest version.
3. Next you have to change the key. The key is jSecure by default. Go to your plugin manager and click on jSecure Authentication. The plugin edit page pops up.
4. Change the key in the Plugin Parameters to any other string but jSecure. This string will be your key.
This is it. You are done. Next time you login you have to type http://www.sitename.com/administrator?key rather than just http://www.sitename.com/administrator. Try typing http://www.sitename.com/administrator in the browser and you will get a "404 - Page not found." error.