WEBVTT 1 00:00:08.668 --> 00:00:10.568 There are several methods in Admintools 2 00:00:11.086 --> 00:00:13.399 to restrict access to the administrator 3 00:00:13.399 --> 00:00:15.399 interface of your website. 4 00:00:16.216 --> 00:00:17.489 The first we have already seen in the 5 00:00:17.489 --> 00:00:19.489 Web Application Firewall video. 6 00:00:20.867 --> 00:00:22.867 If we look at the Configure WAF 7 00:00:23.545 --> 00:00:25.545 here we can see that I can restrict 8 00:00:25.545 --> 00:00:27.545 administrator access only 9 00:00:27.545 --> 00:00:29.750 to IP addresses in a whitelist 10 00:00:30.260 --> 00:00:32.260 or disallow access to IPs 11 00:00:32.821 --> 00:00:34.821 that are in a blacklist. 12 00:00:35.521 --> 00:00:37.521 As most people want to be able to access 13 00:00:37.521 --> 00:00:39.521 their website administrator 14 00:00:39.521 --> 00:00:41.521 wherever they are perhaps 15 00:00:41.521 --> 00:00:43.521 when they are roaming from an internet cafe 16 00:00:43.521 --> 00:00:45.521 or their mobile phone 17 00:00:45.521 --> 00:00:47.865 I don't recommend that you set the whitelist up. 18 00:00:49.585 --> 00:00:51.585 You can also lockdown your administrator 19 00:00:51.585 --> 00:00:53.585 interface at certain hours of the day 20 00:00:53.745 --> 00:00:55.745 by setting an away schedule. 21 00:00:56.401 --> 00:00:58.401 For example I can prevent 22 00:00:58.401 --> 00:01:01.306 access from 18:00 to 08:00 23 00:01:01.897 --> 00:01:03.897 However, again 24 00:01:04.181 --> 00:01:06.181 in case of mergency this might not be 25 00:01:06.181 --> 00:01:08.181 the best option. 26 00:01:09.136 --> 00:01:11.136 Another option that we saw in the installation 27 00:01:11.319 --> 00:01:13.674 video is to set an Administrator 28 00:01:13.675 --> 00:01:15.675 secret URL parameter. 29 00:01:16.630 --> 00:01:18.630 If you Enter a word or phrase here 30 00:01:18.630 --> 00:01:20.630 that is easy to remember 31 00:01:20.630 --> 00:01:22.285 AND without any spaces, 32 00:01:22.382 --> 00:01:24.382 and then Save & Close. 33 00:01:26.387 --> 00:01:28.387 If we now log out of our website 34 00:01:28.387 --> 00:01:30.387 and try to log back in 35 00:01:30.387 --> 00:01:33.124 by typing in the administrator url, 36 00:01:33.561 --> 00:01:35.561 you will be redirected to the home 37 00:01:35.561 --> 00:01:37.561 page of your website. 38 00:01:37.882 --> 00:01:39.882 The only way you will be able to 39 00:01:39.882 --> 00:01:41.882 log in to the administrator 40 00:01:41.882 --> 00:01:44.381 is by typing administrator 41 00:01:44.585 --> 00:01:46.585 followed by question mark 42 00:01:46.585 --> 00:01:48.862 and then the special word or phrase. 43 00:01:50.182 --> 00:01:52.900 Once you've done that you can log in as usual. 44 00:01:55.072 --> 00:01:57.072 Whilst this will prevent most types of 45 00:01:57.072 --> 00:01:58.737 brute force attacks 46 00:01:58.737 --> 00:02:00.737 a far better option is to use 47 00:02:00.744 --> 00:02:02.377 the password protect feature 48 00:02:02.482 --> 00:02:04.913 we also saw in the installation video. 49 00:02:07.887 --> 00:02:09.887 With this method you can prevent 50 00:02:09.887 --> 00:02:11.887 access to your administrator 51 00:02:11.887 --> 00:02:13.887 with an additional username and password. 52 00:02:15.870 --> 00:02:18.685 Enter the username and password that you want to use. 53 00:02:19.640 --> 00:02:21.640 his should not be the same as your 54 00:02:21.640 --> 00:02:23.640 password for anything else, 55 00:02:23.640 --> 00:02:26.633 including your Joomla administrator login. 56 00:02:27.435 --> 00:02:29.435 And click on Password protect. 57 00:02:31.075 --> 00:02:33.075 A pop up box will immediately be 58 00:02:33.075 --> 00:02:35.467 displayed requesting authentication 59 00:02:35.919 --> 00:02:37.919 and before you can proceed 60 00:02:37.919 --> 00:02:39.919 you must now enter the details 61 00:02:39.919 --> 00:02:41.919 that you just entered. 62 00:02:42.349 --> 00:02:44.349 If someone now goes to your website 63 00:02:45.275 --> 00:02:47.275 and attempts to log in to the administrator 64 00:02:47.275 --> 00:02:49.275 URL they will get a popup 65 00:02:49.275 --> 00:02:51.275 box asking for that additional 66 00:02:51.275 --> 00:02:53.275 username and password. 67 00:02:54.769 --> 00:02:56.769 The final protection that Admintools 68 00:02:56.769 --> 00:02:59.625 provides is called Emergency Off-line. 69 00:03:00.893 --> 00:03:02.893 If for any reason you need to make sure 70 00:03:02.893 --> 00:03:04.893 that your web site is completely 71 00:03:04.886 --> 00:03:07.091 offline and can't be used for 72 00:03:07.097 --> 00:03:09.097 anything we can select this option 73 00:03:09.943 --> 00:03:11.943 and it will add these rules to your 74 00:03:11.943 --> 00:03:14.646 .htaccess file in the site root. 75 00:03:16.206 --> 00:03:18.206 What this will do is ensure that 76 00:03:18.206 --> 00:03:20.206 any requests to your website 77 00:03:20.206 --> 00:03:23.904 are redirected to a file called offline.html. 78 00:03:25.274 --> 00:03:27.274 You will of course need to create some simple 79 00:03:27.274 --> 00:03:30.084 html file called offline.html 80 00:03:30.404 --> 00:03:32.404 to explain that your site is offline 81 00:03:32.404 --> 00:03:34.404 otherwise they will see an ugly 82 00:03:34.404 --> 00:03:36.404 not found message. 83 00:03:36.404 --> 00:03:38.404 If I activate this by clicking on 84 00:03:38.404 --> 00:03:40.404 the Set Offline button 85 00:03:40.404 --> 00:03:42.404 the site is now in Emergency 86 00:03:42.404 --> 00:03:44.404 Off-line mode and anyone 87 00:03:44.404 --> 00:03:46.404 coming to the site will be 88 00:03:46.404 --> 00:03:48.404 redirected to that offline.html. 89 00:03:51.269 --> 00:03:53.269 As long as your internet connection and your 90 00:03:53.269 --> 00:03:55.269 IP address do not change 91 00:03:55.269 --> 00:03:57.269 you will still be able to access 92 00:03:57.269 --> 00:03:59.913 the site even when it's in offline mode. 93 00:04:02.319 --> 00:04:04.319 When you're ready to turn the site back 94 00:04:04.319 --> 00:04:07.274 online simply select Emergency Off-line 95 00:04:07.274 --> 00:04:10.093 and click the green Set Online. 96 00:04:11.454 --> 00:04:13.454 Anyone visiting your site now 97 00:04:13.454 --> 00:04:15.454 will see the site as you intended 98 00:04:15.454 --> 00:04:17.454 them to see it.