By following the yoursite.com/administrator link, you can start logging into the admin section. And if you accidentally reveal your account information, an intruder can do anything on your site. This plugin was created to increase the security of the admin section. Even if an intruder knows the login information, they still have to go through one more step to gain access to the admin section of the website.
Why you should use it:
- Requires OTP to log in: An OTP code will be sent to the administrator's email address, suspicious logins will be asked to enter it.
- Block suspicious logins: If this login comes from a suspicious IP address, an email will be sent to the administrator. At this point, the admin can confirm it's them or not. When the person who is logging in is not an administrator, this IP will be locked and the login session will then be automatically deleted.
* This extension works for Joomla 3 and 4.
After successful installation, go to Admin page > Plugin Manager > User - Admin Login Warning to set it up and enable it.
The parameters include:
- Email Address: Security codes and login alerts will be sent to this email address.
- Email Key: This key is used to perform tasks via email without having to log in.
- IP Whitelisting: All security features are disabled when IPs are on this list.
- Security code: Requires a security code (sent to the above email address) when the visitor's IP is not whitelisted.
- IP Blacklist: When a user has an IP address in this list, they cannot log in to the admin section.