Akeeba Admin Tools is a comprehensive security hardening and maintenance toolkit for Joomla. It provides a Web Application Firewall (WAF), automated .htaccess and web.config generation, IP blocking, URL redirection management, and a file integrity scanner — all in one component without requiring server-level access.
Web Application Firewall (WAF)
The WAF inspects every incoming request and blocks known attack patterns before they reach Joomla. Go to Admin → Admin Tools → WAF Configuration. Key WAF features:
| Feature | Purpose |
|---|---|
| IP Blocking | Block specific IPs or CIDR ranges permanently |
| Auto-ban | Automatically ban IPs after a configurable number of WAF triggers |
| Geoblocking | Block entire countries by IP range (Pro) |
| Bad word filtering | Block requests containing known malicious strings |
| SQL injection protection | Block common SQL injection patterns in GET/POST data |
| Base64 detection | Flag suspicious base64-encoded payloads |
| Admin secret URL | Add a required query parameter to the admin login URL |
.htaccess Maker
Go to Admin Tools → .htaccess Maker. This tool generates a hardened .htaccess file for Apache servers with one click. Key options:
- Redirect HTTP to HTTPS
- Force www or non-www canonical URL
- Block direct access to PHP files in core directories
- Disable directory listing
- Set correct MIME types for web fonts and media files
- Browser caching headers per file type
- Hotlink protection for images
File Scanner
Go to Admin Tools → Scans. The scanner takes a baseline snapshot of all PHP files and their hashes, then on subsequent scans alerts you to:
- New PHP files added since the last scan (potential injected malware)
- Modified PHP files (potential tampering)
- Deleted files
Schedule regular scans via the Joomla Scheduler or cron. Review alerts in Admin Tools → Scan Alerts.
IP Management
| Tool | Purpose |
|---|---|
| IP Blocklist | Permanently block specific IPs from the frontend and admin |
| IP Allowlist | Restrict admin access to specific IPs only |
| Auto-ban History | Review and unban auto-banned IPs |
| Unblock My IP | Emergency self-unblock via a secret URL if you accidentally ban yourself |
URL Redirections
Admin Tools includes a URL redirection manager as an alternative to Joomla's built-in Redirect component. It supports 301, 302, 303, and 307 redirects with regex pattern matching for bulk redirects from old URL structures.
Temporary Super User
Grant temporary Super User access to a regular user account for a defined time period without permanently elevating their privileges. The elevation expires automatically at the configured time. Useful for granting developer access to a production site without creating permanent admin accounts.