Chapter 1. Getting Started

What is Admin Tools?

Admin Tools is a security component, i.e. a software solution which will help you tighten the security of your Joomla! site. Moreover, it has several features which will help you enhance the performance of your site and make your life administering the site a bit easier.

Admin Tools is written with Joomla! best practices in mind, using Joomla's extension development framework (“core MVC”). It uses a native Joomla! plugin to apply its security and performance enhancing feature. It does not touch Joomla's core files ("core hacks").

Admin Tools comes in two editions, the free of charge Core edition and the subscription-only Professional edition. The Core edition only has basic site management features, without any focus on security. The security features can only be found in the Professional edition.

A summary of the features of Admin Tools and how they relate to each edition can be found on our site.

Disclaimer

Security extensions —like Admin Tools— are designed to help you enhance your site's security, not make it invulnerable against all hacking attempts. Whereas it will make it harder for a potential attacker to obtain information pertaining your site and will give them a hard time attacking your site, there is nothing that can stop a determined attacker with plenty of resources from hacking a site with known security issues. For instance, if you have an outdated Joomla installation or a vulnerable component installed on your site there is very little which can be done to stall and rarely stop a determined attacker. Therefore a security extension should be viewed as one of the many tools in the arsenal of the defender, not as the only tool.

We are aware that some developers may market their products as a "complete protection" for your site, which is technically impossible, plain and simple. If such a magic solution existed would they be selling it for a few dozen dollars a year to everyone instead of asking for millions of dollars per year to protect very high profile targets (large corporations and government agencies)? Exactly.

There's a favorite analogy here. Security software is like a bulletproof vest. Soldiers don't wear it for total invincibility against all possible attacks in a battlefield. A lucky shot in an area not covered by the vest; a high power, penetrating round; or an explosion could still kill them. They are wearing it because what is most likely to get them is what the vest can stop.

In the end of the day you are ultimately responsible for the security of your site, employing a comprehensive approach to security including sane personal security practices. Installing and configuring Admin Tools is meant to be part of your security regimen. At the very least you are expected to take frequent backups, stored in safe locations outside of your server; apply security-conscious password management; maintain a secure working environment (as in: if your computer is full of malware your site is as good as hacked no matter if you use Admin Tools or not); and keep an eye for any abnormal behaviour on your site.

Finally, we are legally obliged to draw your attention to the warranty and liability waiver Sections 15 through 17 of the software's license, copied here for your convenience:

15. Disclaimer of Warranty.

THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.

16. Limitation of Liability.

IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

17. Interpretation of Sections 15 and 16.

If the disclaimer of warranty and limitation of liability provided above cannot be given local legal effect according to their terms, reviewing courts shall apply local law that most closely approximates an absolute waiver of all civil liability in connection with the Program, unless a warranty or assumption of liability accompanies a copy of the Program in return for a fee.

The philosophy

Admin Tools is a tool which helps you tighten the security of your site. Admin Tools, like every security software, is not something that you install and immediately become invulnerable to hackers. If this point is unclear you are welcome to read the previous section.

Admin Tools is a very capable security solution which can protect you against many different types of common attacks. However, there are some limits to what it can do. You cannot install an old version of Admin Tools on an obsolete version of Joomla we have stopped supporting and expect that site to be impregnable by hackers. Old versions of Joomla and its third party extensions most likely have security issues which, from the point of view of a web application firewall, look like legitimate requests. These attacks cannot be addressed unless the vulnerable Joomla core or third party extension code itself is updated. That is why we will only officially provide support to the latest and the previous Joomla version family. There's no point trying to secure an out of date site.

Finally, please keep in mind that your site evolves over time. As a result, you may have to adjust your Admin Tools settings over time. Sometimes updating a third party extension will break something because its author is doing something ill-advised that Admin Tools protects you against (yes, some developers even manage to make their software behave in the same way malware does, mainly because they are unaware of those malicious patterns). Sometimes you may install something new which needs a few adjustments in the protection to make it work. This is all normal. Security is a process, not something you install once and forget about it.