The "System - Admin Tools" plugin

The "System - Admin Tools" plugin implements Admin Tools' security and utility features which need to run outside of the component, such the Web Application Firewall and the URL redirections feature.

When you edit the plugin's parameters please make sure that the Status is set to Enabled, the Access is set to Public (DO NOT CHANGE THAT TO ANYTHING ELSE — IT WILL LEAVE YOUR SITE UNPROTECTED!) and make sure that it's first in the Ordering.

Rescue Mode

The Rescue Mode allows Super Users of the site to quickly unblock themselves if their IP address is accidentally blocked.

Rescue URL (Joomla! 3.6 or later only)

When enabled (default) the Rescue Mode feature is enabled, allowing Super Users with blocked IPs to request a temporary Rescue URL which lets them log into the site and lift the block. We recommend leaving this feature enabled unless you know what you are doing. See the Rescue Mode section for more information.

[Important]Important

You will only receive the email to activate Rescue Mode if your IP is being blocked by Admin Tools. If your IP is NOT blocked by Admin Tools you will NOT receive any email. This is by design. It doesn't make sense to temporarily unblock yourself with Rescue Mode when you are not blocked!

Rescue duration (minutes)

How long is the Rescue Mode active. This controls two things:

  1. The maximum amount of time between requesting a Rescue URL and visiting it.

  2. The maximum amount of time between visiting the Rescue URL and the end of Rescue Mode.

We recommend leaving this setting to 15 minutes. Lower values tend to be very impractical.

Blocked requests reporting

The following options determine how Admin Tools handles and reports blocked requests.

Email language

Admin Tools will send you emails to notify you of blocked requests when you enter an email address in WAF Configuration. By default, the current user's language (or your site's default language, if no user is currently logged in) is being loaded, which means that these emails will be sent out in this language. If you have a multilingual website it means that you may receive an email in any language available in your site. This can lead to confusion and makes it nigh impossible to set up any email filters. Therefore we give you this option. You can enter the language tag of the language in which you wish those blocked requests emails to be sent. For example, typing en-GB in this field will cause all emails to be sent out in English. If left blank (default) the current language loaded by Joomla! will be used.

Maximum block requests log entries

Specify the maximum number of entries to keep in the blocked requests log. Excess records will be deleted. Use 0 to turn off this feature and keep all blocked requests log entries (recommended).

[Note]Note

If you have thousands of old entries it will take a while for Admin Tools to remove all of the old entries. Old records are deleted in 100 record batches on each page load for performance reasons.

Scheduled maintenance

[Important]Important

Scheduled Maintenance features in the System - Admin Tools plugin are deprecated and will be removed in a later version.

Please use Joomla's Scheduled Tasks feature (System, Manage, Scheduled Tasks) instead. You can create one or more tasks per scheduled maintenance feature and have them run on more flexible schedules that what has been possible with the System - Admin Tools plugin. Further to that, using Joomla's Scheduled Tasks allows the maintenance features to run without affecting the performance of your site.

The System - Admin Tools plugin allows you to automate some basic maintenance of your site.

Enable Session Optimizer

When enabled, the Session Optimizer will be scheduled to run automatically. This feature will repair and optimize Joomla!'s sessions table.

Run every X minutes

How often to run the Session Optimizer feature, in minutes

Enable Session Cleaner

When enabled, the Session Cleaner will be scheduled to run automatically. This feature will purge (completely empty) and optimize Joomla!'s sessions table. Watch out! This will automatically log all users out of your site! You should only use it on sites where you don't expect to have logged in users at all, e.g. a company presentation site.

Run every X minutes

How often to run the Session Cleaner feature, in minutes

Enable Cache Cleaner

When enabled, the Cache Cleaner will be scheduled to run automatically. This feature will try to purge (completely empty) Joomla!'s cache. This is not possible on occasions, especially if you are using a cache adapter which doesn't support purging.

Run every X minutes

How often to run the Cache Cleaner feature, in minutes

Enable Cache Auto-expiration

When enabled, the Cache Auto-expiration will be scheduled to run automatically. This feature will try to expire and delete stale items in Joomla!'s cache. Unlike the Joomla! built-in feature, it will try to run this operation across all caches. This is not possible on occasions, especially if you are using a cache adapter which doesn't support automatic expiration control.

Run every X minutes

How often to run the Cache Auto-expiration feature, in minutes

Enable Temp-directory Cleaning

When enabled, your site's temporary directory will be periodically emptied of files and folders. It's the same as running the Clean Temp-directory feature from Admin Tools' Control Panel.

Run every X minutes

How often to run the Clean Temp-directory feature, in minutes

Delete inactive users

When this option is enabled, the Admin Tools plugin will automatically delete inactive users, i.e. users who registered on the site but never logged in. These are most likely spam registrations. On each page load, up to five inactive users will be deleted, to avoid slowing down your site. There are four different options:

Never

Disables this feature

Only if they haven't activated their account

Users who have never activated their account will be removed. If they have activated their account they will not be removed. Please note that if a user has logged into your site in the past but now appears deactivated e.g. because they asked for a password reset they WILL NOT be deleted.

Only if they activated, but never logged in

Users who have activated their account but never logged in will be removed. If they haven't activated their account yet, they will not be removed.

Activated or not, as long as they haven't logged in

Any user who has registered an account at least as many days ago as defined in the next option BUT has never logged into the site will be removed, no matter if they activated their account or not. This is a dangerous option! It's possible for a user to have paid for a user account but not bothered logging in just yet. This is common when a site developer purchases a subscription on behalf of their client so that

Delete after this many days

How many days must elapse between the registration date of an inactive user and its deletion. For example, if this option is set to 7 then if a user registers on your site on the 1st of the month and has not logged in at least once by the eighth of the month, his user account will be removed.

All scheduling and expiration options are assessed on a best-effort bases. This means that they will try to run every X minutes, but only as long as there is enough visitor traffic on your site to trigger them. In any other case they will defer their execution for when there is visitor traffic.

Automatic settings import (“Sync server”)

[Important]Important

The Automatic Settings Import feature in the System - Admin Tools plugin is deprecated and will be removed in a later version.

Please use Joomla's Scheduled Tasks feature (System, Manage, Scheduled Tasks) instead. You can create one or more settings import tasks and have them run on more flexible schedules that what has been possible with the System - Admin Tools plugin. Further to that, using Joomla's Scheduled Tasks allows the settings import to run without affecting the performance of your site.

Some larger / busier web agencies tend to have dozens to hundreds of sites which use roughly the same mix of extensions. In these cases a small tweak in the Admin Tools setup of one site usually has to be propagated to every other site in their portfolio. This can be a tedious process.

Admin Tools gives you the option to have a “sync server” of shorts. The idea is that you will have a JSON file with Admin Tools settings in a URL that's publicly accessible. Every so often your sites will check out this URL and import the settings. This URL could be on your web server, a Dropbox account, an S3 bucket and so on.

The JSON file in that URL can be generated by going to Admin Tools' Import/Export Settings page. The idea is that you modify the configuration of one site and export its settings in a JSON file. You can edit that file if necessary. Then upload it to where it can be found using the public URL you've configured on all other sites. Wait for the requisite number of hours to pass and now all your sites have been synced to those settings.

The relevant settings for each site are:

Automatic import URL

URL pointing to Admin Tools JSON settings that should be imported.

Automatic import frequency (hours)

How often (in hours) to read the remote URL and import its contents into the Admin Tools installation