Temporary Super User passwords respect Joomla's password options. If you have set up password complexity options in Joomla's Users component then the generated temporary Super User passwords will respect those complexity options but might be less secure due to the restrictions imposed on the randomness of the generated passwords.
Support for Joomla 4.1's Inline Help in several pages of the component. Joomla 4.1 added the option to have toggleable inline help. We are using that in several pages of Admin Tools, most notably in the Configure WAF page where it replaces the tooltips (tooltips are still available on Joomla 4.0). Click on the ‘Toggle Inline Help′ button in the toolbar to display the help text of each option below the option's controls.
Support for Joomla 4.1's Scheduled Tasks for the PHP File Change Scanner. The PHP File Change Scanner can now be optionally scheduled to execute using Joomla's Scheduled Tasks feature. PLEASE READ THE DOCUMENTATION. Because of the way Scheduled Tasks work you may find that the PHP File Change Scanner does not run when you have configured it or at all, takes way too long to finish or never finishes. These all have to do with how Joomla's Scheduled Tasks feature works and nothing to do with our software. Since that Joomla feature is largely undocumented we explain in our documentation how it works, what are the caveats and how to work around them to the extent that it's possible. Beyond that there is no support we can realistically provide.
Joomla Scheduled Tasks to replace the pseudo-scheduling in the system plugin. Everything you could previously schedule through the System – Admin Tools plugin can now be scheduled through Joomla's Scheduled Tasks feature on Joomla 4.1. It is more flexible as to when these tasks can be executed and they do not have an impact on your page load speed, even if you use Joomla's Lazy Scheduling for its Scheduled Tasks.
Set a persistent cookie for Administrator Secret URL Parameter. (This feature is enabled by default but you can disable it if you so wish). Most support tickets we receive are due to someone getting locked out of their site for triggering the Admin Query blocked request reason too many times. Between leaving admin pages open in the browser while doing something else and browsers trying to create thumbnails of your admin page when they consider them “frequently visited” sites this happens a lot and is very confusing to those who haven't read the documentation or the emails sent by their site i.e. the majority of users, really. With this feature, once you use the Secret URL Parameter once on a site the site will ‘remember’ that browser by means of a special cookie. Next time you try to access an admin page on that site without providing the Secret URL Parameter you will be allowed access and be shown a message that you were allowed access because of the cookie. You can of course turn this feature completely off, or leave it enabled but without a message being displayed. It's up to you. For paranoid levels of security disable this feature. For a good balance between security and ease of use leave it enabled with a message — the attack surface of this feature is virtually non-existent by making use of Joomla's secure cookie feature. Please note that if you are using the Remember Me feature in Joomla the Admin Tools cookie for the Administrator Secret URL Parameter will be unset by Joomla when you log out of the frontend of the site, or (if you also have Linked Sessions enabled) when you log out of the backend of the site. Please read the feature's documentation for more details.
Bug fixes and miscellaneous changes. Please read the CHANGELOG below.
Please consult our Compatibility page. It explains our version support policy and lists which versions of our software are compatible with which versions of Joomla and PHP.