Misleading article regarding Admin Tools posted by GoDaddy

It has come to our attention that GoDaddy has a very misleading post comparing security extensions for Joomla!, including Admin Tools. We want to address the blatant inaccuracies in that blog post.

In the very misleading GoDaddy blog post comparing security extensions for Joomla!, Admin Tools is reported to not have certain features. Most of those features have been around since 3 to 4 years ago but, somehow, the GoDaddy people managed to miss them. It appears that they evaluated Admin Tools Core, our free offering which is NOT a security solution, against paid software which are security solutions. They should have instead compared Admin Tools Professional, our security solution for Joomla!. Otherwise they are comparing apples to oranges and misrepresenting the feature set of our software.

In order to set the record straight, here are the features GoDaddy falsely states are not part of Admin Tools but really are available to all of our subscribers for several years already.

  • Scan site files: Yes, we do. PHP File Change Scanner was added more than two years ago and it can do much more than scan file for changes. It even checks for signatures of malicious scripts.
  • Firewall: Yes, we do have it. Maybe they missed it because it's called Web Application Firewall...? Joking aside it's been available since January 2011, that's nearly four years ago. Of course we also mention it in our description at the Joomla! Extensions Directory and our documentation. Dear GoDaddy, read the fine manual.
  • .htaccess: Of course we do have it, since Admin Tools 1.0.0 Beta 1 all the way back in September 2010. In fact we were the first Joomla! extensions company to market a .htaccess Maker. Our .htaccess file had been the result of 2 years of research and it is so good that Joomla! proposes its old version from 2011 in its security checklist, inside the official Joomla! documentation wiki.
  • SPAM: Yes, we do offer that for over three and a half years. We offer two different kinds of protection against spam. The most simple is blacklisting certain words that the user can define. The most advanced, which is actually part of our web application firewall, is the integration with Project Honeypot. Project Honeypot has a very detailed and accurate list of IPs used by hackers and spammers. Our integration allows you to automatically deny connection from those IPs based on the certainty factor and age of last known use reported by Project Honeypot.
  • Logs: For crying out loud, of course we log everything! The security exceptions are logged in database and on disk. The automatically blocked IPs and the history of automatically blocked IPs is logged in the database.
  • Backups: Our domain name is AkeebaBackup.com, reflecting our flagship product's name. Do we really have to spell out that we offer a free of charge, full site backup software for Joomla! called Akeeba Backup Core which of course works perfectly with Admin Tools? Plus, backups is not security feature by itself. Having backups is your plan B, to be used when your security fails. Not to mention that backups can be trusted insofar they are positively taken before your site was actually hacked.

One thing I don't know how to make of is what they call "Version control". That's a bit open ended. If they're talking about content version control please remember that Joomla! has been offerring that as a core feature since Joomla! 3.2. If they are talking about file version control, hm, I disagree that it's a security feature. It's a convenience feature that only really applies to WordPress, where you are expected to edit .php files on your own. We don't do that in Joomla!. We actually know better than to let people with no developer training rummage around freely, modifying PHP files and introducing security holes of their own. There's a reason we call this practice "core hacking".

Considering how inept their bloggers are at basic fact checking and documentation reading, I would recommend our esteemed clients to not trust them with the hosting of their sites. If a host can't do a 20 second Google search to fact-check a blog post before filing it can you really trust them with the security of yoru sites? Instead, choose a good host. If you are looking for one, SiteGround is offering 3 free months of hosting to all AkeebaBackup.com visitors.

Nicholas K. Dionysopoulos
Akeeba Ltd
Director and Lead Developer