Admin Tools

#10245 Forbid front-end Super Administrator login

Posted in ‘Admin Tools for Joomla! 4 & 5’

This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version

n/a

PHP version

n/a

Admin Tools version

n/a

Latest post by nicholas on Thursday, 26 January 2012 03:00 CST

Monday, 23 January 2012 13:24 CST

user41123

Hi Nicholas,

Short question; in the Basic Security part of the WAF there's an option called: "Forbid front-end Super Administrator login".
I can't find this option described in the documentation and I'm not sure what's the advantage when I enable this option.
Can you explain this option and what's your advice for the correct setting; yes or no?

Thanks! Paul

Monday, 23 January 2012 15:43 CST

nicholas

Hi Paul,

It does exactly what it says. It won't allow Super Administrators to log in to the front-end of the site. This feature is there in order to prevent an attacker from brute-forcing your Super Admin password, i.e. try different random passwords until he finds the one you're actually using. Remember that your site has both a front- and a back-end and you log in to both with the same username/password. That's why it may be a good idea to block SA logins in the front-end.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 26 January 2012 00:08 CST

user41123

Ok, I also think it's a good idea to switch this option to Yes.

Thanks for the explanation, Nicholas.

Thursday, 26 January 2012 03:00 CST