Support

Admin Tools

#38420 Administrator new url

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
4
PHP version
8
Admin Tools version
n/a

Latest post by nicholas on Sunday, 29 January 2023 08:38 CST

agrobiobrichet

Hi,

I have latest version of Joomla and all extensions.

 

i setup my Administrator secret URL parameter but i have the same administrator path but i have password.

 

Can i have another administrator name like

 

site.com/administrator/?myadrs

 

nicholas
Akeeba Staff
Manager

> i setup my Administrator secret URL parameter but i have the same administrator path but i have password.

I apologise, I am not entirely sure what you are trying to say because of the two "but" clauses in this sentence. I will do my best answering what I understand you are asking based on your wording and my experience answering Admin Tools tickets.

If you mean that you can still access your site's administrator as /administrator (instead of /administrator/?SECRET_WORD) then yes, this is intentional, as long as you are using the same device and browser you have previously used to successfully view the administrator login page and you have not explicitly used the "Log out" link in Joomla administrator's User Menu to log out of the administrator backend of your site.

This is an intentional feature. It prevents you from accidentally locking yourself out of your site if you step away from your computer for a period of time longer than Joomla's session timeout (default: 15 minutes) and then try to continue working on an already open administrator page.

It will be a bit confusing if you just closed all of your administrator tabs and come back to your site a couple of hours later, or even the next day, and find that accessing /administrator without a secret word still works. It's because Admin Tools had set a cookie in your browser to "remember" that you had previously entered the correct Administrator URL Secret Word, but you had not explicitly logged out of your site yet.

If you want to disable this feature, of course you can. Go to Components, Admin Tools for Joomla, Web Application Firewall, Configure WAF, Basic Features. Set "Browser cookie override for the administrator secret URL parameter" to "Disabled". Please note that this WILL result in you or other backend users getting your IP addresses temporarily blocked if your Joomla session expires and you still have administrator pages open in your browser. That's the whole reason we introduced this feature. If you'd like to see a message reminding you that you should really be logging out of your site when you are done you can set this option to "Enabled, remind to use the full URL".

If you are worried about security, don't. It's a very secure feature as explained in https://www.akeeba.com/documentation/admin-tools-joomla/web-application-firewall.html#waf-configure-basic-protection. If you are using a shared computer / tablet using the same local computer user account as other users (which is in itself very insecure, so please don't do that!), just remember to log out of your site when you are done with administrative tasks. This removes the cookie which bypasses the Administrator Secret URL Parameter as you can read in the documentation page linked above.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!