Protect your Joomla Administrator folder

If you have used Joomla before, you know how uncomfortable is to have your administration folder showing for everybody.

I do.  Anybody could just get into your url and try to guess the password for any user name or for the ‘admin’ username.

So this was one of my main worries on my joomla sites and I decided to write a PHP code that could take care of this.  If you’re not looking for installing another plugin just for this, go ahead and try this code on your joomla install.

Just insert the code on your Joomla administration index file, at the end of the file before the // Return the response (joomla 1.6+) or the /** * RETURN THE RESPONSE */ (joomla 1.5-)

/* Block access to administrator
 --------------------------------------------- */
$user =& JFactory::getUser();
$secretkey = 'mysecretkey';
$redirectto = 'location:';
$usertype = 'Registered';

//Check if the user is not logged in or if is not a super user:
if ($user->guest || (!$user->guest && $user->usertype != $usertype) ) {
 //Check if the secret key is present on the url:
 if (@$_GET['access'] != $secretkey) { header($redirectto); }
/* --------------------------------------------- */

Change ‘mysecretkey’ for whatever you want to use for accessing your administration site and change redirectto value ‘’ to whatever address you want the visitor to go if they “illegally” enter into your administration folder.

You now should visit your site in two URL to test if this is working correctly:

The first link should redirect you to the site, and the second one should take you to the admin page.