jomDefender - Joomla! Security

Give your Joomla site the protection it needs from hackers

Protect your Joomla website from devastating hacker attacks with jomDefender: ‘corePHP’s’ powerful security plugin that shields your website from hackers.

Each day, Joomla websites all over the world come under attack from ruthless hackers who deface front pages, delete critical data, upload malicious viruses, and steal sensitive customer information. Sadly, most hacker attacks cost owners dozens of hours and hundreds (sometimes thousands) of dollars to repair--if the damage can even be repaired at all.

Don’t let this happen to you!

Our jomDefender plugin patches the most common vulnerabilities found in Joomla and adds extra protective layers to your Joomla website to keep it safe from attack. It’s easy to install, easy to configure and even easier on your budget.

Get peace of mind now and grab your copy of jomDefender today for a fraction of the cost of what you would pay a security consultant to assist you. Don’t wait until it’s too late!

View Demo Buy Now Support


The truth about Joomla security

You want to know the cold, hard truth about Joomla security? The fact is, most Joomla hackers are just casual hackers. They really don’t want to work too hard to gain entry to your server, and honestly, most hackers don’t have to do much. They simply scan your website looking for known identifiers that tell them your site is running Joomla. And once they know this, they will run pre-fabbed hacker scripts to help them gain entry.

jomDefender keeps your Joomla applications secret and prevents attacks by letting you remove all known Joomla identifiers from your site via a few, simple backend parameters edits.

jomDefender also protects your site with additional security features such as an extra admin login screen (makes hackers guess two unique admin passwords instead of one), front end & backend IP ban/blocking, and so much more.

We've even added a bonus feature in jomDefender that lets you find the best configuration for your website to optimize its page-load time.

Here are the customizable jomDefender parameters at a glance...

Remove template positions code, ‘?tp=1’

It’s possible for attackers to determine that a website is running Joomla! simply by appending this variable, '?tp=1' to any URL on your website. jomDefender lets you easily disable the ‘?tp=1’ string in its backend without affecting your website’s performance.

Remove generator tag

Some Joomla! templates will add a generator tag to the HTML of a page that attackers can easily identify as coming from a Joomla website. jomDefender lets you disable this without affecting the performance of your website. Only available for Joomla 1.5 as Joomla 1.6+ has it by default.

Remove word Joomla!

This will ensure that any auto-generated occurrence of the word “Joomla!” on your website will be removed.

Remove HTML white space

This option will remove all of the white space from an HTML page, just in case hackers want to take a peek at your html. This feature makes it harder for hackers to quickly scan your html looking for any Joomla references. This doesn't affect the frontend view of your Joomla! page, but it will be harder for attackers to view your code if this option is turned on. Frustrated hackers will move on to other websites if they cannot quickly find what they are looking for on your site, and this feature will certainly trip them up.

Remove Joomla! PHP header

When gzip is turned on in your Joomla! admin configuration screen, Joomla! will send a X-Content-Encoded-By header with the value of ‘Joomla! 1.5’. This option will replace that header for you.

Login/Logout CSRF prevention

This feature will check the referrer that the browser sends to the server. If the referrer does not match the domain of the current server the login or logout operation will be stopped. This will prevent unauthorized users from logging users in or out of your site wihtout their knowledge.

File integrity checks

When enabled you will need to set up a cronjob to run on the background. When the cronjob is ran, jomDefender will go through all of the files in your Joomla installation. It will check size, ownership, permissions, last modified time and file checksum, all this information is stored in the database. Each time the cronjob is ran it will check the files for any differences. If any file is different than previously checked, an email will go out with information to the administrator. This information can be used to alert of any hacked files or new files in the system.

Add a new Admin password prompt

This option adds a secondary level of security before accessing the admin login form. This masks the fact that your site is running Joomla! and forces attackers to "brute force" not just 1 password..but TWO passwords if they want to gain unauthorized access. Remember, a frustrated hacker will move on to easier targets.

Allow/Deny IP addresses to the back-end/front-end of your site

Deny or allow IP address to the back-end, the front-end or both. This option will block specific IP addresses from accessing certain parts, or even all of your website.

Disable plugin functionality

If you forget your admin password or accidentally block your own IP, you can disable the jomDefender plugin long enough to get back in.

Caching mechanism

This feature will allow you to cache the changes that the plugin makes on your Joomla! pages.

Page execution time display

This feature simply allows you to test the exact time it takes for your website to load. This will help you determine the best configuration to speed up your Joomla! website.

Would you like help?

Have our team install/upgrade for you!

Maybe you do not have the time to manage your website or the knowlege to install or upgrade a 'corePHP' product. Contact our team today so we can install or upgrade your purchased products for you.

Have a question?

Did you happen to run into an issue from installing a 'corePHP' product or just from using it? Maybe you ran into a bug that we are not aware of or do you have a question about how something works within one of 'corePHP' products? Contact the support team to get your answers right away!

Submit a Support Ticket