About jomDefender

Remove template positions code, ‘?tp=1’

It’s possible for attackers to determine that a website is running Joomla! simply by appending this variable, '?tp=1' to any URL on your website. jomDefender lets you easily disable the ‘?tp=1’ string in its backend without affecting your website’s performance.

Remove generator tag

Some Joomla! templates will add a generator tag to the HTML of a page that attackers can easily identify as coming from a Joomla website. jomDefender lets you disable this without affecting the performance of your website. Only available for Joomla 1.5 as Joomla 1.6+ has it by default.

Remove word Joomla!

This will ensure that any auto-generated occurrence of the word “Joomla!” on your website will be removed.

Remove HTML white space

This option will remove all of the white space from an HTML page, just in case hackers want to take a peek at your html. This feature makes it harder for hackers to quickly scan your html looking for any Joomla references. This doesn't affect the frontend view of your Joomla! page, but it will be harder for attackers to view your code if this option is turned on. Frustrated hackers will move on to other websites if they cannot quickly find what they are looking for on your site, and this feature will certainly trip them up.

Remove Joomla! PHP header

When gzip is turned on in your Joomla! admin configuration screen, Joomla! will send a X-Content-Encoded-By header with the value of ‘Joomla! 1.5’. This option will replace that header for you.

Login/Logout CSRF prevention

This feature will check the referrer that the browser sends to the server. If the referrer does not match the domain of the current server the login or logout operation will be stopped. This will prevent unauthorized users from logging users in or out of your site wihtout their knowledge.

File integrity checks

When enabled you will need to set up a cronjob to run on the background. When the cronjob is ran, jomDefender will go through all of the files in your Joomla installation. It will check size, ownership, permissions, last modified time and file checksum, all this information is stored in the database. Each time the cronjob is ran it will check the files for any differences. If any file is different than previously checked, an email will go out with information to the administrator. This information can be used to alert of any hacked files or new files in the system.

Add a new Admin password prompt

This option adds a secondary level of security before accessing the admin login form. This masks the fact that your site is running Joomla! and forces attackers to "brute force" not just 1 password..but TWO passwords if they want to gain unauthorized access. Remember, a frustrated hacker will move on to easier targets.

Allow/Deny IP addresses to the back-end/front-end of your site

Deny or allow IP address to the back-end, the front-end or both. This option will block specific IP addresses from accessing certain parts, or even all of your website.

Disable plugin functionality

If you forget your admin password or accidentally block your own IP, you can disable the jomDefender plugin long enough to get back in.

Caching mechanism

This feature will allow you to cache the changes that the plugin makes on your Joomla! pages.

Page execution time display

This feature simply allows you to test the exact time it takes for your website to load. This will help you determine the best configuration to speed up your Joomla! website.