IT in Education

Hiding the Joomla Administrator URL

joomlaExtensionsIf you wanted to know whether a website uses Joomla, you could simply type /administrator and you'd see the back-end login screen.  This plugin prevents this from happening by returning the homepage instead.  Of course you can still access your back-end, by simply adding a key to the URL.  This article shows you how!

Learn how to install Joomla extensions to get yourself started.

Visit the Joomla extensions site to review AdminExile and to get the latest version.


As usual, don't forget to backup your website prior to installing a new extension.  When you are ready, install the following plugin:

  1. joomla25joomla30zip


  1. Go to Extensions > Plugin Manager.
  2. Select the System - AdminExile Plugin for editing.
  3. Change the URL Access Key to something that you'll remember (eg.SecretKey)
  4. Change the Status to Enabled.
  5. Leave all other settings as defaults.

Now when you try to access the back-end by typing yourwebsite/administrator, you will be redirected to the homepage.  To access the back-end you will need to type yourwebsite/administrator?SecretKey, where SecretKey is the URL Access Key that you entered in the plugin configuration.


STOP!  Don't go deleting anything!  You can corrupt your system if you go deleting things.  Joomla keeps records, and if you delete a file - you may not be able to purge the record of that file from the Joomla database.

This method for disabling the plugin requires access to your server filesystem.  You only need to rename the same file twice.  Follow this process step-by-step to ensure the integrity of your system.

  1. Access your server filesystem in whatever means you normally use to browse the server files.
    1. Your access method needs to provide the ability to rename files.
  2. Navigate to your Joomla website folders, into the plugins/system/adminexile directory.
  3. Rename adminexile.php like this:  Xadminexile.php.
  4. Once renamed, Joomla can't load this file - this means that AdminExile is no longer protecting your site.
  5. Additionally, it means that it can't keep you locked out anymore!
  6. Browse to your /administrator folder, into the Plugin Manager, and disable AdminExile.
  7. Back in your server filesystem, rename Xadminexile.php back to adminexile.php.

Using this procedure, you can uninstall using the Extension Manager if you so choose, or re-enable the plugin for use once the configuration issues are resolved.

Thanks for visiting,