One of my friends had strange problem, he could not log-in to the back end of Joomla. It was a website, which he inherited from another administrator. When he type /administrator – system back him to Joomla front-end without any warning.
Joomla has one security problem, any web user can easily know if the site is created in Joomla by typing the URL to access the administration area (i.e. www.sitename.com/administrator). This allows hackers to hack the site easily once they crack the id and password for Joomla. But this time it didn’t work also for super administrator.
I checked .htaccess file – but it looked normal, so it must have been an extension to the protection of Joomla. One of them the jSecure Authentication prevents access to the administration (back end) login page if the user does not use the appropriate access key. You normally have to know & remember a specific URL that was set in the administrator area. For example: yousite.com/administrator?mysecretcode. Unsuccesfully, neither I nor my friend did not know the secret key, so the only solution was to remove the plugin from server.
How to fix it?
Following are steps to remove the old version (for Joomla 1.5) of jSecure Authentication manually:
- Remove the plug-in files from /plugins/system/jsecure.php and /plugins/system/jsecure.xml
- You can also remove the jsecure folder from plug-ins. /plugins/system/jsecure
Following are steps to remove the new version (for Joomla 2.5) of jSecure Authentication manually.
- Remove the components from /components/com_jsecure and administrator/components/com_jsecure
- Remove the plug-in from /plugins/system/jsecure.php and /plugins/system/jsecure.xml
- Remove the jsecure folder from plug-ins. /plugins/system/jsecure
- Delete the component and plug-in entry from database.
- DELETE FROM databasePrefix_components where option = ‘com_jsecure’
- DELETE FROM databasePrefix_plugins where element = ‘jsecure’