Security Management

If your site has Admin Tools Professional installed, you get a few security-related controls. It's mostly about being able to regain access to your site if you get locked out, and scheduling the PHP File Change Scanner.

Quick security controls

At the top of the Security section you will see four buttons which help you regain access to your site if you ever get locked out of it.

Unblock my IP asks Admin Tools to remove any IP block effected against the IP address you are currently accessing Panopticon from. This will let you regain access if you accidentally locked yourself out of your site due to false positives in the Web Application Firewall.

❗ This will not unblock you if your IP address is blocked as part of an IP range. This feature will also not work if the IP of the server Panopticon is running on is blocked as well.

Disable plugin will tell Admin Tools to disable its security plugin in case a configuration setting you made has locked you out of your site. You then need to access your site, fix the problem, and remember to re-enable the plugin (there's a button for that in the Admin Tools interface).

Disable .htaccess will attempt to undo changes made to yoru site's .htaccess file by Admin Tools. On Joomla!, it will rename the .htaccess file generated by Admin Tools to .htaccess.admintools. On WordPress, it will remove Admin Tools' section from your site's .htaccess file.

Re-enable .htaccess does the exact opposite of Disable .htaccess.

Managing the PHP File Change Scanner

One of the most important feature available in Admin Tools Professional is the PHP File Change Scanner. This feature checks your site's files for changes and reports them.

At the top of the PHP File Change Scanner are there are three buttons.

Schedule Scans takes you to the Scanner Tasks page where you can create and manage scheduled tasks to run the PHP File Change Scanner on your site automatically. This is useful when your site's server does not support CRON jobs, or you can otherwise not schedule the scanner with Admin Tools using the automation options supported by your host.

Start Scanning will schedule a scan of the site to be taken as soon as possible. The scan is scheduled to be taken as soon as possible. When exactly it will start depends on how much free time your Akeeba Panopticon CRON Jobs have to run an additional task.

ℹ️ Manual scans are a special case of scheduled scans. They will appear in the Scanner Tasks page when you set the “– Manual –” filter to “Manual”. Instead of a schedule they will display the message “Manual Scan”. This allows you to see if there are any scheduled scans running, but also why they have failed. Sure, the same information will be displayed in the Site Overview page, but only for the latest scan task.

ℹ️ Also note that the manual scan tasks will be reused. Once a manual scan task finishes it becomes disabled. Next you want to start a manual scan, this old manual scan task will be overwritten with the new manual scan information and become enabled again. This is a trick to better utilise the database space and prevent unnecessary performance degradation of your Panopticon installation.

Refresh refreshes the list of scans displayed in the table below.

You can see the latest scans on your site, the latest at the top (first) row of the table, below the buttons. Each line consists of the following columns:

• #. An internal ID of the scan.
• Status. The status of the scan: Failed, Running, or Complete.
• Date and Time. When the scan began and when it ended.
• Total. Total number of files scanned.
• Added. The number of new files the scanner encountered during this scan.
• Modified. How many of the scanned files have been modified. ⚠️ In versions of Admin Tools prior to 7.6.0 this includes the number of files which have not been modified but have a non-zero Threat Score and are not marked as safe.
• Possible Threats. The number of files which have a non-zero Threat Score, and are not marked as safe.
• Actions. Click the View Report button to access a deep link into your site which shows you the scan results in more detail. You may have to log in as a Super User / Administrator first.

What is Admin Tools Professional?

Admin Tools is the security and administration tools software for Joomla! and WordPress maintained by our company, Akeeba Ltd.

Admin Tools Core is free of charge but had very few features. It is not compatible with Akeeba Panopticon, and Panopticon will tell you so.

Admin Tools Professional is the paid edition of the software with the complete set of features. It implements a triple layer of security for your site.

At the web server level the server configuration maker (.htaccess, web.config, and NginX configuration) applies a user configuration on your web server to dissuade fingerprinting attacks, block access to files which shouldn't be exposed to the world, and generally improve your site's security outlook.

At the application level, the Web Application Firewall interacts with Joomla!/WordPress to protect your site against malicious requests. This is where the majority of attacks are stopped.

Finally, the PHP File Change Scanner scans your site's files notifying you when something is added or changed, and provides a threat assessment score for your PHP files.