I am using a Joomla site, whose index.php file continues to be modified to change the default access control behavior. Considering this really is Joomla 1.5, this line:


continues to be covered with some conditional code that appears in the remote IP and does not call authorize() when the IP is at a whitelisted range [*]. This really is to permit seamless use of certain assets without signing in.

Although I am a new comer to Joomla development, I am speculating this is not the best method of doing that. For just one, it most likely means re-patching index.php in case of the next Joomla upgrade. What is the best alternative method of intercepting the authentication check?

[*] This really is another mystery: the IP management happens around the front-finish using a component known as 'IP filters'. There is a totally empty directory at components/com_ipfilter, but a far more featureful-searching one at administrator/components/com_ipfilter. The component stores data inside a table named kip_filters (why the 'k'?) and also the authorUrl indexed by the component's manifest file would go to a spammy-searching like pharma page. All quite worrying ...

What you're searching for is really a system wordpress plugin which may not want hacking any files. You will find a number of system occasions which you can use to trigger your wordpress plugin and do your IP test, then see whether to carry on exhibiting the page or redirecting the customer with a kind of warning page.

Have a look in the documentation on system occasions - http://paperwork.joomla.org/Wordpress plugin/Occasions/System

For that security problems you should use these steps and that i provides you with a great ip filter component too :

To begin with this is an essential component you could have for joomla : http://extensions.joomla.org/extensions/access-a-security/site-security/site-protection/16363 it provides you with the most crucial methods to avoid any hacking or bombarding or php bugs as well as give a extremely fast upgrade for the joomla site :) plus it offering a IP Blacklisting manager the industry complete solution for the problem.

Hope this publish can give someone an easy ! Regards, Raeed Rabie

I'd advise altering your table prefix from jos_ to something random, like hsfdaghadfg_

You may also relocate your configuration file for added security.