Release date: 9 May 2025.
Akeeba Admin Tools 7.8.0 is a bug fix release for the Joomla! 5 Series which also introduces a new feature to the Admin Tools Htaccess Maker called 'Restrict access by IP'.
The developer quotes a typical use case for this feature as being when you want to restrict access to your website only from IP addresses of a CDN, load balancer, or reverse proxy, preventing access to the rest of the world wide web.
See link below for Release Notes.
Akeeba recommend using the latest version of a currently supported PHP branch which is marked as being in ‘active development’.
Read more: Akeeba Admin Tools 7.8.0 Release Notes
Dates for Your Diary
Joomla! 4
Security Fix Support is expected to end in October 2025.
Joomla! 5
Bug Fix Support by Akeeba for Joomla! 5 users is expected to end in October 2026.
Security Fix Support is expected to end in October 2027.
Useful links
Read more: Joomla! CMS and PHP Version Compatibility
Useful Advice
Htaccess Maker after update to Admin Tools v7.7.2
Joomla! 5.3 added a new top-level Media folder called "files" which makes it possible to organize non-image files (for example, PDFs) separately from images.
After updating to Akeeba Admin Tools 7.7.2, the Akeeba Htaccessmaker includes an exception for the new "files" folder by default.
Quote: "visiting the Admin Tools Control Panel on Joomla! 5.3 after upgrading to Admin Tools 7.7.2 will add it to your current .htaccess configuration."
Source: Akeeba Admin Tools 7.7.2 Release Notes
What if the exception is not created automatically?
If the Media folder called "files" is not added automatically when you update Admin Tools then fear not, you can manually add the exception in the Htaccess Maker screen.
Whether or not the exception is added automatically or manually, you will need to click the "Save and Create Htaccess File" button at the top of the Htaccess Maker screen for the exception to take effect.
Attempts to view Media files (as opposed to images) will otherwise trigger a 403 Forbidden Error.
Protect Admin Folder with Bcrypt Password Hashing Algorithm
Akeeba Admin Tools v7.6.2 downgraded the default password hashing algorithm from Bcrypt to APR-1 for the Password-protect Administrator Directory feature.
Reason: to facilitate compatibility with more hosting providers.
Ask your hosting provider to confirm they support use of Bcrypt to encrypt passwords in Apache.
If yes then choose this option and re-set Password Protection.
Reason: Bcrypt is a more secure hashing algorithm.
Be aware that when you re-set the Administrator Password + Bcrypt then the screen will continue to display APR-1 as the password hashing algorithm.
This is not a bug.
Bcrypt - if supported by the server - will be used to encrypt passwords.
This is confirmed in the Akeeba Forum at the following link.
Joomla! 4.2.9 Post Installation Message
You may see the following Post Installation Message in your Joomla! CMS Dashboard if you commenced using Joomla! before the release of the Joomla! 4.2.9.
The message recommended amending the HTACCESS File.
Should you act on this message if you are using Admin Tools PRO + HTACCESS Maker?
Not if your website is using Admin Tools PRO v7.3.2 (or later).
If it is then all you have to do is re-create your website's HTACCESS File using Admin Tools PRO's htaccessmaker tool.
The recommended change will then be implemented.
Security Headers Plugin
You may see the following Post Installation Message in your Joomla! CMS Dashboard if you commenced using Joomla! before the release of the Joomla! 4 Series.
The message contains a link labelled: Enable default security headers.
We asked Akeeba whether one should act on this message if using Admin Tools PRO + Htaccess Maker with their website.
Reply:
"Since you are already using .htaccess Maker which sets up these headers you must not use Joomla's plugin. Using the .htaccess method is better because the headers are sent more consistently for all requests, not just the HTML document requests Joomla itself handles."
Read this if you host your Joomla! CMS on an NGINX server
Always check your hosting provider will allow custom Nginx configuration and guarantee that Nginx can load the custom NGINX CONF file (essential when using Akeeba Admin Tools Nginx Configuration Maker).
You will likely need the assistance of your hosting provider's Technical Support to complete this task.
A good reason in our humble opinion to choose a different kind of server - we like Litespeed - for hosting your Joomla! CMS website.
Read this if you use Google Search Console
If you do then you may be prompted by Google to verify your website by downloading an html file and uploading it to your website's root directory via the File Manager in your hosting control panel.
If you are using Admin Tool's Htaccess Maker (recommended) then Google's attempts to verify your website will be blocked unless you add the file name inside the field labelled "Allow direct access to these files" and then re-generate the HTACCESS file.
Source: I can't verify my site with Google (Admin Tools Ticket)
Watch these Akeeba Video Tutorials
Akeeba Video Tutorials provide a useful supplement to the Admin Tools user guide.
Web Application Firewalls
No Joomla! website should be without a Web Application Firewall (WAF), especially if hosted in a shared server environment.
The WAF adds another line of defense between your website and the server firewall maintained by your hosting provider.
Find out more about WAFs in our Joomla! User Guide.
Read more: Web Application Firewall.
Back up before updating any 3rd party Joomla! extension
Any update can break your website.
Perform a full backup of your website (database and files) before installing any update.
Read more: How to back up your website.
Read more: How to manage 3rd party extensions.
Make Joomla! CMS Security your #1 Priority
We help and support managers responsible for Joomla! CMS websites in UK business, academy school and third sector organisations across Cheshire, Greater Manchester, Merseyside and North West England.
Contact WYNCHCO Solutions for personal Joomla! CMS Help and Support.
Your personal data is nobody's business.