Akeeba Admin Tools 7.1.6 Bug Fix Release
Akeeba Admin Tools 7.1.6 is a Bug Fix Release for the Joomla! 4 Series.
Akeeba recommends that you should always use the latest version of a currently supported PHP branch which is marked as being in ‘active development’.
See links below.
Post Joomla! 4 the developer states:
"We provide limited support for our extensions on Joomla 3 until August 17th, 2023 and only on Joomla 3.10."
Akeeba Admin Tools 6 is the legacy version for Joomla! 3 and for updating to Joomla! 4.
Akeeba Admin Tools 7 is the developer's native Joomla! 4 extension.
After migrating from Joomla! 3.10.x to Joomla! 4.0.x you will see the following Installation Message which contains a link entitled: Enable default security headers.
Should you act on this message if you are using Admin Tools PRO + HTACCESS Maker?
This question is answered in the Akeeba Forum at the following link.
ALWAYS check your hosting provider will allow custom Nginx configuration and guarantee that Nginx can load the custom NGINX CONF file (essential when using Akeeba Admin Tools Nginx Configuration Maker).
You will likely need the assistance of your hosting provider's Technical Support to complete this task.
A good reason in our humble opinion to choose a different kind of server - we like Litespeed - for hosting your Joomla! CMS website.
Release date: 3 January 2020.
Admin Tools 5.5.0 removed all Geographic IP (GeoIP) features.
Reason: changes in licensing and availability of the MaxMind GeoLite2 Country Database.
After updating your website you may wish to remove the (now redundant) Akeeba GeoIP Plugin from your website if it is not being used by any other 3rd party application.
Release date: 10 May 2018.
This release removed the option to log failed passwords.
QUOTE: "This could be a security risk since the information is stored unencrypted in the security exceptions database table."
It also addressed potential breaches of GDPR Regulations which come into effect in May 2018.
More details in the developer's Change Log.
After updating Admin Tools to v5.1.0 or later we recommend that you review the Admin Tools Security Exception Log screen and delete all previous Failed Login entries.
If your website was using SECRET URL then there might not be many.
But if it wasn't then there could be hundreds if not thousands.
If lots then it might be quicker to delete these entries directly from the relevant website database table.
"Due to an issue with Admin Tools 4.0.0.b1 to 4.0.0 inclusive, users of the Professional release must update manually to this new version. Manual update required. If you are using Admin Tools 4.0.0 or any of its beta / RC pre-release versions you must update manually."
More details on the developer's website.
Read the developer's post at the link below if you are using a version of Admin Tools which precedes v4 and either use or plan to use Let's Encrypt with your website.
If you do then you will be prompted at some point to verify your website by downloading an html file from Google and uploading it to your website's root directory via the File Manager in your hosting control panel.
If you are using Admin Tool's HTACCESS Maker (recommended) then Google's attempts to verify your website will be blocked UNLESS you add the file name inside the field labelled "Allow direct access to these files" and then re-generate the HTACCESS file.
In 2017 the developer issued a range of useful video resources to help you configure Admin Tools.
Web Application Firewalls
No Joomla! website should be without a Web Application Firewall or WAF, especially if hosted in a shared server environment.
The WAF adds another line of defense between your website and the server firewall maintained by your hosting provider.
Find out more about WAFs in our Joomla! User Guide.
Back up before updating any 3rd party Joomla! extension
Any update can break your website.
Perform a FULL backup of your website (database and files) before installing any update.
Make Joomla! CMS Security YOUR #1 Priority