CG Secure component

1 1 1 1 1 Rating 0.00 (0 Votes)

User Rating: 0 / 5

Compat icon 3 x longfirst look joomla 4CG Secure component protect your Joomla forms and admin access by checking IPs from AbuseIPDB, giving country/spammer status.


Donwload CG Secure Component
(version 1.3.0)

Download not allowed

(already downloaded 543 times)

Donwload CG Secure Component For Joomla 4
(version 2.0.4)

Download not allowed

(already downloaded 1 times)


CG Secure component uses CG Secure and CG Country plugins, centralizing their parameters.

Important : When migrating to Joomla 4.0, CG Secure plugins are being disabled and enabled again by package update.

You may authorize one or more countries to connect to your admin/website. Any connection from another country must be a hacker trying to access unauthorized parts of your website.

For your information, even if you did not define any private access, any user may access to Joomla identification form by adding /index.php?option=com_users&layout=edit&id=0 to your website address. If you did not de-activate user registration (activated as default value in older Joomla version, prior 3.7.0), welcome to our open bar.

Once running, CG Secure protects /administrator using a password, after  checking IP's country code, spammer status in AbuseIPDB. It also hides forms to unwanted users.

IP is checked against AbuseIPDB database which returns country code and spammer status.

In case of an unauthorized country, you may report this IP to AbuseIPDB. You must register to AbuseIPDB to report an IP (it's free).

Banned Ips may be logged in cgipcheck.trace.log file in your logs directory. I use View Logs component to check my log files.

Rejected user won't even see your forms.

Banned IPs are also stored in your database (table #__cg_rejected_ip). They remain in your database depending on your "IP life time' parameter from your CG Secure configuration menu. You may see these IPs through CG Secure Logs menu.

How access to your administration once CG Secure has been actived ?

Note: if you did not enter any password, administrator access is done as usual, IP checking is performed anyway.

  • HTTP Authentication: standard Apache authentication. You'll have to enter a password in "Password" field, "Username" field may remain empty as it's not checked, 
  • Compatibility: you'll have to enter — "yourpassword" being the password you entered in CG Secure plugin.