CMS Backend Opener: A Firefox Extension to Quickly Locate the Login Page to Popular CMS Backends

If you use Firefox and manage multiple websites that use different Content Management Systems and have a hard time keeping track of the various URLs to their backends, consider using the CMS Backend Opener Firefox extension created by Andy R.

Once installed, you can use either a keyboard shortcut (Alt + Y) or press a button within the browser and it will automatically open the login page for the detected CMS in a new window.

The extension uses the CMS meta-tag: Generator to detect which CMS is being used. The following CMS’ are supported:

  • Typo3
  • Typo3 Neos
  • Joomla
  • WordPress
  • Django
  • Shopware (beta)
  • Magento (beta)
  • Drupal
  • Contao
  • Weblication
  • WebsiteBaker
  • CMSQLite
  • Oxid

Although the extension has not been updated in two years, I tested it on Firefox 67.0.4 on my MacBook Pro and it worked without any issues. I typically use a bookmark to browse to WP-Admin but this is more convenient, especially on WordPress.com.

I’ve also learned that if you have Pretty Permalinks enabled in WordPress, you can type /login or /admin after your domain and it will typically load the login page.

9

9 responses to “CMS Backend Opener: A Firefox Extension to Quickly Locate the Login Page to Popular CMS Backends”

    • From the headline, I thought I was coming here to read about a new intrusion tool that I’d need to watch out for.

      I was right. ;)

      • What’s the security difference between using a bookmark to a site’s login page and using a tool like this that makes it a little more convenient to browse to that page?

  1. Hello,

    Would this only detect /wp-login.php or /wp-admin/ ? Also, WordPress powers a 1/3 of the internet, so wouldn’t be an issue to use the plugin! 😊

    Kind regards,
    Michael

    • I know it detects wp-admin but I’m not sure about wp-login.php. I haven’t tested it on a site that has the meta tag generator disabeled or hidden.

      • In one case I’ve tested using the WPS Hide Login plugin, this extension does nothing. However, the author notes on his site that there are some checks the extension makes beyond the generator tag, so I’ve sent him a question about that.

        Security by obscurity is not deep security , but changing these well-known defaults is a cheap way to abate some trouble and unnecessary server load.

    • Scriptkiddies have been doing that for as long as there have been CMS.

      This is an extension for people unable to use bookmarks and/or services like what the CMS.

  2. It doesn’t work if a custom login page has been configured and access to the wp-login.php file is blocked. It also makes no sense to detect CMS by relying on the “generator” meta tag because it can contain false information or be hidden.

Newsletter

Subscribe Via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

%d bloggers like this: