Technical Overview

Purpose

The PlgSystemRateLimiter plugin provides a lightweight, session-based protection mechanism against form abuse or accidental rapid submissions. It ensures that users can only submit forms a limited number of times within a defined time window.

Top Features of the Joomla Security Plugin

• Block right-click and context menus
• Disable copy, cut, and paste actions
• Prevent printing (Ctrl+P)
• Block saving the page (Ctrl+S)
• Disable view source (Ctrl+U)
• Block developer tools (F12, Ctrl+Shift+I/K)
• Display clean Bootstrap 5 toast notifications
• Works with Helix Ultimate, Cassiopeia, and other Joomla 5 templates
• Unlike traditional protection methods that annoy visitors with constant popups, this plugin uses clean and modern toast notifications (compatible with Bootstrap 5) to gently inform users when actions like right-click or copy/paste are blocked. It’s ideal for businesses that care about both security and user experience.

This extension works out of the box on any Joomla 4,5 installation and doesn’t require any template modifications — making it perfect for Helix Ultimate, Cassiopeia, and custom frameworks.

Custom CSP – Protect Your Site

Description:
This plugin helps secure your Joomla website by controlling which external services and CDNs (like Google Fonts, YouTube, or LinkedIn) are allowed to load. It adds an extra layer of protection by telling the browser what’s safe and what to block.

You can turn common sources on or off with simple yes/no options, and even add your own trusted domains (like your CDN or external font/image host). No coding needed — just click and save.

Example: Want to embed a YouTube video or load Google Fonts? Just toggle it on!

Technical Description

Plugin Name:
plgSystemCustomCsp – Joomla 5 Content Security Policy Manager 

Purpose:
This Joomla 5 System Plugin injects a customizable Content-Security-Policy (CSP) HTTP header into the site's frontend, helping prevent XSS attacks, data injection, and unauthorized loading of external assets.

Key Features:

• Fully configurable via Joomla admin UI (no code editing)
• Toggle CSP access for common external resources:
  • Google Fonts
  • Font Awesome CDN
  • jQuery CDN
  • Bootstrap CDN
  • LinkedIn embeds/widgets
  • YouTube videos
  • Animate.css
• Advanced mode: Admins can specify custom domain lists (comma-separated) per directive:
  • script-src
  • style-src
  • font-src
  • img-src
  • frame-src

Implementation Notes:

• Custom CSP – Protect Your Site is enforced only on the frontend (site client).
• All domains are sanitized and appended to appropriate CSP directives at runtime.
• Final header is injected via onAfterInitialise() hook.

Output Example:

Content-Security-Policy:
default-src 'self';
script-src 'self' https://code.jquery.com https://cdn.example.com;
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;
font-src 'self' https://fonts.gstatic.com;
img-src 'self' data: https://images.example.org;
frame-src https://www.youtube.com;
connect-src 'self';
object-src 'none';
base-uri 'self';
form-action 'self';