This plugin for the Joomla CMS allows selected administrators to log into registered user accounts using their own administrator passwords.
Compatible with Joomla versions 1.5, 2.5 and 3.
Optionally this facility can be restricted to selected administrators only, or all administrators can be allowed to do this.
Since administrators use their own passwords these are encrypted and stored securely in the database as normal, so this should not compromise the security of your site. Additionally you can restrict the facility to selected IP addresses only.
This plugin works with the standard Joomla login and extensions that use this, and will also work with Community Builder if the Login Field Type is set to 'Username, email or enabled CMS authentication plugins'.
Upload and install using the Joomla installer. Enable it in the plugin manager. Either set the 'enable all administrators' parameters to yes, or list the ids of selected administrators as a comma separated list in the 'Master User Ids' input box. If you wish to restrict by IP address then list allowed IP addresses as a comma separated list.
Once enabled, the administrator can log in as any registered user by using that user's username and their own administrator password.
Because the master user simply uses their own admin password which is stored in encrypted form in the Joomla database, this should not compromise your site security.
However 'brute force' attackes against Joomla sites are becoming more common. This is where repeated login attempts are made using random combinations of username and password. If you have a lot of registered users the plugin will somewhat increase your site susceptibility to such attacks, because the attacker will only need to guess the username of any registered user rather than an administrator username. For this reason we recommend that you disable the plugin in the Joomla plugin manager when you are not using it.