What is OJT Advanced Security Plugin

By   Last Updated : February 7, 2026

What is OJT Advanced Security

OJT Advanced Security Plugin protect your OJS site from illegal keyword about slot gambling hack

OJT advanced Security is our exclusive plugin that we built to add additional crucial protection to the OJS from illegal backlink injection, preventing the illegitimate user access caused by data breach, meta-data protection changes from the issue and articles (especially from past issue and published article) that can be abused to promote online gambling site or judol or other ilegal keyword or backlink.

Why OJT Advanced Security Plugin ?

As we have handled more and more client, the security is become one of main concern for their journal. As we heard about the leaked credential and the phishing site become daily threat.

For example, submissions that lead to phishing site.

Many of this hack attempt grant a successful credential thief by the hacker by stealing the cookies or seducing the OJS user to input their credential.

After they have gained access to the OJS, they may place a nasty backdoor to explore the server and take over the server’s highest roles as root. This is the reason that many of users that use the hosting that uses CPanel can also get hacked without the hacker needing to inject any malware or abuse the vulnerability in OJS. In another case, the hacker attaches a link to JUDOL. The negative impacts of this activity includes: Journal becoming seen as the host of online gambling affiliation, the data being manipulated by hackers, Google Scholar removing all the articles of the journal in their indexing, and many more negative impacts that affect the credibility of the journal.

The need for improved security protection become an essential and must-have feature for this kind of threat become essential for many of our client. The commitment to provide better support for our clients became our top priority. We also note that the OJS has very limited security feature. One of the proof is although we have implemented all the security features in OJS, the journal may still have a chance for getting hacked.

Currently in OJS, there are only very basic configuration in OJS security. Such as there is the feature of configuring the Google Captcha and Allowed Host. However as the attack pattern is more complex in the digital world, We develop an exclusive plugin for enhancing the security of OJS.

To prevent this kind of threat, our team has divided into two team: the first team that created a OJT Guardian that is created to protect our server based on Python and not directly related to OJS. The second one is to create an OJT Advanced Security which is an OJS plugin that can be deployed to all of the support and hosting clients.

In this we will introduce you OJT Advanced Security

OJT Advanced Security is created with the purpose to improve and provide the better security tool for our client. The features that we have built are based on our vast experience in handling many of reputable client. The feature include :

  1. Keyword Injection Protection
  2. IP Address Blocker
  3. 2-Way Authentication method
  4. File Monitoring
  5. Backlink Filter
  6. User Agent Protection
  7. Journal Editor and Production Editor Restriction
  8. Hide or Delete Incomplete Submissions
  9. Block HTML in Publisher Library
  10. Disabled Edit Email

With this plugin, you can configure improved security features such as when some user wants to add a backlink to online gambling, it will automatically block the activity. You as the OJS administrator can also block requests from certain IP Addresses. We also implement a sophisticated algorithm inspired by ModSecurity that will add a trust score to the traffic of OJS. If the request is decided below the trust score it will automatically block the request.

We also regularly update the pattern of attack to our client such as SQLI Pattern, RFI, and many more patterns. This is to make sure that the configuration get updated and makes the use of journal without interruption.

Any hacking attempt will be thwarted by the plugin, providing a shield that keeps you at ease in mind

We believe that this advanced protection is the ONLY tool that is provided by us – OJT Team as the vendor that is focused on OJS. This also shows our commitment to providing better support and enriching the ecosystem of the OJS.

OJT Advanced Security Plugin feature to fully protect your OJS site
More configuration is included and will gradually improved based on our case to handling our client.

Why you need metadata change protection ?

Protecting OJS from Metadata Tampering and Security Threats

Through our experience managing thousands of OJS (Open Journal Systems) clients, we have identified a major security risk: OJS provides very limited built-in protection against unauthorized changes to journal metadata.

For example, OJS does not send alerts or provide controls when someone attempts to modify critical metadata such as:

  • Article citations
  • Abstracts or full-text content
  • Author names and article participants
  • Issue metadata or publication information

This creates a serious risk to journal credibility and indexing.

How Hackers Exploit OJS Vulnerabilities

If a hacker gains access to an OJS installation—often via a data breach—they can:

  • Inject hidden backlinks into abstracts or full-text articles
  • Alter citations or DOI metadata
  • Modify author names or article participants
  • Change indexing-related metadata without detection

Even small unauthorized changes can severely impact journal indexing, including:

  • Google Scholar author profiles and citations
  • DOI records
  • Scopus or other major academic indexes

List Features of Advanced Security Plugin

We are confident that the Advanced Security Plugin can fully protect your OJS site. Why is that? Because every feature we develop for the Advanced Security Plugin is based on real cases experienced by OJS users globally in relation to security issues. So these features are not just imaginary, but are based on real cases. Additionally, we have also made improvements to the Advanced Security Plugin based on the expertise and experience of our OJS security team, who have years of experience in protecting various OJS sites for our clients, from newcomers to highly reputable journals.

To make it easier for you to understand the features and multiple benefits of security that you will get when using this Advanced Security Plugin, we will tell you in detail about the features available in this Advanced Security Plugin. Here’s are the details:

1. Keyword Injection Protection

It can be said that the feature related to protection against illegal keywords or backlink injection is one of the main reasons we created the Advanced Security Plugin. We saw various concerns experienced by OJS users. At that time, administrators complained that their sites were infiltrated with illegal keywords or backlinks related to gambling sites, judol, slots, and the like. In some cases, you may not see them directly on your journal pages, but if you check the source code, you will see various links or keywords related to gambling sites or judol, as shown in this image:

injected with illegal keyword and backlink about gambling slot judol hack

If the problem is not resolved immediately and is left unresolved, your OJS site will be indexed in search engines (such as Google) as a gambling site, as shown in this image:

ojs indexed as gambling site in google search engine

This not only damages your OJS site’s SEO, but also causes various other losses such as decreased journal credibility, visitor numbers, submitted articles, and various other serious losses. Gradually, this will have a significant impact on your OJS site.

To overcome this, we have developed the Illegal Keyword and Backlink Injection Protection feature in the Advanced Security Plugin:

Protect from illegal keywords slot hack casino gambling by Advanced Security Plugin

With this feature, any hacker who tries to input illegal keywords or backlinks in your OJS will be automatically blocked by this Advanced Security Plugin protection:

hacker blocked by advanced security plugin

Not only that, the hacker will be forced to log out and even their IP address will be blocked. There is also an additional feature to force the hacker to perform 2FA (2-step verification via email) so that they will have difficulty logging back in. This is already included in this feature:

force 2FA and block IP address of hacker by advanced security plugin

With the Illegal Keyword and Backlink Injection Protection feature, your OJS content and metadata will be fully protected and free from hacker interference. This protection will continue to run 24/7, so you don’t have to worry about the security of your journal metadata and you can even sleep peacefully throughout the night.

2. IP Address Blocker

This feature will display a list of blocked IP addresses (especially hacker’s IP address). This blocking is based on the activity generated in feature number 1 above related to the Illegal Keyword and Backlink Injection Protection feature. So if a hacker inputs the illegal keyword or backlink, they will be automatically blocked by this feature and you can see the list of blocked IPs.

ip address blocker

In addition, this feature allows us to manually add IPs that need to be blocked. We can also whitelist certain IPs if necessary in specific cases. With this feature, you can handle this issue flexibly.

3. 2FA or 2-Way Authentication Method

Next is the feature about  2FA (2-Way Authentication). This feature allows us to activate 2-step authentication mode. In short, when users log in, they not only fill in their OJS login username and password, but they are also required to fill in the OTP code sent to their registered email. The following is the dashboard settings display for 2FA:

two way authentications to double protect the journal accessibility

Have you ever logged into Gmail and had Google send you an OTP code that you had to enter before continuing the login process? The 2FA feature we developed in OJT Advanced Security works on a similar concept. After the username and password are successfully verified, the system will send an OTP code to the email registered to that OJS account. If the user does not enter the OTP code, access to the OJS dashboard will not be granted. 

With this 2FA feature, the risk of unauthorized access due to credential leaks, phishing, or account misuse can be significantly reduced, especially for accounts with high access rights such as Journal Manager, Editor, Production Editor, and other important roles.

4. File Monitoring

Next is the File Monitoring feature, whose main function is to monitor changes or activities in system files and plugins based on specific extensions (e.g., .php, .html, .txt, and other formats). This is very useful for monitoring various file extensions that are often used by hackers to upload malicious scripts or other backdoor formats to your OJS.

preview of file monitoring from advanced security plugin to protect your OJS site

With File Monitoring, you will receive a warning if at any time there is a change to a file or suspicious activity on the file extension that we have specified. Typically, uploads or changes to these file extensions (e.g., .php, .phtml and others) are signs of malware or backdoors that hackers are attempting to execute. With File Monitoring, journal administrators can monitor, anticipate, and immediately take action if suspicious activity or files are detected, using the options available in this feature, such as quarantine (block) and restore.

action for file monitoring

As time goes by, hackers often use various file extensions to execute backdoors or upload malware. But you don’t need to worry, in the File Monitoring feature we provide a “Monitored File Extensions” column that allows you to flexibly add various file extensions.

This feature allows us to filter backlinks. This feature allows you to whitelist any backlinks that are allowed to be input, usually backlinks that are allowed are related to, for example, orcid.org, scholar.google.com, and legal institutional/governmental backlinks. Also this feature can be used for blocking any illegal backlink.

Why do backlinks need to be filtered? Because illegal backlinks and keywords are two combinations that hackers often use to add or change the metadata and content of your OJS site into a gambling site or illegal gambling site. If these backlinks are left unchecked and not removed, they will be very detrimental to your OJS site. Some of the disadvantages include a decline in the reputation of your journal, to the point where your OJS site will be indexed as a gambling site in search engines. Therefore, it is crucial to filter backlinks and restrict which backlinks are allowed to be input into our OJS.

With this feature, you can easily whitelist specific backlink domains. You can also manually add any backlinks that need to be blocked. All of this can be flexibly added through the Backlink Filter feature we provide in this Advanced Security Plugin.

6. User Agent/Bot Protection

Another powerful feature of the Advanced Security Plugin is Bot Protection. What is the purpose of this feature? This feature is designed to protect your OJS site from various bot activities/abnormal requests that occur en masse, commonly referred to as DDoS attacks. DDoS attacks are an old method often used by hackers to disrupt the stability of your site, not only OJS but also other non-OJS sites.

our advanced security plugin will protect your OJS site from bot attack

What are the consequences if your site gets DDoS or massive bot attack? If your OJS site is affected by this attack, it will disrupt the continuity and stability of your site. Among the impacts felt by users are failed file uploads, failed article or review submission, inability to edit the OJS dashboard, and in the worst case, your site could crash or inaccessible due to the server’s inability to handle thousands or even millions of abnormal requests attacking your OJS site. This will significantly hinder the productivity of your journal, and if left unaddressed, the credibility and visitor numbers of your journal will eventually decline drastically due to the disruption of user activities.

The big question is do all hosting providers have tools to deal with this? Unfortunately, not at all 😔. From various cases reported to us by OJS users, they said their sites had been attacked by this pattern. And how surprised we were when we found out that their sites were using well-known hosting providers that we can’t mention. We deeply regret that such incidents can occur. Therefore, as a gesture of our concern for OJS users who utilize our hosting or security services, we strive to protect their websites to the best of our ability, including by developing this feature.

7. Journal Editor and Production Editor Restriction

journal editor and production editor restriction feature in advanced security plugin

This feature is used to restrict access to the Journal Editor and Production Editor in the OJS dashboard. Why does it need to be restricted? Based on our experience, we have found that many journals give Journal Editors/Production Editors complete freedom to manage a journal, and even worse, this access is shared with other people without restriction. Yes, this is not entirely wrong, but if this access data is shared without restriction, there is a potential that the OJS site could be easily modified or changed by irresponsible parties (hackers).

If this feature is enabled, the Journal Editor or Production Editor will not be able to access the following sections:
a. Journal Settings
b. Website Settings
c. Workflow Settings
d. Distribution Settings
e. Users & Roles
f. Tools

These six sections are intentionally restricted because they are vulnerable to modification or input by hackers using various illegal links or keywords related to gambling sites, illegal gambling sites, and other illegal activities. On the other hand, the Journal Editor/Production Editor feature exists to realize the main essence of both roles, which is to focus solely on the Submission menu without needing to be involved in other menus that they should not have access to.

8. Hide or Delete Incomplete Submissions

We are fully convinced that, as an Admin or Journal Manager, you will feel uncomfortable seeing dozens or hundreds of incomplete submissions piled up on your OJS dashboard like this:

incomplete submissions in OJS

If this kind of thing is left unchecked, it will only burden your site and make it more difficult for you to manage articles due to the large number of incomplete articles. It is possible that if this is left unchecked for years, it will consume your server resources. Even if there are articles input by bots or spam users, you can imagine that hundreds or even thousands of incomplete articles will haunt your OJS dashboard and disrupt the stability of your site.

Based on this, we created the Hide or Delete Incomplete Submissions feature. With this feature, as an Admin, Journal Manager, or Journal Editor, you will no longer see incomplete submissions on your OJS dashboard. This means that your dashboard will only display complete article submissions that are ready to proceed to the review process and others.

hide or delete incomplete submissions, this feature included in our advanced security plugin

In addition, this feature is enhanced with the option to automatically delete incomplete submissions within a certain period of time. For example, if you set a time limit of two weeks, then if the status of the article has been incomplete for more than two weeks, it will be automatically deleted from your OJS site data. Of course, this will make your work easier and more efficient. You don’t need to bother deleting articles one by one because the process is automatic.

9. Block HTML in Publisher Library

This is one of many unique cases we have handled related to OJS sites that have been attacked by gambling sites or hacked. At that time, the hacker relied on the Publisher Library to place various illegal content, keywords, or backlinks related to gambling sites. The part we are referring to is in this section:

publisher library menu in OJS

Based on our experience and monitoring, this feature is rarely used by OJS users. However, for hackers, this feature provides an opportunity for them to exploit this menu. What they do is as simple as uploading an HTML file to this section, which contains illegal content related to gambling sites and other such matters. This section could even be indexed by search engines (e.g. Google), and if your OJS site is indexed as a gambling site by search engines, it will damage the reputation of your journal.

Then, to address this issue, we created a feature to block HTML file uploads in menu Publisher Library section:

advanced security plugin will protect your OJS site in publisher library menu from any illegal html injection or input by hacker

With this feature, no user, including hackers, will be able to upload HTML files to the Publisher Library. This ensures that your Publisher Library content will remain clean and free from interference or threats from hackers attempting to upload other malicious content.

10. Disabled Edit Email

Furthermore, in this Advanced Security Plugin, we also include the Disabled Edit Email feature. This feature is useful so that users with Journal Manager permission levels cannot edit their emails. Here is what the settings look like:

disabled edit email in advanced security plugin

Why is it necessary to restrict editing of these emails? Because in various cases we have encountered, hackers have edited Journal Manager emails, allowing them to fully exploit these Journal Manager accounts. Ultimately, because they had control over the OJS account, they were able to freely edit the journal’s content and metadata as they pleased, and they could even add other users to carry out illegal activities, such as inserting illegal keywords or backlinks related to gambling sites.

So, there are many features in this Advanced Security Plugin. Are we going to stop here? Of course not. Our team continues to actively improve the Advanced Security Plugin to cover various security needs that will continue to arise in the future. Therefore, we ensure that this Advanced Security Plugin is very useful for protecting your OJS at all times. If there are new features in the future, we will also continue to develop this article. All of this is done as a form of our dedication and care for all of you, especially the OJS community.

Get Full Protection with Our Managed Services

You shouldn’t have to choose between performance and security. That’s why the OJT Advanced Security Plugin and OJT Blazing Cache are provided as standard, fully integrated features within our OJS Hosting and Support Services.

We don’t just give you the tools, we provide the fortress. By joining our ecosystem, you can stop worrying about vulnerabilities and start focusing on high-impact editorial work. Let us handle the digital threats while you scale your journal’s reputation with absolute peace of mind.

Our Solution: Metadata Security & Injection Protection

To address this critical OJS vulnerability, we developed a specialized protection tool that:

  1. Monitors OJS metadata in real-time
  2. Detects any suspicious changes or illegal keyword injections
  3. Notifies journal managers or admins immediately

With this system, your journal is protected against hidden attacks that could damage credibility, impact indexing, or harm author reputatio

With OJT Advanced Security features, we ensure you can operate with peace of mind and focus on what truly matters. No need to worry about non-essential disruptions, as our system is designed to safeguard your business, allowing you to be more productive and efficient in achieving your goals

About the Author
user-avatar

Project Manager

Hendra here, I love writing about OJS and share knowledge about OJS. My passion is about OJS, OMP platform and doing some research on creating innovated products for that platform to help publisher to improve their publication.

2 thoughts on “What is OJT Advanced Security Plugin”

Leave a Comment

Your email address will not be published. Required fields are marked *

Open Journal Theme

Professional Publishing system services OJS, OMP, Eprints

Need More Services  or Question?

Contact us

Openjournaltheme.com started in 2016 by a passionate team that focused to provide affordable OJS, OMP,  OPS,  Dspace, Eprints products and services. Our mission to help publishers to be more focus on their content research rather than tackled by many technical OJS issues.

Under the legal company name :
Inovasi Informatik Sinergi Inc.

About
OJS Services
OJS Themes

Secure Payment :

All the client’s financial account data is stored in the respective third-party site (such as Paypal, Wise and Direct Payment).
*Payment on Credit card can be done by request
Your financial account is guaranteed protection. We never keep any of the clients’ financial data.

Table of Contents

Index