Joomla protection

How to start protecting your Joomla Site

  1. Always keep Joomla core up-to date
  2. Always make sure you run the latest patched versions of extensions
  3. Make sure you choose strong passwords for all logins
  4. Check your own website for vulnerabilities
  5. Always check the webserver’s log files for potential hack attempts
  6. Secure your server if you host your Joomla website on a VPS or even a dedicated server
  7. Create a list of all extensions you use and try to monitor them. For example you can use Google or security websites for staying informed about the latest vulnerabilities. Only use secure extensions.
  8. Use SEO for URL’s. Activate the SEO features, use SEF URLs
  9. Furthermore most tools and scanners are not able to work with search engine friendly URLs
  10. This might be a big surprise, but with these measures you already gained a decent protection level.
  11. The last things to do would be to rename the Joomla backend folder from “administrator” to may be “admin_acp_1234567” in order to prevent script kiddies and scanners from finding your Joomla backend.
  12. And, last but not least, protect the PHPMyAdmin login (if you have any) with .htaccess files. You can’t do this with the Joomla admin control panel since some components need to have access to administrator/components.)

Source: http://www.exploit-db.com/papers/15780/