Phpworker
answered Nov 30 '-1 00:00
Joomla is great web cms so obviously got many attacker who knows how to crack the Joomla but little care will help you a lot
1. secure admin
admin is the first part where attacker try to hack
so first change the folder name of administrator to other more complex so is not easy to guess where Joomla Admin panel
how to change the admin folder name in Joomla
- > you can do it direct folder name change or
->use .htaccess redirect
suppose https://www.joomla.org/adminstrator give you :: 404 error - The requested page can't be found. thats great
avoid those component/plugin/extension who use administrator js and css . i mean in html part shows js and css full path to admin which is not good . it great help to attackers.
2. Use verified Extension
Extension like plugin / component / module have direct access of web site database , all resource , so you need to check whose code you are using.
if you got any doubt and still want to use it than try to check code of it and hire another people to verify it.
remove unwanted installed Extension
Extension is heart of Joomla so keep updated it. and try to use beta version
3. secure server firstly
before securing Joomla . secure server first.
use ssl , if needed . https give you both side encryption so attacker cant catch in between query or post data between server an client.
4. secure PHP also
you can consider all security advice work for PHP . it also work for Joomla because Joomla made on PHP
So follow this question also : how to improve PHP security ?