- The most important factor in preventing sites being hacked is always to ensure you are up to date with all the latest releases, not only of Joomla! itself but also all the components, modules and plugins you may be using - you may find it useful to maintain a spreadsheet which contains these details. We always recommend using a local test-server before rolling out upgrades on your live sites.
- Sign up to the Joomla Mailing List to hear when new releases come out and other important security announcements. If you prefer RSS feeds, it's here.
- Choose a secure hosting provider - the cheapest is not generally the best - and make sure their settings and available features are as recommended by Joomla!
- Ensure you take basic precautions including
- Rename your default administrator account (admin) to something harder to guess
- If you're setting up an FTP account for the ftp layer, grant it permission only to the folder it needs (where your Joomla! installation is) and not to your entire site root
- Use JSecure's plugin to "hide" your administrator back-end - this plugin only allows access if you know the "keyword" to append to the site URL
- Only give out Super Administrator rights to people who definitely need it - if you have to give it out to a developer to faultfind ensure you're around to watch and be sure you're aware what is being done - and disable it as soon as the work is done!
- Regularly back up your files & database - Lazybackup emails you an SQL dump of your site which can be quite useful, but don't forget if you use other applications outside of Joomla! which you've bridged in (such as forums, helpdesk etc) you'll need to back them up too!
Article Courtesy of