1. Make your Administrative page a secret:
At first thought, dealing with a complex Joomla super administrator password may seem to be a time consuming hustle. But, if you set it up during your initial Joomla installation with at least an 11-15 character-long combination of small and capital letters, numbers, punctuation marks and special characters, you will surely keep baddies away from your Joomla system. Do you really want your web site to be hacked?
Do you really want your hosting account to be suspended?
Consequently, It is a good idea when you hide your admin configuration area from the potential hackers by using a secret URL to access the backend. If you protect your administrator folder, one more password will be required to lead you to the standard login form. If you use a dynamic IP address, you will have to edit the .htaccess file everytime your IP changes.
2. Use strong login details:
The default Joomla login is ‘admin’ and most hackers know that. It should be changed to custom one with a strong password which include upper/lower keys, numbers and symbols.
Remember that you must not use passwords like admin, admin123, 123456 … and so on if you want to keep your Joomla site safe. A strong password concludes:
No less than 8 characters in the length
No username, real name, school name or company name
A mixture of uppercase, lowercase characters and numbers
There are many free tools which generate strong passwords on the internet so find one and keep your account safe. Then change it regularly!
3. Often do backup your site
Keeping a backup of your website is a wonderful idea. It provides insurance against all types of setbacks, such as security compromises and inadvertently deleting your entire site (it happens).
Regardless of the controls you put in place, you can never be 100% certain that all the implemented safeguards will work. As a final precaution, you should always account for the value and importance of having a backup of your website and associated files.
Files and database from your site should be backed up frequently in case you Joomla site is pulled into trouble. You can back up your site manually or use available Joomla extensions.
We suggest backing up your site before you make changes each and every time. That way, if something goes awry, you have a fresh copy that you know is working. It might seem like a hassle, but the first time you use a backup, you're going to pat yourself on the back for having so much foresight.
4. Remove unused Joomla extensions
Housekeeping is important in your Joomla site, as well as in your life (sore point?). It's very tempting to install and test loads of extensions, just leaving them unpublished after you're done testing. Still, even if a module or plugin is unpublished, the files are still there on the site. So, they can be a potential security risk. Another point is the mess they make in your site. Get rid of those old (and forgotten?) extensions and templates today and start 2016 with a fresh, more secure website.
You may install many extensions to your site, test them and forget them. Not only make your site slower, this will bring you many troubles that you may ignore. Now, check all of the extension and keep only important ones left then see how better your site works.
5. Always upgrading to the latest version of Joomla
Keeping your Joomla up-to-date is extremely important for your website security. It is also very easy, when it comes to upgrading within the same major version you are using. However, the process of migrating from one major version to another is not such a simple task but we strongly encourage you to nevertheless make the effort.
To upgrade your Joomla manually, you need to access your administrative area at https://yourdomain.com/administrator. Once you do that, Joomla 3 will automatically check for new versions at its official repository. If there is a new version available, you will see a notification in your quick links