Joomla! is one of the most popular webapps used on the internet, and from my point view only 5% of them are actually secured! xD
For hackers, when they see a joomla website on the server, they think it an easy target (It is an easy target if you didn't secure it!) and start attacking it!
So let's start with our steps! =)
1. Make Your Password Super hard!
what I will suggest is, making your password long, full of special characters, and full of numbers and letters. A hard password would be like this following:
W#W#W.S3cUr!tYg3Ek$.N3t|R0(k$s$z
You might be wondering, How in the hell would I remember this?! o_O
well easy, save it in you computer, mobile and somewhere else (In case you lost them) to use them when needed!
The above password would take forever to get cracked, usually hackers will target another site when the hash doesn't crack xD and still you can make it much longer, like copy that and paste it three times and use it as a password :D
2. Securing From Symlink
what you have to do is change your configuration file permissions to 400 | HOW? Open your Cpanel and you can find the option to change the file permissions. OR you can change it using FTP using filezilla. another way (Most dangerous but best) is uploading a shell on your site, and changing the permissions from there! :)
How can I change with shell?
run this command in your Public_html directory:
chmod 400 configuration.php
3. Securing From Shell Upload
In Joomla, hackers upload the shell as in media section, after allowing PHP extension in global configuration. what we should do is, securing from shell upload even if they have access to the admin panel somehow.
chmod /images/ directory to 400 when you don't need to upload anything. that will make it not write-able for uploading even if .php is enabled.
disabled your FTP when you are not using it, and avoid opened FTP as much as possible. by doing those two things you will prevent many shell upload attempts by any attacker.
4. Scanning And Being Up-To-Date
Scan your website every time you install a plugin, and keep checking exploits Databases like 1337day and exploit-db to see if your joomla have any vulnerabilities or not.
after installing your joomla, scan it with JoomScan to see what vulnerabilities and patch them before you even launch your website.
4. Fast Tips/Tricks
# NEVER use the same password on two different things related to your website! for example your admin panel and FTP password, database password and FTP password and so on. even don't use the same password as your email or facebook!
# DO NOT use "admin" or "administrator" as your username in your website.
# Disable FTP when it's not needed.
# Try to change your admin password every once and a while!
# Check This Link to apply more security stuff!
