Security on Internet is very fast moving challenge. There is no right way to secure a website.
Backups Joomla Web Site Regularly:
Choose good Joomla hosting company, which has good backup plan.
Even if you have reliable host company, take Joomla backup manually. If possible, put a cron to take backup on weekly basis. Do It Right Now!
Enabling Search Engine Friendly (SEF) URLs:
Search engine friendly, human-readable or clean URLs are URLs that make sense to both humans and search engines because they explain the path to the particular page they point to. And good SEF component also gives security benefit. A SEF component masks that information and makes it harder for a hacker to find eventual security vulnerabilities.
Login into Joomla Administration:
Click on Site
>> Global Configuration
On Site tab select “Yes” next to Search Engine Friendly URLs
Secure Administrator login with Complex Password:
Make Sure to change default administrator account as “admin” and bad password, which is not easily guessable.
Its probably biggest security risk in Joomla. By keeping default user and guessable password, you are helping hacker in their job.
Secret Key to login into Joomla Administration:
You need to hide administrator back end from potential hackers and allows those that have secret URL to access the administration area.
There are number of Login protection extension available which helps to add secret key to access administrator URL.
Like jSecure & kSecure and found them good.
Check for latest secure version of Joomla?
Most important any administrator of Joomla website must keep Joomla, extension, up-to-date.
Monitor Joomla Web Site:
Web Site Availability is key for your customer, client and business.
Keep file/folder permission appropriate:
All files should have good CHMOD configuration.
Config Files – 666
PHP files – 644
Other folders – 755
Remove all the unwanted & avoid third party un-identified developer’s extension
It’s good to try and improve but bad without knowing developer. Delete extensions, which you are not going to use.
As an Administrator you install lost of modules to try out new functionality.
Scan your website:
You can perform online scan on your website to do security check.
Implement Two-Factor Authentication:
You need provide username, password and random generated OTP (One Time Password).
OTP is six numeric digit code, generated by cryptographic functions in a short interval.
Even if hacker break your Joomla Administrator username and password, they require OTP to login. It’s typical financial transaction authentication way.