1. Always stay updated till the latest version of the Joomla software. Subscribe to Joomla official newsletter list. The notify you when a security release or a new version is out. Simply download the update package and keep the software updated.
2. Change your admin passwords in every 3-4 months and don't keep simple passwords , which are easy to guess.
3. Apply a second layer of authentication for your admin panel. RS Joomla has a nice addon, which helps you do it. It's called RS Firewall. It adds a second layer of authentication to your normal admin panel of Joomla website.
4. Joomla doesnt allow you change the administrator link. But you should use jSecure Authenticaion in that case and have a different encrypted link for your administrator , so no one knows what is the actual link to login.
5. Avoid shared web hosting companies , if you are really serious about your website and business. With shared hosting platform , if any website in their server gets infected, then your website gets vulnerable . Invest on VPS, dedicated or cloud hosting , so you have the complete control on it.
6. Donot use the free Joomla extensions blindly . Many extensions contain vulnerable code , which when installed gets easy for the hackers to get in. Joomla team has compiled a long list for such vulnerable extensions in the past and that is updated too. So, keep a close look to that list, before installing any free extension . Only use recommended and commercial extensions , which is backed up by a good development and support team.
7. Use jHackGuard by Sitepoint. It keeps your Joomla site safe against SQL Injections, Remote URL/File Inclusions, Remote Code Executions and XSS Based Attacks!
8. Dont keep back any unused files or extensions installed or uploaded. Simply remove everything, what you are not using.
9. Maintain proper file permissions by correcting the CHMOD of files and folders. Wrong CHMOD may allow access to the hackers.
10. Always stay updated with the Joomla Security Checklist.
If you want us to handle the Joomla Security and maintenance for your website, then let us know. We have professional Joomla developers and content managers who are very much aware of all this and can help you maintain your website and keep it secure and sound.