How many times have you installed an extension and then wound up not using it. You're less likely to pay attention to these because well& you're not using them. These can lead to unseen vulnerabilities down the road. Don't just unpublish these, uninstall them completely.

Brute force attacks are very common and target weak passwords. Joomla passwords out-of-the-box are MD5 encrypted + SALTED. That said, it's surprisinghow many companies both large and small don't have mandates in place regarding passwords. Craft a password that uses numbers, upper and lowercase letters, and symbols if possible and make sure to change them every 30 days.

Your database has all your important data in it. An SQL injection or any type of hack on your database can ruin your whole month. Make sure your database access is password-protected at the MySQL level. Try using tools like or that scan your system for open exploits and weaknesses. This information can help tighten your database security.

Password protect your Joomla administrative area at the folder level. Password protecting this folder adds an additional layer of security. It should be a different username and password than your Joomla credentials otherwise you're wasting your time. This will cause admins to have to login twice but such is the price of security.