Use SSL on your site and force Joomla into SSL mode for all logins. Just be aware that you must have a properly configured SSL certificate for your site's domain (shared SSL certificates will not work), or you will not be able to enable SSL in Joomla without running into additional problems.

The FTP layer often has to be turned off anyway to allow some third-party extensions to work, and many servers use suEXEC instead, so it's no longer as useful as it once was. Disable the Joomla FTP Layer and ensure it has not stored your login details.

Switch off register globals--but be aware that doing so can disable some PHP scripts from working, and may affect other programs that your site uses from working. To do this you just need to edit your site's php.ini file in the root directory for your domain.