How to secure your joomla site(very helpful)

First of all check if your Joomla installation is the latest release, there are known vulnerabilities in the older versions of Joomla so update it to the latest version A.S.A.P. You can check you Joomla version after you log in, it's in the right top corner (ex. Version 1.5.23)

In order to keep your installation secured, you need to make several changes right away. First of all, change the default admin username, and change the ID. It's pretty easy to reset the password if you know the username and ID of the administrator (default username is Admin and the ID in Joomla 1.5 is 62 and in Joomla 1.7 is 42), so to change it you need to do the following:

1. Create new user (it will automatically get new ID), and make it "Super Administrator" (click on Site/User manager, then choose the new user and the role from the "Group" list.

2. Then you need to open the old Admin user, and make it "Registered" user.
Note: Don't forget to log-in with you new administrator user, the old one will be there but it will be regular user so you won't be able to log in the background with it.
Next you need to prevent the reading of your xml files (they can reveal information of your Joomla version in order someone to find exploit for it). To do this, you need to open your .htaccess file and add the following lines or find them in the file and un-comment them:
<Files ~"\.xml$">
Order allow,deny
Deny from all
Satisfy all
3. but not least, install "Marco's SQL Injection", it's a free plugin working on both Joomla 1.5 and 1.7 which will prevent all SQL injections and LFI attempts.

By following these three simple steps you will secure you Joomla installation from majority of threats, however, please remember that this does not guarantee that someone can't breach your website.

