One very popular way for hackers to try to gain access to your Joomla administrator is to brute force attack to guess your password. What this does is try thousands of different username/password combinations until they find the right one. Joomla doesn’t allow you to choose the default admin username so they already know half of what they need. Fortunately it is easy to add extra security.
#1: Change the admin username
Firstly, you will want to change the default admin username. First login to your control panel (often cPanel) and go to your database editor (normally phpMyAdmin), . In your Joomla database edit the jos_users (your prefix may be different) and find user id 62, that is the user you are trying to edit.. Pick a username other than “admin”. At this point very few hack attempts will work since most just try the default admin username, this involves less coding on their end.
#2: Choose a better admin password
Now you’ll need to have an admin password that is difficult to guess. A secure password is 8-12 characters (the more the better) and contains numbers and special characters, along with lower and upper case letters.
#3: Use .htaccess protection
With .htaccess protection there will be 2 logins needed to get into your Joomla admin. Some Joomla hosting providers have firewalls that can automatically block a hacker after a set number (normally 5) of failed login attempts. .htaccess protection can be enabled by logging in to cPanel (or your hosts control panel) and clicking the Password Protect a Directory button. You can then select the “public_html/administrator” directory to protect, and add users who you want to be able to login.
These few, easy steps will exponentially increase the security of your Joomla installation.
