It is becoming more popular for hackers to try to brute force attack your Joomla administrator to gain access to your administrator. Using this method they bombard your admin form with thousands of usernames/password until they find the right combination. Since Joomla doesn’t let you choose the admin username when installing they already know the username, this makes it twice as easy. If you want to add additional security, and who doesn’t, it is fortunately very easy.
#1: Change the admin username
The first thing to do is change the default admin username. First login to your control panel (often cPanel) and go to your database editor (normally phpMyAdmin), then select the Joomla database and browse to the jos_users table. The original user is user id 62, so edit that entry. Pick a username other than “admin”. Doing just this step will stop almost any chance of being hacked since most will just try the default username.
#2: Choose a better admin password
Now you’ll need to have an admin password that is difficult to guess. You’ll want to have at least 8 characters with a mix of lower case letters, upper case letters, numbers and special characters.
#3: Use .htaccess protection
With .htaccess protection there will be 2 logins needed to get into your Joomla admin. Buy HTTP’s Joomla hosting accounts are protected by a firewall that automatically blocks would-be hackers after 5 failed login attempts. .htaccess protection can be enabled by logging in to cPanel (or your hosts control panel) and clicking the Password Protect a Directory button. You can then select the “public_html/administrator” directory to protect, and add users who you want to be able to login.
These few, easy steps will exponentially increase the security of your Joomla installation.