From Joomla! Documentation
This page contains relevant links for securing your Joomla! Website. As a Joomla! site owner or administrator you should remember:
- There's no one right way! Due to the variety and complexity of modern web servers, security issues can't be resolved with simple, one-size-fits-all solutions. You, or someone you trust, must learn enough about your web server infrastructure to make valid security decisions.
- There's no substitute for experience! To secure your web site, you must gain real experience , or get experienced help from others.
- It's not as hard as it looks: The following checklist below may seem intimidating, but you don't have to deal with all of it at once. As you become more familiar with GNU/Linux, Apache, MySQL, PHP, HTTP, and Joomla, you'll add refinements to your combination of security tactics.
...Security is a moving target, so today's expert might be tomorrow's victim...