To avoid Joomla site to be hacked follow the following steps.
Disable RG_EMULATION for Joomla. When this option is enabled even the latest Joomla is
vulnerable to some variable injections. It can be disabled by placing the following line in
your configuration.php:
if(!defined(‘RG_EMULATION’)) { define( ‘RG_EMULATION’, 0 ); }
————-
Secure your administrator’s area. This will first prevent simple brute-force attacks. Along
with that, all components and modules’ code inside this directory will be safe. For this
purpose:
– Place an .htaccess inside Joomla’s ‘administrator’ directory. It should contain:
Deny from all
Allow from YourIP*
In case your IP changes, you should try securing the directory with Password Protection
If you are using PHP 5.2, make sure that the directive ‘allow_url_include’ is set to off;
If you are using PHP version below 5.2, make sure that the directive ‘allow_url_fopen’ is
set to off.