I think you should change configuration.php file permission...you can read this protect your joomla administration page....you can read this
Use a local php.ini file to restrict things like open_basedir paths, and functions, use a .htaccess file to prohibit certain attacks (joomla comes with one called htaccess.txt), use a robots.txt file, move your tmp and log folders outside of public_html, move configuration.php outside of the public_html folder, download and install jsecure plugin, it adds a key to the end of the admin interface URL you can set, password protect your administrator directory. For even more protection use RSFirewall, specialized Joomla firewall/lockdown component, about 50 euro though. Google move configuration.php joomla, secure joomla etc and you'll find lots of inf
Thanks nice.. One thing for me. I'd like to block my joomla administrator link not by IP as my ISP always changes my IPs at work. any easy and good way to do so? many thanks.
Yep, password protect the administrator subdirectory and then install the plugin systemjsecure. This will change the link to your admin area from http //yourdomain.com/administrator/ to http //yourdomain.com/administrator/index.php?somecustomkeyyouchoosehere Also, make certain the default admin account that most people, and a default install, call admin, has only basic registered user privileges. Create a new user, with a user name that says nothing about control, power, admin, or yourwebsitename and give it superadmin privileges. Enable it, make sure it gets all emails and save. Log out of old admin account, log in with new admin account, change privileges of old admin account, remove editor, no to emails. Hope this helps. Blocking access to your joomla admin link by IP is one of the best ways, but could be problematic should you need access from somewhere other than an approved IP. The password protected directory and altered link are also very good.
1. do not use account admin, change to something else. 2. Make htaccess , htpasswd to administrator directory 3.change configuration.php to another directory, & include them. 4. change mode for folder & file.