.htaccess File to Additionally Secure Your Joomla

You should make the following changes to the .htaccess file in the Joomla directory:

• First, If you don't have a .htaccess file in your Joomla folder, you should rename the htaccess.txt file that comes with your Joomla installation package to .htaccess. To do this, you can use the File Manager tool in your cPanel. In addition, doing this will allow you to enable the SEF functionality of your Joomla application. The rules in it will block the majority of well-known attacks against your website.
• Make sure you are running your website on PHP 5.2 or newer. All SiteGround customers have their accounts running PHP 5.2 by default.
• Block the access to all files except index.php and index2.php. Note, however, that you may have to allow the access to some additional files if your extensions require them. If certain parts of your website do not appear, you can check the files that they rely on. Then, you can add them to the access rules. Generally, if you add the following lines to your .htaccess file, everything should work just fine:
  
  <Files *.php>
  deny from all
  </Files>
  <Files ~ "(^index.php|^index2.php)$">
  allow from all
  </Files>

Password protect your administrative area

Password protecting the "administrator" folder will add an additional layer of protection to your Joomla website. For more information on how to do that you should refer to our tutorial below. You should set username and password for your website different from the ones for your Joomla application.

Once you do this, you will have to login twice. First to access the login page of Joomla and then to login in the application itself.

That would make guessing your passwords a very difficult task for any attacker. In addition, even if there is a security breach within the Joomla script itself, a potential attacker won't be able to gain access to your administrative end even if s/he knows your login details.

Select the Password Protect Directories icon from your cPanel main page. A list of the directories on your account will appear.

Select the directory you wish to limit access to. In the new page, please create a username and a password for your user. Select a name that will appear in the login screen and click on the Save button to activate the protection.

Please note that you have to create a directory before you enable the password protection for it. Also, using one and the same directory for the purpose of password protection and FTP storage at the same time is not recommended.

It is also important to add that password-protecting your webroot (the www directory) will lead to inability of your website to be displayed directly.