You simply can’t be 100% safe from getting your website hacked. But fortunately there are ways to help reduce the chances of being hacked and recover quickly if some clever hacker still succeeds.
Create a full backup of your site
Create an initial backup of your entire website. You should use Akeeba Backup for this, but any other solution which at the end saves everything - database AND files - is great. Save this backup either on your personal computer or save it to a site like Dropbox, Google Drive or some other online storage site. This is key to the recovery process. Make such backups time-to-time. The frequency varies largely upon your site's typical use, some sites needs to be backed up often (both files and database) for others is enough to save the database time-to-time, and making full backups can be done less frequent. Don't keep only the latest backup! That might have already malicious code egg-dropped or otherwise added to it. Restoring an already corrupted stage of your site leads you nowhere!
Have a tried and working restore process in place
A not tested backup can be as good as the one you never did! Test, if you can restore the site from backup, and be sure, that you have everything in place when you need to do a real restore. If you’re using Akeeba Backup, you can use Akeeba Kickstart which easily restores your Akeeba backups.
Keep your Joomla site up-to-date
Stay on top of the new releases for Joomla and any third-party extensions you may be running on your Joomla website. If you don’t have a trusted Joomla expert that you can turn to then take inventory of all the third-party extensions that you have on your website and join the mailing list of these companies so you can be aware when new releases come out. Here are two Joomla mailing lists you should be on:
- Joomla Security Updates: http://feeds.joomla.org/JoomlaSecurityNews
- Joomla Vulnerable Extensions: http://feeds.joomla.org/JoomlaSecurityVulnerableExtensions
Use a reliable hosting company
Don't get fooled by the price or their advertising. Search in Joomla forums for information about hosting companies, and make your choice based on other's experiences. Paying a little extra can end up in huge savings on long run. Check, if your prospect has a solid backup policy in place. see if they are doing reliable and usable packups, or you are on your own. Some companies are telling you this frankly, others are selling you snake oil wit some unreliable, unusable backup plans. The really good ones are doing daily backups letting you restore the site with one click. Choose the company with the backup plan which fits your knowledge and way of life. But even for the best Joomla gurus a host with a good backup plan can be a lifesaver. consider twice when you opt for a host with no (or not reliable) backup policy. Check also the host's records/policy regarding server update frequency. Some hosting companies do not update their server software in a timely manner. this can be a serious security risk, both because their servers will get more-and-more vulnerable over time, but they are putting you in difficulty by upgrading your site. New Joomla releases might not be compatible with outdated server software. Also check the availability and the price of Technical Support. Not everyone have 24/7 or live support, or cost of that might be prohibitive for you. In case of disaster every minute can made the difference.
Have handy the contact info of a Joomla (security) expert
Even if you maintain your own website, it still good to have a Joomla expert you can contact when you need help. Having a trusted resource when you are in trouble can make your life much easier. And, if you don't have one among your friends, you still can find some affordable Joomla Security support packages.