One of the possible vulnerabilities of a Joomla website is the ability for a hacker to gain access to the administrator directory. A good way to help protect your site from getting hacked is to add username and password protection to your administrator directory. By adding this layer of security you will be prompted for a username and password TWICE when you try to access your admin area. The first prompt will be from the server requesting permission to access the administrator directory, and the second prompt will be from Joomla itself when you try and access the admin area directly. NOTE: The method described here will only work on a Unix/Linux server running Apache software. If you do not know what this means, contact your IT department or your internet service provider.
Before we go on, I am assuming that you already have a copy of Joomla installed and know how to access the administrator area and are familiar with it. Additionally, you should be familiar with cPanel and know how to access it as well.
The first thing you will do is to think of and then create a Username/Password combination and then put a copy of it in a safe place. DO NOT make this the same as the regular Username/Password combination that you use to gain access to the administrator area, that would defeat the purpose of this security modification. The more difficult the password combination is to remember, the less likely it can be figured out by someone. Don't use birth dates, maiden names, or combinations that you use on other sites.
Next, log onto your website's cPanel and look for the "Security" panel, then, locate the "Password Protect Directories" icon and click on it. You will want to choose the "Document Root" for the domain and then locate the "administrator" directory.
Now click on "Password protect this directory" and give the protected area a name. This name can be anything, but be advised that it will show up in the security window that pops up requesting the Username/Password combination. I usually choose the name "Protected Area". Enter the username and password you chose earlier and click "add.modify".
Now your administrator area will be password protected. To verify this, restart your browser and try to log on to the administrator area as you would normally do. You should be prompted for the Username/Password combination with the name of the protected area that you entered in cPanel. Once you have successfully entered the combination, you should then have access to the administrator area where you will have to enter your normal Username/Password combination.