One very popular way for hackers to try to gain access to your Joomla administrator is to brute force attack to guess your password. Using this method they bombard your admin form with thousands of usernames/password until they find the right combination. Since Joomla doesn’t let you choose the admin username when installing they already know the username, this makes it twice as easy. Fortunately is is easy to add several layers of protection.
1. Change the admin username
The first step you should take is changing your admin username. Login to cPanel, go to phpMyAdmin, select your Joomla database, browse the jos_users table and edit user id 62, this is the original super admin user. Change the username to something other than admin. This step will already almost eliminate any chance of your login being guessed since most hackers will just use admin for the username.
2. Improve your admin password
Next you’ll want to make sure your admin password is sufficiently difficult to guess. You’ll want to have at least 8 characters with a mix of lower case letters, upper case letters, numbers and special characters. A good password generator can be found here.
3. Add .htaccess protection
The firewalls on our Joomla hosting accounts automatically check for failed login attempts on .htaccess logins, so potential hackers will automatically be blocked after 5 login attempts. To add .htaccess protection login to cPanel and click on the Protect a Directory button. There you will be able to select the directory to protect (in this case your “administrator” directory) and add users who can login.
Taking this steps will help protect your Joomla admin login from would-be hackers.