In the two previous parts of the Joomla security series, we looked at various configuration settings both prior and after installation. Here are some important security steps to take during installation.
1. Move the configuration.php outside of the root document directory. For example, if you directory is /home/user/www/public_html, you can move configuration.php up to /home/user/www where outside visitors cannot possibly access it. Read this guide for the detailed procedure.
2. Disable XML-RPC, if not needed. Unless you need to access and publish to your Joomla installation from another application (without logging into your website), this component just presents a security risk.
3. Check 3rd-party extension vulnerability. Joomla publishes a list of vulnerable extensions. Avoid them.
4. Use SSL for all logins and publishing. Joomla 1.5 has increased support for SSL.
Previous Joomla Security Tips: