Mainly based on the Joomla Security FAQs we created a quick checklist to make your Joomla-site less vulnerable for hacker attacks. These are probably not the top 11 tips, but at least those where GuardXT can help you. GuardXT is the joomla administrator component that helps to increase the security of your site, regarding these topics.
1.) Be informed about known Joomla vulnerabilities
Subscribe to the Joomla security news. Usually they provide fixes incredibly fast.
2.) Keep Joomla! and your components up to date
The latest versions of Joomla! and 3rd party components usually are safer than older versions.
3.) Ensure proper permissions of files and folders
File permissions 644 and folder permissions 755 are considered to be a good trade-off between security and functionality.
4.) Protect your configuration.php file
configuration.php is probably the most critical file of any Joomla installation. Make it at least unwriteable.
5.) Use a .htaccess files
Even if you're not using SEO, the .htaccess file that comes with Joomla blocks some common exploits
6.) Rename the default admin user
Everybody knows that your admin site most likely is accessible via /administrator, everybody knows the defualt admin user... makes getting admin access a lot easier.
7.) Protect your admin directory
The most sensible part of your Joomla! site is the administration site. Make sure this well protected, e.g. by adding additional password protection.
8.) Make log and temp folders unaccessible
Make sure your log and temp files are not in Public HTML folders.
9.) Clear the tmp folder
Remainders of old - vulnerable components might be in there.
10.) Recognize when your site was hacked and act fast
Often hacks are very obvious, because your site is de-faced. However the not as obvious hacks are much more dangerous. If files on you server were modified or added without good reason you should immediately act.
11.) Use secure PHP settings
Make sure your PHP configuration meets some security standards. Try using local php.ini files if you don't have access to the global php.ini.