To avoid Joomla site to be hacked follow the following steps.

Disable RG_EMULATION for Joomla. When this option is enabled even the latest Joomla is

vulnerable to some variable injections. It can be disabled by placing the following line in

your configuration.php:

if(!defined(‘RG_EMULATION’)) { define( ‘RG_EMULATION’, 0 ); }

————-
Secure your administrator’s area. This will first prevent simple brute-force attacks. Along

with that, all components and modules’ code inside this directory will be safe. For this

purpose:

– Place an .htaccess inside Joomla’s ‘administrator’ directory. It should contain:

Deny from all
Allow from YourIP*

In case your IP changes, you should try securing the directory with Password Protection

If you are using PHP 5.2, make sure that the directive ‘allow_url_include’ is set to off;

If you are using PHP version below 5.2, make sure that the directive ‘allow_url_fopen’ is

set to off.