1. Update your CMS system
Regardless of what system you use to manage your website, it's important that you keep it up to date. There are regular security updates for all major CMS systems - be sure to keep your site up to date. Eg. in Joomla 2.5.7 there was a serious security hole.
Also, be a little careful about what extensions, plugins, components, etc. that you install. In some cases, some third-party extensions may have a built-in backdoor, but more often the problem can be that the program is not as secure as the official releases and may contain additional files. security holes can be exploited. If you are using different extensions, make sure they are updated to the latest version
2. Use the appropriate login code
There are many websites that are attacked through brute force, in which the hacker gets into the site by trying each potential password - until he gets to the location. It is extremely important to have a secure password. Use upper and lower case letters, special characters, and numbers to make your code as complex as possible. You can also have a different username than the regular "Admin".
Good passwords can be hard to remember, a good rule is e.g. to use a sentence that one can remember. Find a phrase that works for you and you can remember. And remember to change your code often and don't use the same ones anywhere on the web.
It's important to just stay away from plain simple code that's easy to break. Surprisingly a lot of people use code like "1234" or similar
