You may think that updating your Joomla site to the latest version is not something worth doing every time a new version is released. The site works just fine, and you are not interested in the eventual new additions. You're wrong! There's always a major reason for update to the latest version of Joomla: Security!
Secure Joomla
Joomla is safe!! - you can heard in every forums. Is indeed safe enough? Yes, the core Joomla, if properly configured and deployed is a reasonably secure environment. The difference can be made by several factors. and first of these factors is YOU, the webmaster. But there are others, like the hosting environment, the addons used, and couple of others. Watch your back! And keep your site safe!
Most of attacks on the web - and Joomla sites aren't an exception - are made fully or in first phase at least by automated robots. These are using known entrance points as administrator logins to most used software solutions to try they chances to break in. So it's a wise move to change these well known locations. But wait! The need to upgrade compatibility may made this difficult, so, how we can do this without changing a line in Joomla code?
Every hacker in this world knows, that by default all Joomla database tables have the "jos_" prefix. Is that well known, than even automated defacing scripts are using this, and there are a lot of "tools" which are capable to automatically probing your site having this presumption built into them.
Joomla has everything you may need. Right? If you take a look to the Joomla Extensions site, you may agree with this. But, as always, there may be cases, when the above statement is wrong. For specific need he simplest approach may be to use for specific purposes a standalone script. You can solve the problem - apparently - by using Joomla's wrapper feature, and use your scripts as they where part of your Joomla site. Almost perfect solution you may think... but your scripts are directly accessible by their physical URL, not only through the Joomla interface. What you can do about?
A lot. And surprisingly easily.
This tip explains how to move your configuration.php file outside of your webroot as well as making it unwritable by the server. That makes it nearly impossible for someone to corrupt or gain access to the information in the file.
It's always a wise move to move your sensitive files outside of the so called WEBROOT, the directory which is used by Apache to show your website. This way you can be sure, that nobody else, but your Joomla core code can use these files.
Moving some files/folders, like the main configuration.php or the location of admin login may be tricky, but mowing these two key folders is relatively simple.