Sometimes the Joomla site owners get a bit paranoic after a time, due to lot of hype about site security. Basically is nothing wrong with, a good site security is based on keeping your accounts secure. But what about when you are hired to do something in a Joomla site and you got ALL access (including FTP and database access) but you discover, that the Joomla account you received is only an Administrator. You can do a lot as an Administrator - but often not enough! Don't tell me, that this never happened to you - unless you are a Joomla rookie. What you can do?

A brute force attack is just a trial and error process, that runs repeatedly to obtain the correct username and password information. An automated software is being used in this process which does not decrypt the information but just continue trying with set of words and letters.. Millions of IP’s and huge number of computers are involved in this process to check different username and password combinations and avoid triggering multiple attempt limits.

Changing your database password is something you rarely need, but then you need it immediately, and with the lowest possible downtime. Why you should do that, in first time? Hm, there are many reasons/situations when you should consider changing your database access data ASAP:

• You just got hacked
• You have decided to end the business with your current developer, and you aren't sure that he's a trustable person
• You have a good habit of changing all your passwords regularly

This is a two step process, and here I'm assuming that you are clever enough and you are hosting with a company that offers cPanel . On other hosting environments the process might be slightly different, but the basics are the same.

It's one of besk keept "secrets" of Joomla 2.5+ - there is a built in password strenght meter, ready to be used. And some are selling for good money - and others offering free plugins - to let you unleash the hidden power. 

But if you aren't afraid to make your hands dirty with some PHP code, here is how you can do this:

Clickjacking is a browser security issue and is a vulnerability across a variety of browsers and platforms. A clickjack takes the form of embedded code or a script that can execute without the user's knowledge, such as clicking on a button that appears to perform another function. The hacker installs an invisible layer over the existing site, hijacking the user's clicks. The suspicious-less user will perform this way actions they never intended to, from apparently inoffensive ones, as following someone on Twitter, to really nasty things, like password, credit card information theft, and anything else you might (not want to) do on a webpage.

Also known as two step-authentication or two-step verification, two-factor authentication is an additional security option for online accounts to help keep them safe.

Websites take maintenance, and making a habit of performing a little spring cleaning each year can keep a business website running smoothly. The tips below does not apply for Joomla sites alone, any site can benefit from most of these tricks and tips.