Joomla 2.5 Installation Security Check List

After many years of installing & customising Joomla websites I thought it might be useful to share some tips on Security:

• When installing make sure you don't use the default jos_ table prefix for your joomla database, rename this via phpMyAdmin if necessary .
• Never use the default Super Admin username of "admin" always change this to something else less predictable.
• Never use the user ID: 42, either change the user ID via phpMyAdmin, or demote this user to registered and then select "block this user" via Joomla user manager.
• Redirect the admin url to something other than /administrator/, you can do this via a .htaccess redirect, although their are plenty of great extensions out there that will aid in securing the url of your admin panel from potential hack attempts.  Jsecure Authentication is one I highly recommend, this component with allow you to choose the new admin panel address
• i.e. /administrator/?whateveryouwant!
• Check and change your chmod settings to:
• directories should be 755
• files should be 644
• configuration.php file should be 444
• use an ftp client like filezilla or your hosting panel file manager to change the settings
• I prefer to install and use akeeba admin tools (lots of other great security features including WAF)
• Avoid using ftp in Global Configuration via Joomla admin panel.
• Set show Joomla version to "No" in Global Configuration via Joomla admin panel.
• Ensure that all sensitive files are outside the web root.

I will add to this list as I think of others, most of them are second nature to me.  Please feel free to make comments or add suggestions to this list!