• It is important to host your website on a server that runs under your own account user as compared to the global Apache. If you don’t have PHP configured in this way, you will open yourself to cross account attacks from various users on the shared server as you will not require to CHMOD to 777.
• Once you are hosted on a server that runs PHP as directed above, you should make sure that all of your files are securely CHMOD to 644 as well as directories to 755. Make sure that you never CHMOD any directories or files to 777. This should be specifically taken care of in case of configuration .php file.
• Remember that the Joomla security FTP layer was developed to bring out a work around solution if a user was hosting a website on a server that did not run PHP under the account user. It lets you to install extensions under Joomla without the requirement to run into the issues of file ownership.
• You must ensure that you set secure passwords for both your Joomla administrator user.
• Another important tip is to protect your Joomla password.

Following all the above mentioned tips will help you ensure Joomla security.