More than 2.5 percent of websites are running on a Joomla CMS — and for good reason. Most security issues stem from old unpatched versions or insecure, out-of-date and poorly written third-party extensions. Make sure you are using the latest Apache version and that your Apache configuration doesn’t allow browsing/indexing. The default administrative username is “admin” You should change this to something else. It will make it a little more difficult for a hacker to discover account details.”]
Source: https://www.csoonline.com/article/2131471/13-tips-for-better-joomla-cms-security.html