My primary tip with regards to security and joomla … is don’t use joomla 
(it has more exploits than pretty much all other cms combined)
If you must use it, put .htaccess authentication on the admin directory, install in a non-default path, lock down file read/write access permissions as strict as you can, reduce the amount of plugins you use, sign up for security alerts for joomla and any plugins you do use, keep it up to date, avoid shared hosting, avoid free themes unless you are 100% certain of the provenance. Read this and apply everything in there: http://docs.joomla.org/Security_Checklist/Joomla!_Setup