Recommended instructions to avoid possible security issues in near future.

• Choose strong passwords for cPanel, Wordpress/Joomla admin and FTP account access, which contain a combination of upper, lower case letters, numbers and special characters such as ) eg. <@E#UKHost!.| Block all other IP addresses in .htaccess file for wp admin/Joomla Administrator area access.
• Keep recommended permission, ownership for files/folders. Do not set maximum permissions, nobody ownership which gives read, write and execute access to the world.
• Do not enable display errors setting in php.ini or .htaccess file or in the application’s configuration file.
• Do not disable mod security protection in .htaccess file.
• Do not enable vulnerable PHP functions in the php.ini file.
• Disable directory index listing/browsing using .htaccess file.
• Hide your CMS application name and version in all pages.
• Update your CMS applications, themes and plugins to the stable, patched version.
• Do not install vulnerable CMS applications, themes and plug-ins.
Protect your source code. There are scripts to make your source code hidden. This is more effective, but a pain for anyone who wants to edit your site. The preferred method is external files such as external style sheets or javascript files. (Consult with your developer for the same)