More than 90% of hacked websites are Joomla based websites, Usually, the hack is due outdated Joomla installation or outdated Theme or Component (Plugin).
1. A proven way to secure your Joomla (beside the regular advise of keeping your software is up to date) is to use Password Protected Folder function in cPanel to protect the administrative area ( administrator/ folder inside your Joomla installation ),You should set username and hard to guess password for the administrator folder different from the ones for your Joomla application and cPanel.
Once you do this, you will have to login twice to admin Joomla. First to access the administrator folder and then to login in the application itself.
2. Another good way to improve your Joomla security is to add the following code to your current .htaccess file, this will disable the direct access to all PHP files in your Joomla website the but the necessary 2 files only: index.php and index2.php
deny from all
<Files ~ "(^index.php|^index2.php)$">
allow from all