If your website uses Joomla, it is easy to try login your back-end at the address: <your_website>/administrator/
Bad guys can attack your back-end with some technique, e.g. Dictionary attack.
There are many solutions to protect your back-end. Here, I suggest a way with small change in the file: administrator/index.php. Let add the following code after require_once lines:
$session =& JFactory::getSession();
$passport = $session->get('passport');
if(!$passport || $passport != "passed")
$goent = JRequest::getVar('your_secret_var','','get','text');
if(!$goent || $goent != "your_secret_value")
// Redirect to homepage
After adding this code, you must login at: <your_website>/administrator/index.php?your_secret_var=your_secret_value
Any attempt to access <your_website>/administrator/ will redirect to your home page.