Some points about this sticky:
1. good idea, should be integrated as default content in installer sql! Just so it's right there in your face, instead of somewhat hidden here.
2. but: some of the things in there should be explained, for example:
* i have no idea what shell access is and can be used for
* i have absolutely no idea how to "Use an Intrusion Prevention/Detection Systems to block/alert on malicious HTTP requests", no idea what that could be.. (yeah, go ahead and hack my site now..
* i have no idea how to "Check the "raw logs" for real detail", dunno what "raw logs" are, and what "real detail" I should be looking for!
* how do I "Configure Apache mod_security and mod_rewrite filters to block PHP attacks"? no idea!
* most stuff listed under "PHP" wouldn't know how/what to do..
About 3P extensions: how do I know if I can trust a site? If I click a download link here on the extensions site, and it takes me to another website, is that to be trusted because it's linked here? Or is there a list somewhere?
And all the interesting things listed under "Joomla! Hardening" would be cool to use, except I got no clue how, for ex. "Move configuration files above Web root using symlinks or modified path variables" sounds like something I'd want to do too..
So, it all sounds very interesting for someone who knows how to DO all this stuff, but there's all the details missing for all those who don't..