One of the biggest problems I have seen with Joomla is that the well-known administrator is public. You may protect it with some .htaccess configuration (I will publish some of that later), but the problem is that since most Joomla websites are hosted and residential Internet providers give you dynamic IP, protecting by IP is useless.
On the bright side, remember when you are installing Joomla, the super admin username is not any more admin. You can select a different one, which it makes really difficult to guess it. However, there is still the thread of the DoS, many failed attempts may run out of resources your Web server, and this is why we need fail2ban.
Usually, this should not be a big deal, but since ISPConfig takes over many configurations it is important to take note of this. ISPConfig 3 will not log anything in the common log places (a.k.a /var/log/httpd), instead, it will store the logs related to your website into the /var/www/yourwebsite/logs/ directory. Because of that, using the classic fail2ban Joomla plugin will not work for a whole server; it could work if you are only interested on protecting one website and you hardcode the log path name.
Whatever it is your reason, sometimes you need to change things on how the components output your information in Joomla. The easiest way is doing a hack into the code, however easy is not always the correct way. Hacking the code (doing changes to the PHP files) is not upgrade safe, the next time Joomla publishes an update, your changes are gone for good.
You could do this with a template override as well, but modification would be tied to the template. Since the template I am not using doesn't override the com_content component, I did the call to do it this way.
It is almost a direct yes answer. SSL certificates protect the integrity and privacy of your service. If you google a little, you will find you can create your own SSL certificates yourself. However, using a home-made it is not always the best solution.
Self-signed home-made certificates offer the same level of protection than a commercial one. The difference is that certificate authorities from commercial certificates are already imported in most of the devices. Which it enables a trust relationship when verifying the certificate. Commercial certificates have some levels of review, therefore when getting a certificate for inside-out.xyz domain, there could be a trust relationship as depending the kind of commercial certificate you were getting, some identity reviews were done.
On the other hand, there are multi-domain, wildcard or single FQDN certificates. Multi-domain certificates take advantage of the multi DN capability of SSL certificates and allow you to have for example inside-out.xyz and inside-out.com domains together. Wildcard certificates are those that accept anything on the hostname part of the domain, for example, www.inside-out.xyz and blog.inside-out.xyz will be accepted in the same certificate.
I will write about the different options and the implications of using an SSL certificate.