Hi, I am in the middle of developing (using Codeigniter) a site at the moment and it requires a complex Admin section so that staff can manage various things on the site. I am looking for some advice on how I can make the Admin as secure as possible because, like any other site, if someone gains access to the admin section then they could destroy the site in a matter of seconds. I was thinking of doing the following: 01 - setting the admin section up on a sub directory such as adm1nistrat0r.website.com 02 - securing the admin section with a login section before the admin pages can be accessed 03 - securing the directory with htaccess Can anyone recommend any other methods that I could use? Thanks in advance for your help...
It doesn't matter if you use a subdomain or a subdirectory, if you secure it with .htaccess/.htpasswd (and use a good strong password!) you'll be in pretty good shape. You can add even more security by only allowing your own IP address to access that directory. But most hackers gain access through public access points, so you need to do everything you can to make sure that all of the software on the site is secure.