• One of the best ways to secure the login process, which you see or hear little of for some strange reason, is to force SSL during login and admin usage. It seems really obvious, but no one does it. Even using a shared SSL certificate would be helpful.

    • Cyrus

      Yes. You could do that. I personally use IP based protection through Nginx. Never had anyone hack through my login or admin page but it is not 100% bulletproof either.

Previous post:

Next post: