Really A Nice Guide Bro.

Wanted to Elaborate on second point, as many people dont know about it. I helped my fellow mates over here to secure admin section through htaccess.


Make .htaccess file in your Admin Folder

And add this to it

AuthUserFile /path along with root/.htpasswd
AuthName "Anything Can Be Written Here"
AuthType Basic
require valid-user

Then make another file .htpasswd in the same directory that you have mentioned above in .htaccess file.

In .htpasswd Add these lines

username:encryptedpassword

You can encrypt password from here :
http://www.kxs.net/support/htaccess_pw.html


Some more things you can do with .htaccess are :

If Admin Folder is not in use you can use this command
1.
# no one can login
deny from all

2.
# no hackers can enter
order deny,allow
deny from all
allow from your lan ip



3.If you want to show any html to the person whos IP is disabled :

# quick custom error "document"..
ErrorDocument 404 "<html><head><title>NO!</title></head><body><h2><tt>Fuck you Retard</tt></h2></body></html>


If you encounter any problems then get back to me regarding any security.

DeLeTeD took a nice step to make this thread.
I will also share some of my knowledge regarding security soon. Feeling bit lazy right now.Lolz..