A couple weeks ago I decided to learn PHP and make a blog from scratch. Most of the features are completed so now I'm looking at security, specifically for the admin area. As it stands right now, in this admin area I will manage (database) content. I've been reading many articles regarding security, such as:
The definitive guide to form-based website authentication
http://www.wikihow.com/Create-a-Secure-Login-Script-in-PHP-and-MySQL
http://www.wikihow.com/Create-a-Secure-Session-Managment-System-in-PHP-and-MySQL
What are best practices for securing the admin section of a website?
Admin section for website - security?
securing my admin page that accesses several php files
and a bunch of Google articles regarding SSL
Basically, I'm just having trouble understanding exactly how much security I need with regards to the admin login page and the admin area. The consensus seems to be that I should use SSL, but that seems like overkill to me since this is a brand new website with initially 0 visitors.
In addition, I'm now starting to ask why I even need an admin area. If I'm the only person operating the blog, why couldn't I just manage the content from phpmyadmin? Without an admin area (and without requiring users to register to post comments) I shouldn't need SSL for anything. There wouldn't be any sharing of sensitive information. Wouldn't it make my life easier not to even have an admin section in this case?
So to clarify, I'm just trying to understand what the appropriate level of security protections would be for a brand new website with a single admin operating the website and if this website has an admin login page and an admin login area. Obviously I'll take measures to protect against SQL injections and brute force attacks, but what would be an appropriate measure to protect sensitive data such as an admin password? Thanks in advance for the help!
