I'm currently making a check list of ALL possible security checks I can use for writing my own custom CMS. As far as the control panel/admin panel goes, I've been speculating the following to provide the best security I can (bear in mind, a 100% secure system is a virtual impossibility.)
Here's what I thought of thus far:
.htpasswd (outside of /public_html)
Block access to any files starting with .ht via htaccess
Database based login
Password protect the admin directory
"Sanitize" any user input, run checks, etc.
General consideration, place any config files outside of /public_html/, no sensitive data in .inc.php files
Looks pretty good to me.
The two on there that most people 'forget' about are the recording of errors (specifically auditing ones like failing to login), and the moving of anything unpublished outside of the public_html (or whatever your published directory is).
One thing to note, I don't think .htaccess would have any affect outside of a published directory though. This shouldn't really be a problem, Apache itself has a directive to deny reading on .ht* files, and I believe it is configured by default.
__________________
As of PHP 5.5, the MySQL library has been officially deprecated. It is recommended to move to either MySQLi or PDO libraries for your mysql connectivity. See here for help choosing which interface you prefer: http://php.net/manual/en/mysqlinfo.api.choosing.php
Looks pretty good to me.
The two on there that most people 'forget' about are the recording of errors (specifically auditing ones like failing to login), and the moving of anything unpublished outside of the public_html (or whatever your published directory is).
One thing to note, I don't think .htaccess would have any affect outside of a published directory though. This shouldn't really be a problem, Apache itself has a directive to deny reading on .ht* files, and I believe it is configured by default.
Yeah, that just came to mind about the .htaccess not working outside of the root directory. I could simply just place the .htaccess in the /admin folder since Apache can deny reading files that begin with .ht. Thanks for the advice! Much appreciated.
I have built 2 types of CMS admins before, my first one, was
a user/pass which you would have 3 tries until it blocks your ip
and the 2nd is what I currently use. where you have to enter a passcode (of course using teh random md5) after that, it also needs to be accepted by the main ip (ip address acts as your user, new ip.. have to relog) so it wont allow anyone to actually try to attempt a login, because it has to be approved by an existing ip. I build that on my iphone as well, so if my boss is out of town, he can txt me to approve his new ip..etc works out pretty well so far.
(before the cms, we would just lock the directory to only our office ip, but that restricts too much)
Before you post, read our: 
Best admin panel security for CMS?
