Create a secure admin-only section for a php website

Question

I have created a website and I want to create a control panel for it. Apart from the obvious login for the admin, could you please name a few common practices to make this part of the website more secure? I mean the techniques that are used different in these kind of pages from those in the normal (user) pages.

Answer 1

You want to focus on keeping your credentials safe:

• Use htmlspecialchars() on anything sent to your server to prevent XSS.
• Use cryptogrpahic functions like SHA1() + Salt for your user passwords.
• Use Anti-CSRF Token's.
• Use Paramaterized Queries or Prepared Statements for database calls.
• HTTPS never hurts.