The best thing you can do to secure your website admin area

Many websites have at least one web interface for managing an aspect of the site.  This is usually accessed by logging in through a "/admin", or similar URL on your website.  If you login correctly, you can manage your site, store, directly through the web. 

I've noticed over the years that many security vulnerabilities in site management software occur in the admin area of the site.  It makes sense, since the scripts there are involved in uploading files, modifying / querying user records, etc.  This is where hackers probe, and if they gain access, they can comprimise your site, and your customer records. 

To combat this, I've started to advise clients to secure their "/admin" areas using an .htaccess file.  HTaccess is handled at the webserver level, so any vulnerabilities in your software will not stop it from working.  It gives you an extra layer of security (yes, an extra time to login), and protects you from any holes discovered in the software you use (if they affect the admin area). 

Of course, to use this method to enhance your security, it's assumed that the /admin area doesn't store any uploaded images, or anything else that is displayed directly on the frontend.  Most scripts do not, but there are some that do.  You can certainly try setting up the authentication, and check to see if your front site is working correctly.  

This added layer of security is well worth the few minutes it takes to set up. 

-Jim