Recently I have been contemplating the most secure way to setup an admin area on a website. The two options that I was toying with are,
- Create the admin area as part of the main site, require them to register first using their email address as their username, and set them up with an admin level.
- Create a completely separate admin area from the website in which users would not have to register with, but instead would be setup by another admin.