I was hacked again today and I thought that my security was infallible. Hacked one time before because I only used four URL parameters, (one of which was a 14 character password) and I think the hacker discovered the URL.
To prevent this and only while updating the site, I hard-code my IP-Address, which must match my $SERVER['REMOTEADDR'] to allow for adding and/or editing records. I thought that this method would have prevented others from logging in? When finished updating I remove the IP=Address.
How can prevent this from re-occurring?
The web-page may may still be live and can be checked here:
If it does not correspond to the partial screen dump then the cache has timed out and the replacement record has kicked in.
Unfortunately it could have not happened at a worse time because I am just about to set off up country for five days and will only have Wifi on my tablet