On my site I have an CMS. But in order to get to it you must put in a password and username. The username and password are stored in a database and the password is hashed with md5. When a correct password and username is entered it stores a 'ticket' in a session and that is checked by every page in the admin section before any content is transfered. Else your redirected to the login page. Is this secure enough? EDIT: its a php site, that make any difference?