Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.
hello everyone, i have a question. if for example I have routes for user.login and admin.login, what should I do to actually secure this admin login route. I mean maybe I have to make several authentication steps before I can enter the admin.login route. because of course this route will be completely secured. because if not then the user can freely try several authentications to enter the admin.login route. So the conclusion / point is that on big websites, do they also have a route like admin.login or something like that, and if so, what do they usually maintain security with?. or they only use one login route, and later to determine the status setting will use the role_id?. but if so, is it really safe? if one day there may be someone or a hacker who can find out the account from the admin.maybe it would be nice, if they want to login as admin. they must first confirm their status with email notification or something like that.
Thank you so much for all
if they want to login as admin. they must first confirm their status with email notification or something like that.
You can setup 2FA for this. But that may annoy an admin, I think a strong password is better. You could have them change password say every 90 days. Just suggestions.
Please or to participate in this conversation.