Please put the admin.php in a directory that can be htaccess protected.. Really surprised that it is not.
im only familiar with doing that to a folder.Is there a reason to move it to it's own folder? You can very well apply an extra layer of authentication (.htaccess/.htpasswd) to admin.php even if it's not in a separate directory.
http://xenforo.com/community/threads/moving-admin-php-to-its-own-folder-want-to-htaccess-for-added-protection.9341/#post-128079Please post details on how to do it with htaccess to a file.
And than we haven't spoken about how easy .htaccess is hackable...Adding auth doesn't make any sense to me. Two weak passwords are not better than one strong password, and two strong passwords are redundant and unnecessary.