we always try to secure your website using our good experience. we use url rewrite rule using htaccess. double layer security on admin folder. server layer security and script level security. for uploading file, check file typer from server level, password encrypted to encrypted mode to protect from sql injection.