looking for a solution on how the admin url should be dealt with in production. Anyone can access /admin and try multiple passwords and hack in? Also, since it uses the same port and ip, it cannot be restricted to certain ips. Any suggestions on how other people deal with this?
I think the best solution would be to have an excellent password for the system admin, ie: anyone can try and guess the password of space administrators on the front end and can do a lot of damage with out visiting the admin console.