I have a admin page that is marked with the Restricted area code of Ultradev. The usernames and passwords are saved in the database that is saved below the root folder on the server. Is this enough protection for people who want to get the passwords to enter the admin page ? Or are there better ways to secure your passwords and admin pages like .htacces ?