One of the first rules regarding internet security I was ever taught was this:
Second only to "Never trust user input" in importance, this rule is an absolutely crucial one. The basic meaning of it is: the less opportunities a malicious user has to attack your system, the less likely they will be able to harm you. Common sense, really - if you only have one door into your house, it certainly makes the chance of you being robbbed a lot less likely.
So I was considering this recently, and a thought occurred to me: Why do we in the web business feel the need to make every system publicly accessible via the internet? For the shopping carts, advertisements, blogs and other sites of a public nature, the answer to this is dead simple: because they have to be to generate any business. There is no option.
But for the orders tracking systems, customer-relationship-management software, accounting systems and even for the content-management systems that administer publicly accessible website - there is quite often no need to have it at an address such as www.yourdomain.com/admin
Often it is useful to do so, as you gain access to your site from anywhere you have access to the net, but when you do not need that sort of access it is nothing but a security risk. If you only ever administer your blog from your home computer, or track your orders from your work network then there is a great solution: setup a local web server like WAMP5 and run your administration panel on that. While this example is specific to a mysql & php system, the principle is the same regardless of platform.
Doing so will effectively reduce your exposure to zero. Admittedly there are always going to be risks, and there is the disadvantage of reducing the number of points the system can be accessed from but take a moment to consider the sort of information you are managing, and ask yourself: is it worth it?