I was watching an online PHP security course and found a couple of things I can implement – not that I've had any issues. You can't be too careful.
I've made one change already with a few more lined up.
I get a lot of bots trying to log in (I have that covered) but there are an increasing number of attempts to find MySQL query issues with all sorts of strings being tried. There is no evidence that any attempts have succeeded (judging by the error logs) but anything else I can do to make sure it stays that way is time well spent.
