Personally I would use a pretty basic splash page that simply provides a login, something similar to the wordpress admin login would suffice, then proceed with possible security techniques such as:
- IP logging | Record the time, date, visit count and IP of all incoming connections to the page, use the IP address as the unique ID in the database meaning the simple PHP logging the IP's will retrieve an error when adding duplicates which you handle by +1 to the existing records visit count. Run a script on cron to remove all 1/2 visit records after 1 month, 3/4 an additional month and so on dependant on what number of visits you deem a threat, ensure that you exclude the IP of your users.
- Login | Use their IP, a Hidden field (CSS), username, password and potentially 3 drop downs containing chars A-Z and numbers 0-9 of which they will be asked to enter selected characters from a set length (often 12) secret answer (no question for the required answer). Often the username and password are asked on step 1 of login, step 2 for the drop downs.
- Using the hidden field (css) to detect bots by ensuring you have duplicate username or password field to validate for blank entry.
- Brute force, Cross site scripting, SQL injection, Cross-site request forgeries (CSRF) | All of these are exceedingly important threats and though the use of careful "escaping" of the data accepting and ensuring that only a reasonable number of attempts are given you should ensure you avoid many of these issues, though other techniques are available.
- The last part really ties into the login and there are a number of ways to proceed in terms of cookies, session variables etc, personally I would use session variables and include a file in the top of every page to check said session variable for every administrative action or click.
Ensuring that sessions expire and are ended correctly to avoid the above threats is also important, and simply redirecting the user to the login page on failure, possibly use. htaccess to redirect all request s to the site to the login and then navigate from there also.
Hope some of that helps, it's pretty much what most web developers or programmers consider when creating logins in its most basic form.