Removing the Admin and Backing Up

Nano CMS has an unusual security model: the admin is not meant to stay on the server.

Publish, then remove

When you've finished writing, delete the /blog/admin/ folder over SFTP. The public blog keeps running perfectly - it never needed the admin to serve pages. With no admin endpoint present, there's simply nothing for an attacker to probe, brute-force, or exploit between editing sessions.

When you want to publish again, re-upload the admin folder, do your work, and remove it once more.

While the admin is up

It isn't defenceless either: HTTPS is enforced, every form is CSRF-protected, the password is bcrypt-hashed, and logins are rate-limited.

Backups are trivial

Because the whole CMS is files on disk, a backup is one line of rsync:

rsync -az you@yoursite.com:/blog/posts/ /backups/blog/posts/

Add media/ and the outside-webroot config.json and you've captured the entire site state. No database dumps, no migrations.