There are many ways to claim a protected (secured) website.
Webmasters should always be aware of the vulnrabilities that hackers use to attack your site.
The principle is to think in a way an hacker thinks and make your site safer while building it.
Assume that an hacker already got all the credentials he needs and just ask yourself what can i do in order to "make his life harder". Just limit access in every way you can.
There are many type of attacks you should be aware of, some of them are:
* XSS injections.
* Cross site request forgery (CSRF) attacks.
* SQL injections.
* Denial of service attacks.
Sorry, but you need at least 25 posts and 5 hours online time to unlock hidden content.