i'm creating a simple CMS for myself. There is a register form, i can register as the admin of the cms and then with login form, i can enter into admin area to write a new post or edit or delete posts.
But there is a problem. I typed the link of the admin page into browser from my cellphone to see if i can enter into admin area without login, and i faced with the admin page then!
So how can i fix it? For example in wordpress if i type the link of my friend's admin page in the browser, i can't access there and will face with login form, right?
Now how should i solve this security problem?