No panel is the safest panel.
If you don’t need it online, don’t upload it.
Personal opinion of course 
I protected the panel with an extra captcha, a htpasswd, and a secret token…
When you enter http://mysite/panel nothing happens - but when you enter http://mysite/panel?id=#@49A2sq_0!1 the htpasswd and captcha are shown.
The sites are not for myself, but clients who wants to log in / -out several times a day and don’t have access to dropbox or VPN solutions.
Of course it’s easy to say this is non-sense and obscurity through security, but I have to deal with reality;
Clients don’t want complex solutions - but a panel with a private URI and the ability to access their contents from every device and every place in the world - we are not living in a perfect coded-sandbox, but in every-days society.
…I told clients several times the panel is protected for brute-force - but most of them insist of a captcha / extra layer of password, etc…
1 Like
The panel is definitely quite safe on its own. The benefit of not being so popular as other bigger CMS is also less people with the wrong intentions trying to find holes in the security. No matter how hard you try to protect it though, there’ll always be someone capable of getting in.
In a realistic world, that’s very unlikely to happen. If it is so critical to the client, I’d suggest hosting the panel on a separate server and deploying the content to the production server automatically.
2 Likes
I know its 99% safe (well, nothing is 100% safe) - but I do have http://clientsfromhell.net/
They want safety, no wordpress, no hackers, no virusses, no wordpress, wordpress is bad, we don’t want wordpress, give us safety, etc…
So the oneliner it's 100% safe is not enough… they want captcha, extra login layers, etc…
It doesn’t make sense from a safety point of view, but marketing wise is another story.
Well, I think it’s your responsibility as web developer to educate your clients about security.
Perceived security and actual security are two very different things. And as @Thiousi wrote, not having a Panel on the production server is way more secure than any combination of captchas, extra layers of authentication etc. As I wrote in another topic before, those types of authentication might actually reduce the security in case they have their own flaws.
Kirby and the Panel are carefully developed and we try our best to avoid security issues and major bugs, so I think it’s probably fine. But if you need a higher security level, either do what @Thiousi and I wrote or write your own CMS (make sure to hire a security professional to read through your code though).
3 Likes
Also, from a usability point of view, adding a captcha and a htpasswd is horror, I think.
1 Like