RE: the 404 thing, what I did was this:
there is a page where the admin logs in, once the admin logs in he can gain access to all the other pages. But a user who is not logged in, all he or she would see is a 404 page so it gives the impression that that file does not exist (when in fact it does). The only page they could find would be the login page, but the rest they should not be able to find.
But basicly there is only one admin, on this thing who uses what I made. (altough I have access too incase something goes wrong), Alot of the code snippets on the internet for making passwords harder to break are IMO abit to complex for something that is not really that BIG to worry about security as much, also I have never done anything like encrypting\password securing before, so I am a total noob, who just needs to start at some simple things.
From what I have seen I should do something like this (altough not EXACTLY like this)
$key="d89!0A";
$scthash=md5('$key');
$password="$password.$scthash";
...etc...
or am I going across the wrong lines completely