Only one of them felt like something I actually want to open every day ...
CSRF protection on all forms Rate limiting for login attempts Input validation and sanitization Secure password hashing No default credentials ...