Honestly, I think it's best to turn off the back-end password protection feature. Instead of that, you can either use Admin Tools Professional or jSecure for a back-end secret key. What this means is that, let's say, you define a secret word of "foo". Accessing the site's administrator as http://www.example.com/administrator will get you back to the site's front-end. Accessing it as http://www.example.com/administrator?foo will allow you to see the back-end login page.
The other alternative is, indeed, using a different form maker. I don't have any first-hand experience with them, but I am told that
redFORM is very good, whereas some other people swear by
RSForm Pro. I have used neither myself, but knowing the two companies behind them I would be surprised if they used the insecure practice of referencing back-end files from the front-end.
Nicholas K. Dionysopoulos
Lead Developer and Director
π¬π·Greek: native π¬π§English: excellent π«π·French: basic β’ π My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!