Continuing the discussion from Security of Ghost:
what is the strong protection against SQL injection? is this refer to Bookshelf (ORM used by ghost blog) ?
what is mean by no visitor-facing forms? what if they come to the admin login page?
How to hide (or make it harder to guess where it is located) that admin page part . i.e create unique URL for admin login. For example ghost.org/chamberofsecret
i ask because for wordpress simply add wp-admin or wp-login we will be redirected to login page.