for securing you could use mod_security for apache.
But be careful with that, so misconfigured mod_security causes e.g. phpMyAdmin to not work anymore, because it submits built queries via GET which is disallowed in some howtos for mod_security.
Next thing you can do is to disallow stuff like url_fopen wrappers in php.ini, because normally the admin should now if scripts need to get sth. from anywhere in the internet.