We had made a form (using php and mysql) which is a content management page for handling events of our company. Whenever there is a new event, an authorized user are able to login to the page to upload jpg and write some wording.
The problem is this form had been injected by hackers several times. Even my friend showed me they are using a software to scan through the page he is able to detect the login username And password.
I heard there is a way to encrypt the username password. Please guide me how to protect the username and password for being expose to the outsider.