It has been discovered that there is no distinction between administrative and end-user interfaces. This increases the likelihood of an end user gaining unauthorized access to administrative functionality.
Administrative interfaces should be distinct from end user interfaces.

Example: separate URLs for end-user and admin sites