Also, as for wordpress, if I get the login for the admin panel, I don't get access to the DB. If the DB is vulnerable to sql injection, I can create a new admin user and password and give me access to the admin panel. I don't think the admin panel of wordpress gives me access to the DB though. It does give me access to any plugin etc to the site. So at most, I could alter those.
But, if I can use sql injection on the DB, I can dump the whole DB. I also use a program called Acunetix Web Vulnerbility scanner to scan any website. It scans for 1000's of vulnerablities on the website and tells you how sevre they are. Its a paid program that is well worth the money if you are into network security. 9 times out of 10, you don't need to know much about hacking to get into a site if you use this program on a wordpress site. Some of the built in features that user use, can cause their sites to get hack without a password or sql injection. I found one site did a complete back up, include SQL DB and was accessable from the web browser. All a user had to know was where the back up program would store the back up files.
Inside of it, it gave me the SQL user and password. All I had to do with use a program to run the SQL and create myself an admin user account. Or I could have used that info to download the latest DB info, and then created a clone version on the site on another server.
Remember, people are so gung ho about SEO, that I could have set up some SEO stuff and everyone who be directed to the site and they would think it was the real one. Or you can go one step further and see if you can hack the DNS server and redirect the domain to the newly created site.
So, does it really matter if PHPmyadmin has a login/logout? No, it doesn't change anything in the scope of security. What matters the most, is the server admin keeps the server up to date, patches installed, watches Oday sites. Then the website owner has to monitor his own files and check for updates, secuirty issues and make sure he logs in and out properly every time.
When I had my Dev site, I had people checking the code for bugs, and security issues and repairing them. What may be ok today, may not be tomorrow. I have even given some hackers my site addy and told them to hack it. This way I knew what to fix. Seeing it was my own code, no one other then me was doing the patching. And my skill level for hacking is not even worth mentioning as its very very low. So I don't know all the tricks or tools that a hacker would use, thus the reason I use the vulnerablity scanner to help me with security risk. It will also tell you that some may be false positives, but still worth checking into just the same.
I can tell you there is not enough time in a day to keep up. Your head will explode before you even get into 1/4 of the stuff that is out there.
I know this is long winded, but its why I hardly use other peoples programs any more. They can't be trusted, they get lazy, sloppy with their code and no one double checks their work anymore.