You only need to make those pages with data you wish to protect SSL enabled, not the entire site.

Make sure that there’s adequate protection on the database holding the information. Web hosts do a good job of this in most cases, but if you’re hosting your own web server and the database lives on that, apply all security patches keep it maintained properly for security.

The CMS will need to access the database in the background, so make sure you create a specific user account with a difficult password for that access. Do ont use a regular user account (even your own) for this purpose.

You can add an additional level of protection to your sensitive data by encrypting it in the database table itself. Most database products (MySQL, Oracle) have built-in functions that can encrypt data as it inserts it in the table, and can reverse it when you need to access it. You can leave the user’s name unencrypted, but encrypt the password and email address.

One other thing: set and enforce lengths on user names and passwords. Longer passwords == more security for the user. And make sure you verify all data coming in on login or other data entry forms before it gets used or inserted into the database tables. if you’re using a language like PHP, there are many functions available for testing strings for unwanted characters.