In my experience you can make the hacker life more difficult by complicating the logic in your code and put some distance between detection of a threat and the action you take about it.
I'll show some example.
I used C# syntax but it can be applied to any language.
Worst scenario.
public bool IsLoggedIn(string userid, string password)
{
}
This is classic and very easy for hackers as they don't have to know what the logic is, they will replace your entire function by
return 1
If you were to return a more complex object it is far harder for the hacker without your source to find out what is going on.
If you put a bit of multi-tasking into it it becomes near impossible.
I don't think there are any tools to do that.