I think what you are looking for is a CMS (content management system). This will allow you to add a backend admin system to do simple CRUD (Create, Read, Update, Delete) operations for content. Determining your friend's needs, your skill level, and how much time you want to spend on it, you can use some of the more known CMS's like Wordpress or Ghost. If you need something simple I would suggest a flat-file CMS that way you don't have to set up a database and all the data are in files on the server itself. Most modern flat-file cms or site generators are pretty secure.
Pagekit (probably the most similar to WordPress)
Site Cake (Drag and drop edit your HTML or PHP website.)
Hopefully this helps.
Thanks for such an in-depth reply! Definitely a CMS that I'm after by the sounds of things. I'll look into it more, thanks!
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.