I like to use a .htaccess file to secure my WordPress wp-admin folder since it is here you have the most vital files that controls and run the admin part of your blog. The code below is that I use. Just make a empty .htaccess file, copy and paste the code snippet in, change the IP-address to your own and save the file and upload it to the root folder of the wp-admin. It is best if you have a static IP-address.
AuthName "Access only for Webmaster" AuthType Basic <Limit GET POST> order deny,allow deny from all allow from 123.456.78.9 </Limit>
I like to place the root folder of the WordPress installation like this so I can have a extra layer so to speak.
This makes it possible to slip a .htaccess file in between like this:
I use this way to block the website on the Internet until it is ready for publishing to the word.