Protecting the login page

I'm trying to add extra security to my drupal site. I removed the login block, but it can also be accessed 开发者_开发问答through http://mydrupalsite.com/user

It's still needed to allow the admin account in, but is there a way to protect this single page with htaccess or something more robust than what drupal allows out of the box?

How it can it possibly be more robust. If you have a strong password that should be enough. The only extra security you could add that would make sense is brute force protection. But if you have a strong password brute force should be impossible.

I agree with Googletorp that a strong password is the best protection, but you can do more. The restrict_by_ip module says to restrict access to the login page by IP address. The login_security module offers similar functionality and even more. I haven't used either of them, so I can't tell you if they work as advertised.

Is there a way to protect this single page with htaccess?

Yes. You can add an Apache Username and password to any path. It is a little tricky to set up and probably not worth it in this instance as a strong password will do the trick (as noted by others).

Have a look here, for what looks like a good how to.