Now this may be wrong, and if it is, let me know and I'll have another look because I have TBH never needed to use it just learnt it a while ago when I was learning how to set up a web server. But try ~
PHP:
<Directory /path/to/your/directory/form/your/root/directory>
Order Deny,Allow
Deny from all
Allow from 255.10.2.3
</Directory>
Now what this does is block the directory you reference in the directory line to everyone apart from the user with the IP address 255.10.2.3.
Now for this to work you will need a static IP address, not a dynamic IP address. If you are not sure if you have a static IP address the chances are you don't, you will have a dynamic one. In which case this wont work due to the fact that your IP address will be slightly different every time you log off the internet.
Now the way I would do it, is create a log in form that has a user name and password. If the attempt is unsuccessful log the time, if another attempt is made checked the logged time with the current time, if the logged time is less than 30 seconds automatically fail it, this pretty much stops any automated attacks/slows them down considerably, and brute force attacks become a huge long shot due to the added time needed.
Then if both the user name and password are correct, show a input form.
Now if you are the only 1 editing it don't give a description of what it does, that way to a hacker it could be anything, but we have a 24 personalized number, that you can just copy and paste from your email, again if it fails go straight back to the first login form and put a 30second time-delay on it. That way every time there after they have to go back through the first form which is time consuming, the chances of them then cracking the second 1 as it is a 24 character sequence well.......
I would also bring in sha1 encryption on the post variables as well, TBH.
Then if both forms are correct save in a session variable something obscure like $_SESSION['pussy_cat']="my dog says meow"; Then send the user to admin.php.
On the top of admin.php, and any page you want to secure, test to see if $_SESSION['pussy_cat'] equals
my dog says meow if it doesn't redirect the user back to the first login page. That way if they just access the admin page without going through the login form they just get redirected to the login form.
Then on the admin.php page have links to files you want to secure. Have a link to the page that allows you to edit that file. That way the only way the file can be edited is via access to the almost perfect login form. It would take a hell of a long time and a very, very dedicated hacker to get round it.
But what is the file you want to secure and I could advise you further?