Security question for secret admin site.

I am working on creating a site for an administrator to create/modify/delete users, apply memberships, and a variety of other tasks.

It’s for a single administrator to use.  They will need rights to do it all.

• The Location of the interface and all the accompanying scripts are behind “.htaccess”


• There is no linking or mention of this admin site anywhere.

What type(s) of security should I invoke?
The scripts are already password protected behind .htaccess  --- do I need to do more?