I'm not sure what you mean by a "secret" back-door login method. I mean, if you can't see the login box, how are you supposed to log in...?

If you have a fixed IP address (through your cable-Internet provider, for instance), then you may be able to restrict access to only your IP. But this could become a problem in the future if, say, your ISP changes your IP, or if it's bought out and the new owner doesn't continue to offer fixed IP's (which just happened to me), or if you're out of town and need to check into your account (since your brother-in-law's laptop won't have the same IP at the local wi-fi hotspot), etc, etc.

I could be wrong, of course....

Eliz.

In addition to being an invitation, this is also an insecure channel (unless you configure SSL and permit access to that directory only through SSL.) The data is not encrypted, and could potentially be sniffed mid-stream, revealing your passwords, etc.

If you are running a VPS, you can use iptables to restrict the source address. Caveats apply as suggested above. (What if you are away from home, etc.)

Another possibility is to tunnel through SSH. (Again, probably only possible if you run a VPS.) This would adhere to the theory of "put all your eggs in one basket, then watch that basket!". Why expose two different protocols with two different sets of vulnerabilities? I think it's also useful to move SSH off of port 22 - doing so will eliminate 90+% of your SSH probes.

Restrict the directory to 127.0.0.1 (localhost). Tunneling through SSH, you will appear to be coming from 127.0.0.1.

While you're at it, think about tunneling MySQL, SNMP, and even installing Samba and tunneling it. (Of course, these should all be restricted to 127.0.0.1). Samba opens up some intriguing possibilities - for example, mapping your site's home directory to a Windows drive letter.