You can use the "basic authentication" feature built into Apache also. This allows you to set a separate authentication on your admin directory (whatever the name of that directory) at the server level. The basics involve the use of a .htaccess and .htpasswd file in the admin tool directory. What this does is force someone to enter the username and password combination you setup within those files through the popup the browser throws up when someone uses a browser to go to the protected directory. How to specifically do that can easily be found from a number of resources over the Internet. We suggest entering something like "use htaccess to password protect directory" into any search engine and browse the tutorials that appear for instructions on how. You may also check with your host. Many hosting control panels can "password protect" a directory for you through your hosting admin panel.