For this tip to work, the .htaccess option needs to be enabled in the Apache configuration!
Most commercial web-hotels have this option activated, but in case you've disabled this option on your own server, then, obviously, the server won't even check whether any .htaccess file is present.
Oh, by the way, I've been using this additional layer of security in several cases. It works, even when my ip-address changes and when I travel the world: I need to use my VPN-account in order to reach the login-page. Otherwise, I'll just get error 403. In other words, for an attacker to even reach the login page, they first need to use the same VPN-service I'm using.
Keep Up with TechRepublic