Do you know ZIMPLIT?
A really cool, small and fast CMS. You don’t need a database, just PHP on your server.
You can use your own templates and create a nice (mini)website. I used this nice CMS for my private testing website and i detected heavy traffic with “forget-password” demands. My email-box filled up 
Now i present you my solution:
Just add a .htaccess file to your webserver and secure some zimplit files.
for example (.htaccess):
AuthType Basic
AuthName "admin area"
AuthUserFile /absolte/path/.htpasswd
<Files zimplit.php>
require valid-user
</Files>
you can add some more files, like security.php or something else
ZIMPLIT really rocks! Thank you guy’s
Related posts:
While there have been some security upgrades going into 3.0 – and I haven’t wound up with the email problems you had – the zimplet.php file can simply be renamed with an un-guessable, but memorable name to you and that problem is solved. The other workaround is to host all the files called from the zimplit server – but that is both a pain and also defeats their business plan. It’s already bad enough that you don’t want to tell people what software is “proudly operating” your site…
@robert
thanks for your post. but probably you misunderstood my blogpost.
please read again!
zimplit is open source, the developers provide a standalone-version – why not use it?!
and by the way – my zimplit-websites all marked clearly and linked to zimplit.com
so robert, keep cool and enjoy the new year 2011!
martin