I've seen many articles on using .htaccess to secure wp-admin. While this seems to be a good idea, it doesn't seem to be a good solution if you want users to register in order to post comments. When the users go to register they would eventually get a password dialog box in addition to the original which would be really annoying for commenters(please correct me if I'm wrong here, but that seems to be my findings in testing).
My question is, is it really necessary to protect wp-admin with .htaccess? Especially if your permissions are correct, you've deleted the install and upgrade files in wp-admin, and you have a good robots.txt? I'm not trying to knock anyone who has used .htaccess, however, I'm just trying to be as secure as possible without breaking my overall functionality any.
If I don't force users to register for comments then I am susceptible to SPAM. Can anyone share their experiences in this matter? It would be much appreciated. Thanks!