1. Any advice on using .htaccess and robots.txt files 
regarding the .htacess file, that is a very broad question, the .htaccess file is used to configure various aspects of your apache server configuration,
see this page for details on the htaccess file:
see this site for details on the rebots.txt file
www.robotstxt.org/
2. Which is the most secure way of limiting access to the backend. For convenience, the backend has been accessed by a menu selection while on the local testing server. Is it ok to leave the backend menu selection visible and securely password project it or to delete it from the menu and have some other means of accessing the backend. If so, what is best?
the most secure of limiting access to the backend is to not have any links pointing to the backend in your site, instead, have your client bookmark the address of the login page and contain any links in password protected areas of the site.
3. Is it worthwhile limiting the backend access to the clients static ip address?
thats up to you, but if you do this, the client will only be able to access the admin using the one computer.
4. Which is the most secure way to control access to the site database through phpmyadmin?
the host will handle securing the site database, this is not something you have to worry about, not can it be done through PHPMyAdmin
