regarding the .htacess file, that is a very broad question, the .htaccess file is used to configure various aspects of your apache server configuration,
see this page for details on the htaccess file:
see this site for details on the rebots.txt file
www.robotstxt.org/
the most secure of limiting access to the backend is to not have any links pointing to the backend in your site, instead, have your client bookmark the address of the login page and contain any links in password protected areas of the site.
thats up to you, but if you do this, the client will only be able to access the admin using the one computer.
the host will handle securing the site database, this is not something you have to worry about, not can it be done through PHPMyAdmin