hackers can still read htaccess on a shared host, youll need to hard code it into the page itself for maximum protection.

Last time i checked you have to still manually edit htaccess, wasnt that your point.

Anyway to all the normal ppl here this is the way to do it