ip protection is safer then password! no bruteforce attacks and looks nicer? rather then saying password incorrect, you send them to a different area aswell so if someone on the forum members goes to admin.php it just sends them back to index.php etc etc?
Also remember to remove the file while going to update xenForo (in the case of you getting any 403 Forbidden permission error)!
I had totally forgotten that I had the protection in place and was wondering what was wrong for quite a bit a couple of months back, before I figured out the file was in place. So you'll need to remove the file from the directory, and then re-up it after your update is done!
After the files have been uploaded, when it tells you to go to the install directory to finish the upgrade and if the htaccess file is still there it'll give you a 403 permission error. Sorry, maybe I should have made it more clear that I was speaking about the install directory only!
I also have a dynamic IP, thus requiring me to remove it and re-upload the file.