I am unsure whether my SSL certificate would disallow this, but it doesn't hurt to be extra safe. I have an e-commerce part of my website with PayPal as an API, and I have just a simply form for paying with a credit card. Instead of attaching some random string and authenticate that way or something, I would rather just use the .htaccess and deny all POSTS except from my server. I don't know the proper syntax but is it something like this?

<Limit GET POST>
order deny,allow
deny from all
allow from

I used as an example IP. I assume I would have to use an IP address, or possibly my domain. Also, how do you differentiate files in a non-secure environment and a secure one? I am going to buy an SSL certificate, and I don't necessarily want to put files in a separate folder and secure the folder, can I just make a login script, and the pages proceeding it be accessed securely (HTTPS) only? Same with images. Thanks.