If for yourself - make a self-signed certificate, import it into your browser, and in the settings of your web server, require it when connecting.

I'll tell you a secret: through .htaccess you can write octets and subnets!
You can write (the dot at the end is MANDATORY!): xxx.xxx.xxx.
or xxx.xxx.xxx.0/24 etc.
And thus allow access only for your subnet.
And the question is: how do "enterprising citizens" know the link to your admin panel?)

There is a self-written PU in PHP, which is essentially used on one PC.

Just rename the admin folder or the admin.php file itself to admin558xYttwz.php

The certificate for authentication is already necessary to dig into the IPsec area, and this is a very difficult technology. In your case, you can move the admin panel to a separate non-standard hostname and non-standard port. You can restrict access with a firewall, but not for one IP, but for the entire network of your provider, if you are sure that you will climb into this admin panel only from home.
If you are sure that the admin panel is 100%, and they can break even without knowing the password - raise the VPN to the server with the site and the admin panel is made available only through the VPN.

Do you mean certificate authentication? Issue yourself a certificate for the server, a certificate for the client, and require a certificate from your CA when connecting. A client certificate request is issued prior to any exchange, during the establishment of a secure connection. All bruter-injectors will fall off like dead cockroaches :)

Block by IP, write to the IP database of each visitor, if he visits often, let's say three times a minute, then we block.