2
If you just hide the login block, in most cases this will do just fine. You could rename the user,php file to something else, but I wold recommend that because certain things in the code are redirected to that page, like when an incorrect uername or password is entered.
If you are fine with hidng the block, and manually typing yourdaom/user.php, most times this will do. Most if not all visitors to your site will not know of it's existance, and this allows you as the webmaster to login when needed by typing the url yourself.