I use a much less heavy handed approach, and requires no back end magic. Keep in mind I'm on 3.13 so I am not sure this still works.

In Global Settings, find Global Permissions.

You will see permissions such as this:

1. JIRA System Administrators
   Ability to perform all administration functions. There must be at least one group with this permission.
   Note: People with this permission can always log in to JIRA.
2. JIRA Administrators
   Ability to perform most administration functions (excluding Import & Export, SMTP Configuration, etc.).
   Note: People with this permission can always log in to JIRA.
3. JIRA Users
   Ability to login to JIRA. They are a 'user'. Any new users created will automatically join these groups.
   Note: All users need this permission to login to JIRA, even if they have other permissions.

Simply make sure (as a failsafe) that in addition to the "jira-users" group that is likely already there, that an admin group that only you belong to is also there. Then, just remove the "jira-users" group from the JIRA Users permission. Voila, no-one will be able to log in unless they also are a member of an admin group only you belong to. When you're done, add the "jira-users" group back in.

What's really nice about this approach is (as I recall), the banner indicating the system is down can be displayed so when they fail to log in they know why.

Of course, I don't know how this works with LDAP.

Shut everyone off by changing the url ;) If you use Apache or IIS, turn it off. If you connect to direct url, change the port! Then you only knows the correct url and will be able to access it.

Ha! Didn't even think of that -- changing the port number. Good call guys, thanks!

To backup Jobin's answer, I would follow one of the directions which meets your needs under how to do a consistent full backup.

https://confluence.atlassian.com/display/JIRA/Preventing+users+from+accessing+JIRA+during+backups