You can actually do this on the web host without actually any PHP code. Using the same procedure as is recommended to deny access to wp-config.php, you can also deny access to upgrade.php.
All you need to do is create a file named .htaccess in wp-admin and put the following in it:
<files upgrade.php>
order allow,deny
deny from all
</files>
What this does is it tells the web server software do deny access to upgrade.php from everybody. That way if someone tries to access it, the server will return a 403 error instead.
This assumes your web host is running Apache as its web server software. If it is not, their support staff should be able to assist you.