Restricting admin functionality to local only (recommended)
1. Modify the following section of the web.config file located in the siteroot/admin folder. This restricts access to the admin folder to certain IP addresses or the local host.
<ipSecurity allowUnlisted="false"><!-- this line blocks everybody, except those listed below -->
<clear/><!-- removes all upstream restrictions -->
<add domainName="localhost" allowed="true"/>
<!--<add ipAddress="83.116.19.53" allowed="true"/>--> <!--This allows a specific IP-->
</ipSecurity>