I was thinking the best way to secure your admin panel. It was really simple in the end.

Ill update this later to include an array of ips and wildcard ips

Add to top of main.php
Code:
$ip = $_SERVER['REMOTE_ADDR']; //get ip
$allow_ip = "165.45.54.765"; //your allowed ip - 165.45.54.765 is a fake ip for testing

if ($allow_ip != $ip){
//boot them off to the index page
redirect( $config['baseurl'] );
}