This article describes ways of limiting access to the administrative pages beyond the standard username and password login system.
Configure Apache to block access to all admin pages (only public pages are accessible):
Options -Indexes <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{REQUEST_URI} ^/phplist/admin RewriteCond %{REQUEST_URI} !^/phplist/admin/ui RewriteCond %{REQUEST_URI} !^/phplist/admin/js RewriteCond %{REMOTE_ADDR} !=x.x.x.x RewriteRule ^(.*)$ - [R=403,L] </IfModule>