My question is, it's 2017 why are you still using IPB > 4.x?
4.x has fewer vulnerabilities than any past version even if it's 'nulled' or 'cracked'
Also if you want to make it even more secure than you allow only certain IPs access to the admincp.
or
If you really wanted to you could just use custom cookies and have an .htaccess check based on the value, if it's the correct value then allow access otherwise redirect the person to the index of the forums.