I recently placed a .htaccess file inside the root of the "Includes" folder. This allows me to block EVERYONE, and the system works as usual.
Here is the content of my .htaccess:
#Nobody gets in here!
deny from all
That's it.
I tried this on the admin panel, but it didn't allow me to use the same procedure. Using the "deny from all" in the .htaccess file gives me a "403 No Permission" message.