You must protect the admin interface with either a .htaccess file or an auto_ops() function.

See how here