You can use the BE security, implemented for the admin panel, for the whole BE site or parts of the site
All you need to do is edit the web.config file specifying you want the contents of the root folder to be a secure location path. You can also set different levels of access on subfolders and individual .aspx files based on the users you create in the admin
panel and what roles they have been assigned.
Add the following code below the </system.codedom> to lockdown anything within the root.
<deny users="?" />
This should force all users to the login page unless of course thy are logged in!
Also bear in mind that if you browse some of the other sub-folders with the admin folder e.g. 'Comments' you will find a web.config file explicitly for setting access rights to that particular folder, which is useful, otherwise the root web.config can get