One common method, which is advocated by Two Scoops of Django, is to change your admin url. Thus, rather than logging into your admin at www.example.com/admin/
, you would log in at www.example.com/supers3cret4dm1n/
or something that you've set. This is likely what Instagram has done in your example.
Example code:
urlpatterns = patterns(''
...
url(r'^supers3cret4dm1n/', include(admin.site.urls)), # Change the pattern to whatever you want here
...
)
Note that this doesn't make it accessible from only one IP address, but it does effectively 'hide' your admin login page.
Another tip is to use the django-admin-honeypot
package. This sets up a fake admin page at www.example.com/admin
while having your real admin page at another site that you've set. Then, django-admin-honeypot will alert you if anyone tries to hack your admin at the fake admin site.
EDIT:
If you're dead-set on restricting by IP address, here's a SO question and answer showing how to do it with nginx. I imagine it'd be similar with others.