diff --git a/admin_manual/installation/harden_server.rst b/admin_manual/installation/harden_server.rst
index a019868c359..cb4e585cb0b 100644
--- a/admin_manual/installation/harden_server.rst
+++ b/admin_manual/installation/harden_server.rst
@@ -177,6 +177,23 @@ information about the TLS settings.
 
 Also ensure that HTTP compression is disabled to mitigate the BREACH attack.
 
+Restrict admin actions to a specific range of IP addresses
+----------------------------------------------------------
+
+Configure ``allowed_admin_ranges`` in ``config.php`` to restrict the admin actions to trusted IP ranges.
+
+This can be achieved with this kind of setting, usually using private IP ranges::
+
+  'allowed_admin_ranges' => [
+    '127.0.0.1/8',
+    '192.168.0.0/16',
+    'fd00::/8',
+  ]
+
+All requests originating from IP addresses outside of these ranges will not be able to execute admin actions.
+
+Administrators connected from untrusted IP addresses will be able to use Nextcloud, but all admin specific actions will be hidden.
+
 Use a dedicated domain for Nextcloud
 ------------------------------------