You will probably want to restrict access to Xsight.

In addition, Xsight allows you to restrict who can make changes to your configuration: if a file called ACL is present in the control/site directory, it is assumed to contain a list of IP addresses (one per line) of those workstations which are allowed write access to the site. Simple wildcards such as 192.168.1.* are allowed. If ACL doesn't exist, everyone who can access the web pages will be able make changes. If ACL exists and is empty, *no-one* will be able to make changes. Remember to allow access from localhost if you are making changes on the same computer as xsight is running on. An ACL file can be created in the control/.xsight directory to control who can create and modify sites.

When a new site is created, the file ACL (if it exists) is copied from the xsight directory, and the contents of the Default directory are copied to the new site's www directory, so you could set up a default access policy for new sites eg by creating a default .htaccess file and a default ACL file.