edit Duh! I completely "zoned out" and did not carefully read your subject line. What I suggest below is obviously not what you had in mind, as it does not limit by IP, but is another way to accomplish keeping the Wordpress private. In the workds of Emily Latella, "never mind..".
I have done that,not only with WordPress but with other applications as well.
Under the assumption that "simpler is better", what has worked well for me is simply to install the WordPress in a subdirectory (or subdomain) and protect it via .htaccess (either via the Control Panel, or "manually" using shell commands, etc).
This way, none but those with the user/password combination for the protected directory WordPress lives in can see it at all (or even know that it is WordPress, or whatever, for that matter) but, once allowed to the app, all the WordPress user management functionality is present.
It is "dead easy" and works like a charm for me.