If you’re the only user that needs administration access to your WordPress site, then this security method may be for you. This security method will make it so that your wp-admin can only be accessed from your cpu. It can also help prevent SQL injections that exploit wp-admin.
First you’ll need to know your IP address or range.
Then add the following code to your htaccess file.
#security
<Files wp-login.php>
order deny,allow
deny from all
allow from YOUR_IP_ADDRESS_OR_IP_RANGE
</Files>
Important: Make sure you have the ability to change your htaccess file outside of wordpress’s admin in case you lock yourself out by mistake. Examples: FTP or your host’s admin panel.