If you are looking to improve the security of your WordPress website, you might consider restricting access to the wp-login.php login file. A great way to do this is thru the use of an .htaccess file.
Sample code is below. This code should be placed in the .htaccess file of your root directory (assuming your wp-login.php file is in root)
<Files wp-login.php>
order deny,allow
deny from all
allow from xx.xxx.xx.xx
allow from xx.xxx.xx.xxx
</Files>
In code above, replace the “x” values with the actual IP addresses that you wish to allow access to wp-login.php. The code above works on HostGator. If you are having trouble getting this to work, be sure that you keep these statements in all lowercase:
order deny,allow
deny from all
.htaccess files can be quite fickle so trial and error is often required.
Taking this extra step to restrict IP traffic into your WordPress login page is a great way to further reduce the chance of your website being compromised.