SPECIAL>Works if limited number of people access and have semi-permanent IP allocation.
>Edit system files
Edit the .htaccess files to add a list of IPs can be created that are allowed access, commonly referred to as a ‘whitelist’. This prevents unknown IPs from attempting password guesses.
Add this code to the root folder’s .htaccess:
deny from all
# static IP
allow from xxx.xxx.xxx.xxx
# dynamic IP
allow from xxx.xxx.xxx.0/8
allow from xxx.xxx.0.0/8
Enter actual IPs in place of xxx.xxx.xxx.xxx. If you know your actual IP, stick with static (just be aware that you will need to update it if it changes) or use dynamic if you need to allow a range of IPs.
If you are not sure of your IP address just type “what is my ip” into Google and it will tell you.
Underneath you will see a multitude of websites that will give you your exact IP address with more information.
Alternative approach using plugin
The above solution enables you to specify exactly what IPs have access. There is an alternative approach using a plugin that allows all IPs but blocks those with repeated failed login attempts. See http://protectyourbusinessonline.com/security/protect-login-from-brute-force-attacks/