Lockdown only the admin account
If you are running WooCommerc e-commerce, membership site or have som other reason for giving your users access to the admin panel the Clef Two-Factor Authentication WordPress plugin is our recommendation. The Authy Two Factor Authentication is another excellent WordPress plugin. Use one of these plugins to lock down only the accounts with admin rights. Not the user accounts.
Customized access control
If there is only yourself or a few users that need access to your admin panel, then placing a .htaccess file in the /wp-admin/ folder is our choice. This enables you to limit the access by IP address, IP-range or domain names of your choice. You can customize a .htacces file to do pretty much anything. Another advantage is that .htaccess files are fast and easy to disable for a few minutes to work and then re-activating when completed. That can be useful when you need access from a cell phone connection or for some other reason. Another reason is that .htaccess files is not a plugin. The fewer plugins you need, the better.
CloudFlare IP module
Your .htaccess file will only work if you also use the CloudFlare IP module when using CloudFlare. This is because this module is required to show your real IP and not the address re-written by CloudFlare. Follow these instructions
To deactivate .htaccess
sudo mv .htaccess 1htaccess
To re-activate access limitation to WordPress admin panel
sudo mv 1htaccess .htaccess
TIP:
Use TextExpander or a similar app on your PC, mobile and tablet to enable and disable the .htaccess.
Create the .htaccess file
Create a file with the name .htaccess in:
cd /wp-admin
Then create the file
sudo nano .htaccess
Just replace 888.888.888.888 with your IP’s below.
Then cut-and-paste this content into your .htaccess file:
<LIMIT GET>
Require all denied
# Localhost
Require ip 127.0.0.1
Require ip 888.888.888.888
Require ip 888.888.888.888
# Home
Require ip 888.888.888.888
# VPS servers
Require ip 888.888.888.888
# Work
Require ip 888.888.888.888
# Cabin
Require ip 888.888.888.888
# John Smith
Require ip 888.888.888.888
</LIMIT>