See this Bonus Custom Code forum topic for the code and steps to add Login page/wp-admin backend IP address blocking/restricting code > https://forum.ait-pro.com/forums/topic/protect-login-page-from-brute-force-login-attacks/. Important Notes: Blocking/restricting the Login page/WordPress wp-admin backend will prevent other people from registering, logging in and posting on a website. The only time you should restrict/block your Login page/wp-admin backend by IP address is when you are the only person who logs into your website. If you do not have a Static public IP address assigned by your ISP then you will need to change your IP address manually in your Root htaccess file by using FTP or your web host control panel file manager when your IP address is changed by your ISP.
Recommended Instead: Create this custom code below in your themes functions.php file that redirects non-Administrators somewhere else like your website home page.
add_action( 'admin_init', 'redirect_non_admin_users' );
// Redirect authenticated non-admins from /wp-admin to the home page / URI
// This keeps all non-admins out of the /wp-admin area.
function redirect_non_admin_users() {
if ( ! current_user_can( 'manage_options' ) && ! preg_match( '#\/wp-admin\/admin-ajax\.php#', esc_html( $_SERVER['REQUEST_URI'] ) ) ) {
wp_safe_redirect( home_url( '/' ), 302 );
exit;
}
}