Your WordPress login page is one of the most important pages on your website. If you don’t have a strong password, hackers can break through your defenses and do your site great harm. Limiting access to the WordPress login page by IP is a very good idea. You could also hide or rename the page to make it harder for people to find it:
Rename wp-login.php: as the name suggests, this plugin lets you change wp-login.php to anything you want. It accomplishes that by intercepting page requests and could reduce brute force attacks.
Custom Login: a simple plugin that allows you to customize your login screen easily. You can obscure your login URL using the Stealth login feature.
Hide My WP: this plugin tries to hide the fact that you are running WordPress. You can hide your admin files, wp-login.php, plugin directory, and change WordPress URLs.
Don’t assume for a second that if you hide your login page or WordPress URLs, your site is going to be completely safe from hack attacks. Keeping your site secure is an ongoing process. You still need to backup your site, harden your server, and do a whole lot more to keep hackers at bay.