Sometimes securing a site also requires you to lock it down as to who can access the admin area. Here is a modification that can be done to the .htaccess file that will lock down the wp-login.php and also the wp-admin directory to specific IP addresses. Real easy to edit through your cPanel's File Manager.
ErrorDocument 401 /path-to-your-site/index.php?error=404 ErrorDocument 403 /path-to-your-site/index.php?error=404 <IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{REQUEST_URI} ^(.*)?wp-login.php(.*)$ [OR] #if you change the URL with a plugin you should add another [OR] statement for it. RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$ RewriteCond %{REMOTE_ADDR} !^First IP Address$ RewriteCond %{REMOTE_ADDR} !^Second IP Address$ RewriteCond %{REMOTE_ADDR} !^Third IP Address$ RewriteRule ^(.*)$ - [R=403,L] </IfModule>