One of the easiest and quickest way to protect your WordPress admin is to use an .htaccess file to restrict access to a certain IP. To do this use the following code:
In your /wp-admin folder, add an .htaccess file with the following in it:
Obviously, replace xx.xx.xx.xx with your current IP address.
The <Files admin-ajax.php> block allows access to the WP ajax hooks that are contained within the wp-admin folder. This rule allows access to this file.
To do the same to the wp-login.php file (which is the gateway to wp-admin), use the following code in the .htaccess file in the root of your site: