For those WordPress admins who are lucky enough to only access via certain defined IP addresses (IPv4 or IPv6) you can lock down access to the wp-admin and wp-login.php URLs in your Apache configuration with just:

<location /wp-admin/>
    Order deny,allow
    Deny from all
    Allow from 127.0.0.0/255.0.0.0 ::1/128 10.1.2.3/32 1234:5678:90ab:cdef::/64
</location>

<files wp-login.php>
    Order deny,allow
    Deny from all
    Allow from 127.0.0.0/255.0.0.0 ::1/128 10.1.2.3/32 1234:5678:90ab:cdef::/64
</files>

Hopefully that helps someone!