If you have Securi plugin in your wordpress install you will prob notice random bursts of failed login attempts. Then youll prob try all sorts of plugins, wordfence, IQ block country etc and the spammers keep coming so you have to get serious.
1. In your root folder .htaccess file place
<Files wp-login.php>
order deny,allow
Deny from all
# whitelist
# client work
allow from xxx.xxx.xxx.xxx
# client home
allow from xxx.xxx.xxx.xx
# techy
allow from xx.xxx.xxx.xxx
</Files>
2. In the wp-admin folder .htaccess file place
AuthUserFile /dev/null AuthGroupFile /dev/null AuthName "WordPress Admin Access Control" AuthType Basic <LIMIT GET> order deny,allow deny from all # whitelist # client work allow from xxx.xxx.xxx.xxx # client home allow from xxx.xxx.xxx.xx # techy allow from xx.xxx.xxx.xxx </LIMIT>