Just looked at an error log for a site that has IP restriction in place for the /wp-admin directory and wp-login.php pages. In one hour there were 28 attempts to access wp-login.php. Errors look like this:
[Wed Apr 23 09:51:39 2014] [error] [client 1.11.11.11] client denied by server configuration: /home/acountX/public_html/wp-login.php
Blocking is easy, you just edit your .htaccess file. Do this via your web host admin control panel or FTP it.
.htaccess in the root directory:
# Deny WordPress login page to all but my IP
<Files wp-login.php>
order deny,allow
deny from all
# whitelist IP addresses
allow from 66.66.6.6
.htaccess in the wp-admin directory:
<Files ~ “\.(php)$”>
order deny,allow
deny from all
# whitelist IP addresses
allow from 66.66.6.6
</Files>
I could probably put the wp-admin directory part in the root domain too, but for reasons I cannot remember, I did not.
If you do not have a static IP it is trickier, but with a bit of searching you can find the IP ranges of your ISP and add those. Works most of the time, sometimes you might get switched to a new IP that is not on the public lists, but easy to update.
Important
If you wish to access from mobile, other offices etc, these IPs will need to be whitelisted too.
For security it is a good idea to restrict as much as possible though. It is the difference between leaving your front door open and asking bad individuals to leave and locking your front door and only giving trusted people a key. Stay safe people!