Only from an IP Address can access wp-admin or login.php. Add the following code above of all of anything else in your .htaccess and change your IP Address.

Choose one of this #Normal server use OR #With Cloudflare use either one of this going to fit you. It’s depend on your sever configuration.

If your web server DNS is with Cloudflare choose #With Cloudflare use and ignore the other.

And the same thing  if you choose #Normal server use, ignore Cloudflare use

That’s it all I did.

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$

#Normal server use
RewriteCond %{REMOTE_ADDR} !^12\.345\.67\.890$ #<---- Your IP Address

#With Cloudflare use
RewriteCond %{HTTP:CF-Connecting-IP} !^1.23.456.789$ #<---- Your IP Address

RewriteRule ^(.*)$ - [R=403,L]
</IfModule>

UPDATE: February 11, 2020