Simply FTP in to your site and upload an .htaccess file to your wp-admin directory with the following content:
order deny,allow
deny from all
allow from xxx.xxx.xxx.xxx
Just replace the xxx.xxx.xxx.xxx and with your allowed IP addresses. You can always find your IP by typing into google: “What’s my IP”.
If you want multiple IP’s to be authorized, simply add another line, like so:
order deny,allow
deny from all
allow from xxx.xxx.xxx.xxx
allow from xxx.xxx.xxx.xxx
This method of protecting your site will use far less resources that any wordpress plugin because it only fires the webserver and not PHP, thus using far less resources.
It is a very secure method as well.