Solution:1

You can lock down the wp-admin page with htaccess deny all and hen setting an allowed ip.

order deny,allow
deny from all
allow from 127.0.0.1

You can also set a htpasswd file with allowed logins and password protect the page. I would also make sure your username in wp-admin is not something easy like ‘admin’ or ‘editor’.

<IfModule mod_auth.c>
 AuthUserFile /home/path/.htpasswd
 AuthName "Username and password required"
 AuthType Basic
 <Limit GET POST>
  Require valid-user
 </Limit>
</IfModule>

Furthermore i would highly recommend wordfence as a good plugin for protection from hacks etc.

Solution:2

Restricting access to wp-admin directory

Apache 2.4+

Add this snippet to your .htaccess file, created in wp-admin directory:

<RequireAny>
    Require ip 64.176.174.0/255.255.255.0
    Require ip 64.176.176.0/255.255.255.0
</RequireAny>

and add as many IP Address/Subnet Mask pairs, as you wish, regarding the client IP address you would like to have access to admin area. I have added two samples above.

Apache 2.4-

Add this snippet to your .htaccess file, created in wp-admin directory:

<Directory>
    Order Deny,Allow
    Deny from all
    Allow from 64.176.174.0/255.255.255.0
</Directory>

Restricting access to wp-login.php path

Add this snippet to you current theme’s functions.php file:

function my_checkRole(){
    if( !( current_user_can( 'administrator' ) ) && !( defined('DOING_AJAX') && DOING_AJAX ) ){
        wp_redirect( site_url( 'restrict_user' ) );
        exit;
    }
}

add_action( 'admin_init', 'my_checkRole' );

Changing the wp-admin path

It is possible to change it, but why do you think that has any value at all? You cannot hide anything from a Bot – that is just not possible to do.

Hackers use automated Bot programs to find whatever they want to find.

A good approach is Action Approach: