Sometimes you will see that your site has been compromised by hacker. You may have seen that they do it by hacking your wp-admin folder. Your site might be public but you can restrict your wp-admin folder by providing little extra security with a htaccess file. You can limit access to this folder for some IP addresses. Any attempts at accessing any file within this folder will be greeted with a Forbidden error message.
You have to create a .htaccess file in your wp-admin folder and place this code there. Be sure of one thing this is not the .htaccess file of your root folder.
AuthUserFile /dev/null AuthGroupFile /dev/null AuthName "Example Access Control" AuthType Basic
order deny,allow deny from all allow from xx.xx.xx.xx allow from xx.xx.xxx.xx