No need to read the below info. Now, there is a good plugin(with useful options), that does that without editing and hardcoding of .htaccess (which I don’t advise), instead
I STRONGLY RECOMMEND to install and use iThemes Security, also BlackList-er and some other essential plugins – view them here: useful and lightweight plugins list.
You can restrict access to wp-login.php using .htaccess file, but not reccommended, because it is a very manual way..:
order deny,allow Deny from all allow from xx.xxx.xx.xx allow from yy.yyy.yyy.yyy
Where xx.xxx.xx.xx is allowed IP addresses.
BUT REMEMBER, your wp-login.php cant be accessed by users at all (for example, when they want to register – http://www.yoursite.com/wp-login.php?action=register ).