Edit .htaccess in your wordpress directory, and add the following to the end, replacing:
<Files wp-login.php>
order deny,allow
deny from all
allow from YOUR IP OR NETWORK HERE/24
allow from SOME OTHER IP HERE
</Files>
<Files xmlrpc.php>
Order Deny,Allow
Deny from all
</Files>