Reference/Source: http://forum.ait-pro.com/forums/topic/protect-login-page-from-brute-force-login-attacks/
How to add/use this Brute Force Login Protection Code on your website
If you have BPS or BPS Pro installed this custom .htaccess code goes in this Custom Code text box: . After adding this custom code click the Save Root Custom Code button, go to the Security Modes page, click the Create secure.htaccess File AutoMagic button and activate Root Folder BulletProof Mode again.
To reverse the process (remove/delete the code from your root .htaccess file) you would delete the code from the text box, click the Save Root Custom Code button, go to the Security Modes page, click the Create secure.htaccess File AutoMagic button and activate Root Folder BulletProof Mode again.
# Protect wp-login.php from Brute Force Login Attacks based on IP Address <FilesMatch "^(wp-login\.php)"> Order Allow,Deny # Add your website domain name Allow from example.com # Add your website/Server IP Address Allow from 69.200.95.1 # Add your Public IP Address using 2 or 3 octets so that if/when # your IP address changes it will still be in your subnet range. If you # have a static IP address then use all 4 octets. # Examples: 2 octets: 65.100. 3 octets: 65.100.50. 4 octets: 65.100.50.1 Allow from 65.100.50. </FilesMatch>