How to secure WordPress's login

Add the below to ~/public_html/.htaccess: (Don’t remove or replace anything in the file, just add the below at the top or bottom, if you are versatile, you are out of luck.)

 <Files "wp-login.php">
    Order deny,allow
    Deny from all
    Allow from server_ip
 </Files>
 <Files "xmlrpc.php">
    Order deny,allow
    Deny from all
    Allow from server_ip
 </Files>

~/public_html/wp-admin/.htaccess:

 order deny,allow
 deny from all
 allow from server_ip

To login, run “ssh user@server -D 9999”, then use a SOCKS proxy, 127.0.0.1, and port 9999. That works in Linux and macOS. Can’t help you if you use Windows.

Can you put more then one filename in the files thing?