Append the following all and deny all NGINX config directives in server context:
location ~ ^/(wp-admin|wp-login.php) {
allow 1.2.3.4;
deny all;
}If your blog located in /blog/ sub-directory, try:
location ~ ^/blog/(wp-admin|wp-login.php) {
allow 1.2.3.4;
deny all;
}Reference: https://www.cyberciti.biz/faq/nginx-block-url-access-all-except-one-ip-address/