This will work for Magento 1 and 2.
In your .htaccess file under "RewriteEngine on" Add the following lines
CODE
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/(index.php/)?your_admin_path(.*) [NC]
RewriteCond %{REMOTE_ADDR} !^xxx\.xxx\.xxx\.xxx
RewriteRule .* - [F,L]
Replace your_admin_path with you hidden admin url and xxx\.xxx\.xxx\.xxx with your IP address. If you are not sure what you IP address simply enter "what is my IP address" in any google search box. Of course this only really works well when you have a static IP address or a VPN with a static IP address.
You can add as many RewriteCond lines as you need.