For this Multisite I use the Auth Digest service of my Apache web server protecting access on the login and sign in form of WordPress against brute force attacks.
To get it working you need to edit the WordPress .htaccess file, which is stored at the root folder of WordPress (where wp-config.php is also stored).
To manage the users and passwords, with which you can login via htdigest I use an online tool to generate. At this tool you define username and password. The so called Realm is the word at Auth Name. The code, which is generated after you set your credentials, has to be placed at a created httpd-file, which is located at AuthUserFile. For my purposes (Auth Digest authentification with username and password, but get access without username and password by having an ip, which starts with 132.231.) the .htaccess rule looks like:
[AdSense-A]
<Files wp-login.php>
AuthName "Admin"
AuthType Digest
AuthDigestProvider file
AuthUserFile /home/xyz/httpd-pwd-file
Require valid-user
Order deny,allow
Deny from all
Allow from 132.231
Satisfy any
</Files>
At the first 5 lines you define, which user have access and that you need a login credentials to access. Further lines define the access from an ip, which starts with 132.231. and deny all others. Satisfy any is very important to get the rule working on wp-config.php.
More: