I know I could put a separate .htaccess inside that folder (wp-admin), however, I'm wondering if I could do this with a rule in the main .htaccess file of the site.
And also do this for other folders also in one directive. (wp-includes, wp-content)
For instance, if I wanted to block access to the wp-admin folder on a WP site, one thing I found was this, but not sure if it's correct:
<Files wp-admin$>
Order Deny,Allow
Deny from All
Allow From 47.255.0.0/16
</Files>
z
With Files
directive you can only match specific files not folders. You need to use mod-rewrite
for this
RewriteEngine On
#If not Allowed IP address
RewriteCond %{REMOTE_ADDR} !^47\.255\.0\.0/16$
#folders
RewriteCond %{REQUEST_URI} (wp-admin|wp-includes|wp-content) [NC]
#deny access
RewriteRule ^ - [F,L]