@GrahamS You are right. That’s what I have mentioned in the article.
Blocking all IPs accept one i.e., admin’s is possible if the admin has a static IP. Most WordPress users don’t have that therefore I have mentioned many other ways of blocking attacks.