site get login attempts after htaccess ip restriction

I’m using a security plugin that keep sending me emails:

“A lockdown event has occurred due to too many failed login attempts or invalid username:
Username: Admin
IP Address: 195.154.243.31

IP Range: 195.154.243.*

Log into your site’s WordPress administration panel to see the duration of the lockout or to unlock the user.”

I tried to block the access to wp-admin folder and create htaccess file with this code:

order deny,allow
deny from all
allow from <my ip>

also in the root htaccess i added :

<Files ~ "(wp-login.php|wp-signup.php)">
      Order Deny,Allow
      Deny from all
      Allow from <my ip>
</Files>

how does the attacker/bot try to login?

@birgire has a right answer

And they can use WPScan for example, with a brute force attack on wp-login.php

I recommand to rename your login page, you can do it manually or with a plugin.