Last year and a half taught us that WordPress security shouldn't be taken lightly by any means. Between 15% and 20% of the planet's high traffic websites are powered by WordPress. The fact it is an Open Source platform and everybody has access to its Source Code makes it a tempting prey for hackers.
Ultimately, secure your wordpress site will also inform you that there's not any htaccess within the directory. You may put a.htaccess record into this directory if you would like, and you can use it to manage usage of this wp-admin directory from Ip Address address or address range. Details of how you can do this are plentiful around the internet.
Use strong passwords - Do what you can to use a strong password, alpha-numeric, with upper and lower case and special characters. Easy to remember passwords are easy to guess!
This is very useful plugin, protecting you against brute-force password-crack strikes. It Extra resources keeps track of the IP address of every failed login attempt. You can configure the plugin to disable login attempts for a selection of IP addresses when a certain number of attempts is reached.
You could get an SSL Encyption Security for your WordPress blogs. The SSL Security makes secure and encrypted communications with your site. You may keep history of communication and the all of the cookies so that all transactions are recorded. Be certain all your blogs get SSL security for protection.
There is. People know they could visit your login form and where they can login and try a different combination of passwords and user accounts outside. So as to prevent this from happening you need to set up Login Lockdown. It's a plugin that only lets users try to login with a password three times. Following that the IP address will be banned from the server for a specific amount of time.