not2easy - 9:03 pm on Jul 4, 2013 (gmt 0)
On sites I manage that do not have WP installed, I use wp-login.php as a ticket to the robot trap. Saves me a lot of trouble.
On sites that do have WP installed, I just block the IP ranges, seldom any visitors from those ranges that I want anyway.
I also make sure I have done everything possible to make my sites a difficult target: Keep everything up to date, be careful of the plugins you choose, always have a complete backup, rename the table prefixes, secure your config file, use passwords that won't be simple to guess and don't ever post under a login username. Make login usernames as difficult as the password and use Nicknames to post with.
If nothing else, this gives you more time to catch and block their attempts.