After having Wordpress hacked once 5 years ago, we serve 403 forbidden for all requests to admin login page not coming from our IP subset.
If you have s static or sticky IP range, this may greatly reduce hacking risks.
1:45 pm on Sep 4, 2013 (gmt 0)
We deny all except our own IPs or IP blocks for our local service providers (so our faculty and staff can work from home). I keep researching and tweaking the installs to make them tighter and stronger.
1:56 pm on Sep 4, 2013 (gmt 0)
Password protect the administrator directory using .htaccess You can do this in Joomla, I don't think you can in Wordpress.
1:12 pm on Sep 9, 2013 (gmt 0)
There is at least one extension that allows you to modify the back end url..
The one I use allows you to set it up so that the admin url is
www.mysite.com/administrator/index.php?yoursecretword instead of www.mysite.com/administrator
If you don't put the parameter in it will simply return you to the homepage
That has an added benefit in that the script kiddies will usually not keep attacking and sucking your resources if they can't get to the login page.