In my WordPress admin I saw that Sergej Müller and Alex Frison had written an article about protecting WordPress admin area in which they linked to my htpasswd generator. I have only skimmed through the article, but they give some good suggestions on how to protect your WordPress admin from unwanted intruders such as hackers. My own simple approach is to only allow known IPs to access the wp-admin directory. Here is how I do it with .htaccess:
Order Deny,Allow Deny from all allow from 220.127.116.11
Just change “18.104.22.168” to your IP. You can find your IP on my browser check page, just look for “Remote Address”. You can ofcourse add another “allow line” to above code, if you want to use the WordPress admin from multiple computers.