Smashing Magazine again comes up with a nifty numbered list of steps you can take to protect a WordPress administrator area. All steps are well thought out and there is an active comments section, so checking back may be well worth it:
A number of their steps rely on the most recent version of WordPress. Getting up-to-date is never a bad thing, so it’s well worth doing.
Here’s an excerpt from the article:
This article focuses on defending the administration area of WordPress, meaning all those pages in the wp-admin folder (or http://www.yourblog.com/wp-admin/) that are displayed after a user a verified. We bolded the phrase “after a user is verified” deliberately: it should be explicitly understood that only a simple query stands in the way of an evil hacker and the powerful admin area of your whole blog. The latter is only as strong as the passwords that are generated.
To make an attack more difficult, you should perform the following actions manually. These solutions do not guarantee 100% security, but you can create effective stumbling blocks on a hacker’s way to the administration area.