fix hacked wordpress database will also tell you that there's no htaccess from the wp-admin/ directory. You can put a.htaccess file within this directory if you desire, and you can use it to control access by IP address to the directory or address range. Details of how to do that are easily available on the net.
After spending a few days and hitting a few spots around town, I finally find a cafe which offers free, unsecured Wi-Fi and to my pleasure, there are tons of people sitting around each day connecting their laptops to the"free" Internet services. I use my handy dandy cracker tool that is Wi-Fi and sit down and my response log myself. Bear in mind, they are all on a network.
For me it's a WordPress plugin. They're drop dead simple to install, have all the functions you need for a job like this, and are relatively cheap, especially when compared to having to hire someone to have this done for you.
If you aren't running the latest version of WordPress, upgrade. Like keeping your door unlocked when you leave for vacation, leaving your site in an old version is.
There is another problem you have with WordPress. People know they also could visit your login form and where they can login and try a blog different combination of user accounts and passwords out. In order to stop this from happening you want to install Login Lockdown. It is a plugin that only lets users attempt and login with a wrong password three times. Following that the IP address will be banned from the server for a certain timeframe.