repair hacked wordpress site will inform you that there's not any htaccess inside the directory. You may place a.htaccess record into this directory if you would like, and you can use it to handle the wp-admin directory from Ip Address address or address range. Details of how you can do that are plentiful around the net.
The more powerful approach, and the one I recommend, is to use one of the password generation and storage plugins available on your browser. Lots of people like RoboForm, but I believe after a free trial period, you have to pay for it. I use the free version of Lastpass, and I recommend it for those of go to website you who use Firefox or Internet Explorer. That will generate secure passwords for you; you use one master password to log in.
This is quite handy plugin, protecting you against brute-force strikes that are password-crack. It keeps track of the IP address of every useful reference failed login attempt. You can configure the plugin to disable login attempts for a range of IP addresses when a certain number of failed attempts is reached.
Pathological-looking phrases that were whitelists and black based on which field they look inside. (unknown/numeric parameters vs. known post bodies, remark bodies, etc.).
Do your homework and some searching, but if you are pressed for time and need to get this try the WordPress security plugin that I use. It is a relief to helpful hints know that my site (and business!) are secure.