By default, the login page for wordpress is /wp-admin. Can you change the name of this file to something else or does it somehow affect overall functionality of the blog? Also, what other steps can be taken to secure the blog?
add a htpsswd file these are 99% unhackable unless you use a dictionary word you can do it via cpanel by choosing the password protect directories feature also make sure you have correct file permissions, i know one exploit is a file that is created during install left with permissions 666 which alows it to be hacked also make sure to always have the latest version of wp and all the plugins, there have been alot of new sql injection exploits found latley in the plugins