A simple, light-weight collection of tools to help protect wp-admin, including password strength requirements and brute-force log-in prevention.
Some robots are so dumb they'll continue trying to submit credentials even after the login form is replaced, wasting system resources and clogging up the log-in history table. One way to mitigate this is to use a program like Fail2ban to watch for excessive Apocalypseness and ban the culprits via the firewall. Check your access logs for requests for wp-login.php returning a 403 status code, like:
failregex = ^<HOST> -.*"(GET|POST).*/wp\-login\.php.*\ 403\ .*$