FEATURE REQUEST – Custom wp-admin.php naming

Yes, but not enough harder. Security through obscurity doesn’t help as much as it should, since at some point, you have to access the URL, and it can get scraped.

See http://codex.wordpress.org/Hardening_WordPress#Securing_wp-admin for better ways to protect your wp-admin section.

The amount of work that would go into making that doable is not-insignificant, and the number of attacks it would prevent would be so small as to make the effort basically wasted.

http://codex.wordpress.org/Hardening_WordPress#Security_through_obscurity explains what you CAN do that way to make it a bit safer, but if I could find the link, I’d toss you to the one which explains why your theory, while sound, simply doesn’t work in the long run and is wasted effort. It IS a great idea, but it doesn’t consider the fact that most attacks are via bots, who know very well how to scan :/

I’d suggest, instead of putting in that effort, to make sure of the following:

1) My SERVER has good security – That if someone logs in as me, they can only screw up ME and not anyone else on the server.
2) My server has a good firewall.
3) That I’m using good file/folder permissions
4) I have a good password
5) I’m not doing something stupid (like the ONE time my server was hacked, I was on a non-virus protected Windows XP box, and I saw a weird pop-up. I KNEW I should use ssh/sftp but I didn’t. I was an idiot).

For plugins, try things like Login Lockdown and Bad Behavior to stop hack attempts. Also consider these: http://www.wptavern.com/top-5-wordpress-security-tips-you-most-likely-dont-follow

There’s a LOT you can do to make things safer, but moving wp-admin won’t help in the long run, since that’s generally NOT the point of attack anyway.