>>I've seen some plugins around there, which are doing a great job for solving this problem.
Any specific ones (preferably free)? I've tried a couple already but each time my friend was able to hack my site via the login.php (and no, he's not an a-hole; I asked him to test my site's security). Drupal has a really nice "official" version specifically for this and I hope the WordPress coders would be able to do the same on a future release. I really like WordPress so I don't want to switch... yet. ;-)